###### FROM THE WINDOWS EVENT LOG GENERAL TAB
The description for Event ID 4769 from source Microsoft-Windows-Security-Auditing cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

usernam1p@SUB.DOMAIN.COM
SUB.DOMAIN.COM
H123ABCDE8D1$
S-1-5-21-1299999921-444445543-839222333-111111
0x40810000
0x12
::ffff:192.35.55.44
59503
0x0
{41c6e520-0e7e-da76-f903-197f08880601}
-
m/AAAgBB0CC1DaEpr4FFfo+Gb+t61aBluBz+0h46cGM=

A8BpCD/EFnvGHzImy0J5s0KKKK35nLmNfFAXk/qMV68=


The locale specific resource for the desired message is not present



###### FROM THE WINDOWS EVENT LOG XML VIEW TAB

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{88888888-4444-4444-a5ba-7e7b7777c77d}" /> 
  <EventID>4634</EventID> 
  <Version>0</Version> 
  <Level>0</Level> 
  <Task>12545</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8020000000000000</Keywords> 
  <TimeCreated SystemTime="2025-02-05T13:27:36.1363139Z" /> 
  <EventRecordID>113417695</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="764" ThreadID="6136" /> 
  <Channel>Security</Channel> 
  <Computer>H123HOSTA011Z.domain.com</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="TargetUserSid">S-1-5-21-0000000000-999999999-999999999-324630</Data> 
  <Data Name="TargetUserName">D321HOSTA011Z$</Data> 
  <Data Name="TargetDomainName">SUB</Data> 
  <Data Name="TargetLogonId">0x4a33aaaa</Data> 
  <Data Name="LogonType">3</Data> 
  </EventData>
- <RenderingInfo Culture="en-US">
  <Message>An account was logged off. Subject: Security ID: S-1-5-21-1229272821-999999999-999999999-7777777 Account Name: D321HOSTA011Z$ Account Domain: IN Logon ID: 0x3D14ABCD Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.</Message> 
  <Level>Information</Level> 
  <Task>Logoff</Task> 
  <Opcode>Info</Opcode> 
  <Channel>Security</Channel> 
  <Provider>Microsoft Windows security auditing.</Provider> 
- <Keywords>
  <Keyword>Audit Success</Keyword> 
  </Keywords>
  </RenderingInfo>
  </Event>




###### FROM THE WINDOWS EVENT LOG FRIENDLY VIEW TAB
- System 

  - Provider 

   [ Name]  Microsoft-Windows-Security-Auditing 
   [ Guid]  {88888888-4444-4444-a5ba-3e3b4444c30d} 
 
   EventID 4769 
 
   Version 1 
 
   Level 0 
 
   Task 14337 
 
   Opcode 0 
 
   Keywords 0x8020000000000000 
 
  - TimeCreated 

   [ SystemTime]  2025-02-05T13:34:21.8241768Z 
 
   EventRecordID 1227235589 
 
   Correlation 
 
  - Execution 

   [ ProcessID]  712 
   [ ThreadID]  10896 
 
   Channel Security 
 
   Computer d321hosta011z.SUB.DOMAIN.COM 
 
   Security 
 

- EventData 

  TargetUserName usernam1p@SUB.DOMAIN.COM 
  TargetDomainName SUB.DOMAIN.COM 
  ServiceName H123ABCDE8D1$ 
  ServiceSid S-1-5-21-1299999921-444445543-839222333-111111 
  TicketOptions 0x40810000 
  TicketEncryptionType 0x12 
  IpAddress ::ffff:192.35.55.44 
  IpPort 59503 
  Status 0x0 
  LogonGuid {66a6e520-6a6a-aa66-a666-666a06660601} 
  TransmittedServices - 
  RequestTicketHash m/AAAgBB0CC1DaEpr4FFfo+Gb+t61aBluBz+0h46cGM=  
  ResponseTicketHash A8BpCD/EFnvGHzImy0J5s0KKKK35nLmNfFAXk/qMV68=  

- RenderingInfo 

   [ Culture]  en-US 
   Message A Kerberos service ticket was requested. Account Information: Account Name: usernam1p@SUB.DOMAIN.COM Account Domain: SUB.DOMAIN.COM Logon GUID: {66a6e520-6a6a-aa66-a666-666a06660601} Service Information: Service Name: H123ABCDE8D1$ Service ID: S-1-5-21-1299999921-444445543-839222333-111111 Network Information: Client Address: ::ffff:192.35.55.44 Client Port: 59503 Additional Information: Ticket Options: 0x40810000 Ticket Encryption Type: 0x12 Failure Code: 0x0 Transited Services: - Ticket information Request ticket hash: m/AAAgBB0CC1DaEpr4FFfo+Gb+t61aBluBz+0h46cGM= Response ticket hash: A8BpCD/EFnvGHzImy0J5s0KKKK35nLmNfFAXk/qMV68= This event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested. This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which
  is often a different machine than the domain controller which issued the service ticket. Ticket options, encryption types, and failure codes are defined in RFC 4120. 
 
   Level Information 
 
   Task Kerberos Service Ticket Operations 
 
   Opcode Info 
 
   Channel Security 
 
   Provider Microsoft Windows security auditing. 
 
  - Keywords 

   Keyword Audit Success