Have you checked the time on the laptop and made the workstation time match
that of the DC? Kerberos authentication fails if the time is off by more
than 5 minutes to prevent against replay attacks - make sure the time zone
and time of the client computer matches that of the domain controller.
Also, is the type on the client machine set to Nt5Ds
(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters)
so that it automatically synchronizes its time with the authenticating
domain controller and is the Windows Time service on the client and dc set
to automatically start?
224799 Basic Operation of the Windows Time Service
http://support.microsoft.com/?id=224799
223184 Registry Entries for the W32Time Service
http://support.microsoft.com/?id=223184
David Pharr, (e-mail address removed)
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Lee Messenger" <
[email protected]>
| Subject: Cant login to domain - time problem
| Date: Wed, 7 Jan 2004 09:31:48 -0000
| Lines: 16
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <
[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: nat0.westcon.co.uk 195.217.54.227
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.
phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:61629
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hi,
|
| A user successfully logged into our AD domain this morning from her XP
| workstation, then disconnected her laptop, connected back later and when
she
| now tries to log in it says "The current time on the Computer and time on
| the network are different, please contact local admin"
|
| I cannot get her to log back in no matter what i try.
|
| Please help
|
| Regards,
|
| LM
|
|
|