Re: Date Time Synchonisation Failure

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 09/27/04 

Date: Mon, 27 Sep 2004 16:41:22 +0200

Hi Justin,

Domain authentication relies on Kerberos and Kerberos relies on accurate
time in domain. If time between client and server is off be more then 5
minutes (plus/minus) Kerberos authentication will fail.

While this is something I wouldn't want to do in my production environment
this offset can be changed through group policy. To change this edit Default
Domain Group policy. In Group Policy Editor drill down under Computer
Configuration -> Windows Settings -> Security Settings -> Account
Policies -> Kerberos Policy.

Mike

"Justin" <Justin@PlaysafeMonitoring.com> wrote in message
news:381d01c4a49c$38fbb550$a401280a@phx.gbl...
> Problems with Microsoft Windows 2003 Date Time
> synchronisation (running Exchange Server)
>
> We have recently upgraded to run Windows 2003 on our
> server, running Exchange to handle our emails. We also
> test many programs on our client pcs, (all of which run
> Windows XP Sp2) including Time and Attendance programs. As
> you might appreciate we need to change our client pcs time
> and date to test things easily.
>
> The annoying problem we have is that the server keeps
> updating the time. I have turned off the Time and Date
> service in the services manager on the client pcs, but
> now, when the client pcs reboot, no-one can log on because
> the date and time is out of sync with the server. This is
> the whole point of our testing.. we dont want it to be in
> sync.
>
> Does anyone know how we can get around this problem? Or
> are we doomed because Microsoft forbids any testing of
> products involving dates and times?
>
> Any help greatly appreciated as it is driving us mad.
> Thank you.
>
> Regards
> Justin

Relevant Pages

  • Re: Kerberos with Windows Integrated authentication
    ... behaviour if your Web server is in the client broweser's Internet zone. ... referencing it by computer name rather than FQDN), the browser will request ... Obviously, if you want to use Kerberos for authentication, you will either ...
    (microsoft.public.windows.server.security)
  • Re: Kerberised NFS
    ... Kerberised NFS presumably requires authentication and encryption between client and server, so presumably the client needs to get a ticket prior to contacting the server. ... server with kerberos security options, and successfully automounting user's home directories on client machines when they log in. ...
    (comp.protocols.kerberos)
  • Re: Kerberos authentication fails
    ... we had have kerberos log activated yesterday while we test the ... Client Server Name: ... * System Event logs in GPRSServer03 ... Server domain: DISTROMEL.GPRS ...
    (microsoft.public.sqlserver)
  • Re: Kerberos authentication fails
    ... we had have kerberos log activated yesterday while we test the ... Client Server Name: ... * System Event logs in GPRSServer03 ... Server domain: DISTROMEL.GPRS ...
    (microsoft.public.win2000.security)
  • Re: Server not found in Kerberos Database
    ... Server not found in Kerberos Database ... When I am trying to do a kinit on the client, ... I have a KDC on Win2003 and a client which is a Linux is trying = ...
    (comp.protocols.kerberos)