Currently we are seeing a lot of Events "Kerberos authentication Ticket (TGT) was rejected" even for the accounts that are blocked.
Also from the event logs, I see a username being used which does not exist on the server, neither in Users, nor in services, no application pools running with this acccount. The logon type is 8. Screenshots attached, really need help here.
Can any one please shed a light why this is happening??