The time is wrong in one of my Domain controllers…………..

265 pts.
Tags:
Active Directory
Desktops
Management
Microsoft Windows
Network monitoring
Networking
OS
Security
Servers
SQL Server
Tech support
Hi, There is something wrong in my domain from one week ago!!! I have two domain controller,the first dc name is DC and second is Mail,both of them is GC and the OS is Win 2003 server R2 sp1 I set the time of Mail and other clients by GP acording the time of DC: (net time dc /set /y) I have some share folder on DC that I them map for all users by GPs, but from one week ago the time on Mail and some of clients is diferent from DC!!!??? The group policies doesn't work for users that the Mail gives them services and even when I want to set time on mail from command prompt it says: an extended error has occurred!!! but I can ping the DC on mail!!! when I want to log on (in Mail) with my User account that is belong to the administrators group and domain admins group it says: dctttghobei-m(my user name)desktop is not accessible.You might not have permission to use this network resource.!!!!! (I defined CA on DC that is valid from 3/20.2006 until 3/20/2016 that I think from 3/20 this problem was created!!!!!) Now some of users can't use of network drives that mapped by GP automatically for them!!!!! The time is wrong for some clients!!!!! On the Mail server I can't use of GP and other network resources!!!!! It is a strong problem for me!!it is urgent!!!! Could you please help me!!??? Thank you. ---- Regards Mahnaz
ASKED: March 25, 2007  7:24 AM
UPDATED: February 21, 2008  5:52 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi,
I should dive some extra information about my problem,first I should say:when I change manually the time of Mail server,all problems that I said appeare,if i don’t change manually the time of Mail server I can logon to it and have share folder on it but clients still have problem!!!
Here are some event log of Mail:
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 5
Date: 3/25/2007
Time: 2:34:13 PM
User: N/A
Computer: MAIL
Description:
The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server COMPUTER-3$. This indicates that the ticket used against that server is not yet valid (in relationship to that server time). Contact your system administrator to make sure the client and server times are in sync, and that the KDC in realm NIOC-KEPCO.COM is in sync with the KDC in the client realm.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
—————————–
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 5
Date: 3/25/2007
Time: 2:34:13 PM
User: N/A
Computer: MAIL
Description:
The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server COMPUTER-85$. This indicates that the ticket used against that server is not yet valid (in relationship to that server time). Contact your system administrator to make sure the client and server times are in sync, and that the KDC in realm NIOC-KEPCO.COM is in sync with the KDC in the client realm.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
—————–
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 3/25/2007
Time: 1:16:04 PM
User: N/A
Computer: MAIL
Description:
The Security System detected an authentication error for the server cifs/Computer-90. The failure code from authentication protocol Kerberos was “The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount.
(0xc0000133)”.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 33 01 00 c0 3..?
———————–
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 3/25/2007
Time: 1:12:50 PM
User: N/A
Computer: MAIL
Description:
The Security System detected an authentication error for the server cifs/dc.nioc-kepco.com. The failure code from authentication protocol Kerberos was “The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount.
(0xc0000133)”.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 33 01 00 c0 3..?
—————

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 3/25/2007
Time: 1:10:52 PM
User: N/A
Computer: MAIL
Description:
The Security System detected an authentication error for the server cifs/dc. The failure code from authentication protocol Kerberos was “The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount.
(0xc0000133)”.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 33 01 00 c0 3..?
————————–

Event Type: Error
Event Source: MsGina
Event Category: None
Event ID: 1010
Date: 3/25/2007
Time: 2:05:30 PM
User: N/A
Computer: MAIL
Description:
Failed to set the user’s home directory (Drive Z: connected to Share \dchome$).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: b8 04 00 00 ?…
——————-

Thank you.

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Aliyani
    Hi, Sorry of all my problem is so urgent!!! Please help me if you can!!!??? There is a check box in Date and Time menu that use for adjusting clock for daylight changes but in my Mail server there isn't this item!!!!and the time of this DC is one hour behind my master DC(DC)!!!For example now the time of DC is 8:20 AM but the time of Mail is 7:20 AM !!! When I run (net time dc /set /y) on mail it says: Current time at DC is 3/27/2007 07:25 AM Local time (GMT+04:30) at DC is 3/27/2007 08:25 AM The command completed successfully. But we are in GMT+03:30!!!!!! and I check the zone time and it is correct in two dc's and is GMT+03:30!!!!! All of my OS is original and I update them from microsoft site every week!!!!!! What's the problem!!!?? Please help me!!!! Thank you. ----- Regards Mahnaz
    265 pointsBadges:
    report
  • Lirria
    I'm assumming you are not in the US - I know with the daylight savings time patches that things here got a little weird - you could try changing the time zone, click apply and then change it back to the proper timezone and see if that fixed the problem. Lirria
    0 pointsBadges:
    report
  • Dimchik
    1) By how much time you are off on systems 2) make sure you run DST update patch if you guys were affected by DST change. 3) Kerberoes authentication won't work if system clock is of by more then 5 minutes as Kerberoes authentication depends on time syncronization. My question would be by how long clients are different? is it random time diference or by 1 hour?
    0 pointsBadges:
    report
  • Dimchik
    By the way what computers you have is it mix of Windows XP and 2000? If yes Winodws 2000 you had to manually apply TZedit tool.
    0 pointsBadges:
    report
  • Buddyfarr
    one thing to try is at a command prompt on the mail server do this: net time /query this will tell you where your server is getting it's time from. you could set this to your other server and then set your other server to get it's time from the internet with this command on each server: net time \\servername /set /yes for a list of internet servers: http://tf.nist.gov/service/time-servers.html
    6,850 pointsBadges:
    report
  • Buddyfarr
    whoops, just tested my net time command and it did not work. To set the timeserver on your server use this command: net time /setsntp:servername that does work, I just tested it. thanks.
    6,850 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following