A Kerberos ticket-granting-ticket (TGT) was issued, but it will be denied when Authentication Policy is enforced because ...

A Kerberos ticket-granting-ticket (TGT) was issued, but it will be denied when Authentication Policy is enforced because the device does not meet the access control restrictions.

Account Information:
	Account Name:		%1
	Supplied Realm Name:	%2
	User ID:			%3

Authentication Policy Information:
	Silo Name:		%16
	Policy Name:		%17
	TGT Lifetime:		%18

Device Information:
	Device Name:		%4

Service Information:
	Service Name:		%5
	Service ID:		%6

Network Information:
	Client Address:		%11
	Client Port:		%12

Additional Information:
	Ticket Options:		%7
	Result Code:		%8
	Ticket Encryption Type:	%9
	Pre-Authentication Type:	%10

Certificate Information:
	Certificate Issuer Name:		%13
	Certificate Serial Number:		%14
	Certificate Thumbprint:		%15

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.