Announcement

Collapse
No announcement yet.

Time Problem on New DC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Time Problem on New DC

    Hi Everyone,

    We are having problem with time on our new DC and end-user clients. This problem occurs whenever we put up new DC for our existing domain.

    The exact error is " The system can not log you on due to the following error: There is a time difference between the client and the server. Please try again or consult your system administrator"

    Even the new DC (SVR02) cannot logon the the domain and displays this same error. The only way the new DC to logon is to reboot, but after a few hour the error occurs again.

    Same with behavior on our client pc's.


    Time Zone are the same on all servers and workstations.

    Our AD domain setup is 1 forest, 1 domain.

    please help.

    thanks,

    Jojo

  • #2
    Re: Time Problem on New DC

    Please check that the "Time Zone" settings are corrent (Check it with TZEDIT) and Windows Time service is up on the server.

    Regards,

    Yuval
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: Time Problem on New DC

      This looks like the the DC is configured with a time server that is not working. This may happen if you configured a time server manually, which is something you should only do on the PDCe. Alternatively, like Yuval says, the time service may be stopped. Yet another idea: if you have a firewall that blocks 123 tcp/udp you'd have the same effect.

      Note that the time sync process is not sensitive to time zone. We would be in a nice mess if it were

      Comment


      • #4
        Re: Time Problem on New DC

        you can use the net time command, /set and synchronize time on all machines. I think kerberos requires all time be within 5 minutes for a ticket to be valid.

        Comment


        • #5
          Re: Time Problem on New DC

          Some time ago I started a writeup on time synchronization in AD environment, but never had the time to finish it.
          In any case, you might find the following useful:
          http://guy.netguru.co.il/uploads/w32tm.html
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            Re: Time Problem on New DC

            Thanks to all who gave their inputs, unfortunately upon doing so the problem still occurs.

            I'am attaching the exact error message we encounter on the newly promoted DC. (this error appears after the restart is initiated at the end of the DCPROMO process)
            Attached Files

            Comment


            • #7
              Re: Time Problem on New DC

              Are both servers in the correct time zones??

              Are both servers set to the same time??

              Are both servers on the same site??

              Comment


              • #8
                Re: Time Problem on New DC

                Are both servers in the correct time zones?? YES

                Are both servers set to the same time?? YES

                Are both servers on the same site?? YES

                Comment


                • #9
                  Re: Time Problem on New DC

                  Are the BIOS clocks at the same time??

                  Comment


                  • #10
                    Re: Time Problem on New DC

                    Ok well the problem I think lies within kerberos not being able to authenticate, I have seen this problem before even with the time exactly the same try this for me:

                    log on locally to both machines, client/server with admin privlidges.

                    go start>run> type: NET TIME /DOMAIN:name /SET
                    (where name is put in the domain being used)

                    after this reboot machines and try to logon again. If this still doesnt work, let me know I have another idea.

                    Comment


                    • #11
                      Re: Time Problem on New DC

                      also if you can to isolate the problem, change the server and just 1 client to a different subnet to troubleshoot.

                      Comment

                      Working...
                      X