M
Marc O
HELP!!!
I have a problem with my clients being able to log on to my Win2k AD domain.
Different clients will intermittenly get a message when they try and log on
that they can not log on due to a client/server time differnce.
Here is some background info:
Win2k AD domain w/ 2 DCs
DC1 is exchange2k/FSMO/Global Catalog/first DC in the domain/DNS/WINS etc.
DC2--is just a DC/Global Catalog/DNS
Clients are a mixture of 2kPro/XP Pro/ 98se-- only the 2k and XP machines
seem to be effected.
DC1 is syncing it's time to a stratum 2 time server and is the sntp server
for the domain. DC2 uses DC1 for sntp as do the rest of the cleints.
Everyday when trying to log into DC2 I will get the message about the time
difference and will not be able to log in to it. When this happens clients
who try and authenticate against this DC2 are denied w/ a warning about time
difference. If I use the Computer management MMC and I restart the Windows
Time Service and the Kerberos service, users can log on again. But it seems
that I need to do this every x number of hours. I have read and reread all
the KBs regarding time and I can't seem to lick this one. It seems that most
clients in the domain when running 'net time' return the value of 'Current
time at \\DC2 is x/x/xxxx x:xx AM'. y users are starting to hunt for my
head every morning so any help would be greatly appreciated I am lost.
Thanks in advance
marc o.
I have a problem with my clients being able to log on to my Win2k AD domain.
Different clients will intermittenly get a message when they try and log on
that they can not log on due to a client/server time differnce.
Here is some background info:
Win2k AD domain w/ 2 DCs
DC1 is exchange2k/FSMO/Global Catalog/first DC in the domain/DNS/WINS etc.
DC2--is just a DC/Global Catalog/DNS
Clients are a mixture of 2kPro/XP Pro/ 98se-- only the 2k and XP machines
seem to be effected.
DC1 is syncing it's time to a stratum 2 time server and is the sntp server
for the domain. DC2 uses DC1 for sntp as do the rest of the cleints.
Everyday when trying to log into DC2 I will get the message about the time
difference and will not be able to log in to it. When this happens clients
who try and authenticate against this DC2 are denied w/ a warning about time
difference. If I use the Computer management MMC and I restart the Windows
Time Service and the Kerberos service, users can log on again. But it seems
that I need to do this every x number of hours. I have read and reread all
the KBs regarding time and I can't seem to lick this one. It seems that most
clients in the domain when running 'net time' return the value of 'Current
time at \\DC2 is x/x/xxxx x:xx AM'. y users are starting to hunt for my
head every morning so any help would be greatly appreciated I am lost.
Thanks in advance
marc o.