I have a lot of the following event for multiple user
--------------------------------------------------
Kerberos pre-authentication failed.Account Information:
Security ID: Domain\xxxx
Account Name: xxxx
Service Information:
Service Name: krbtgt/Domain
Network Information:
Client Address:::ffff:X.X.X.X
Client Port: 37430
Additional Information:
Ticket Options:0x40810010
Failure Code: 0x18
Pre-Authentication Type:2
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options and failure codes are defined in RFC 4120.
If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
-------------------------------
The problem with this is that the account lockout policy cannot be applied because user accounts that display this behavior are immediately locked out.
Will you have some reference in this regard?