Forum Discussion
Suspected Golden Ticket usage (nonexistent account) from Mac Machines ( monterey beta)
recently we started seeing "Suspected Golden Ticket usage (nonexistent account)" alerts from Mac machines which running on monterey beta version.
Based on our investigation this getting triggered when user tries to authenticate using enterprise connect on monterey OS. username SOMEDOMAIN.COM\WELLKNOWN/ANONYMOUS@SOMEDOMAIN.COM
Anyone else experiencing this.?
2 Replies
- We are seeing this in our environment as well. Trying to get guidance from Microsoft on the proper course of action. This WELLKNOWN principal appears to be used for Anonymous PKINIT according to the K5 Wiki (https://k5wiki.kerberos.org/wiki/Anonymous_kerberos)
- Hi,
We are also seeing the same.
