I ran into this same error message and we discovered the following:
A co-worker had turned off a number of audit events to troubleshoot someone getting their account locked. The events he turned off were:
login/log off events
He turned the login/log off events back on, this did NOT fix the issue.
As soon as he turned on Kerberos logging, we got all the new mappings.
For Windows Server 2008 R2 and Windows 2012, choose Advanced Audit Policy Configuration > Audit Policies > Account Logon. For the two Policy items, Audit Kerberos Authentication Service and Audit Kerberos Service Ticket Operations, ensure that the corresponding Policy Setting for each of these either directly or indirectly includes the Success condition as described above.