"there is a time difference between client and server"

"there is a time difference between client and server"

I recieve this error message when trying to logon to domain from all clients!
I have set the w32time service. I believe its working as I get event logs stating time is within <.5sec
The only way I can get users logged on is to restart the Dc. (I have only one dc on a small network)
Users can then logon but after a time (hours) all users can not logon after logging out.

I recieve no error message on the server.

Any help appreciated
rbauckhamAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LucFEMEA Server EngineerCommented:
Use this line in the login script:

Net time /setnstp:<servername>

and see if it helps.

LucF
0
LucFEMEA Server EngineerCommented:
0
rbauckhamAuthor Commented:
afraid not. I have set this from the local admin of client. (as I can not logon)
The error appears as soon as you press enter on logon screen. and will not proceed past logon screen

RCB
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

LucFEMEA Server EngineerCommented:
Try loggin on by rebooting the server or whatever you have to do, and then use my first comment, it should make sure your computertime is always up to date.

Also try replacing the battery on the servers motherboard, it might be dead or almost.
0
rbauckhamAuthor Commented:
Ok I'll give it ago.  But shouldn't it set itself to the dc automatically?
0
LucFEMEA Server EngineerCommented:
>But shouldn't it set itself to the dc automatically?
No.. too bad...
0
grayeCommented:
If it's happening to all clients, then it certaily looks like the time is off on the Domain Controller (not the client PCs).  I'd reboot the Domain Controller... catch the BIOS setup... change the date/time... and let 'er reboot.

Kerberos wants no more than a 5 minute variation in time.

I'll bet you can still log into any local account (since all local acounts are in the SAM registry database) and don't use Kerberos.
0
rbauckhamAuthor Commented:
This has been done and the clocks (client and server) are set the same.

Is there a setting for the kerberos discretion any where?

why would the server suddenly stop clients logging on? why does a reboot make a difference?
0
Rob StoneCommented:
0
rbauckhamAuthor Commented:
Stoner79

This issue is exactly the one I am getting.
I also have a terminal services software that home users connect to and recieve this error. Although as I am having the same issue on local clients it would appear that this is just a coincidence.
Would it be possible to contact the user who posted the original error to see if he found a solution?

Thanks
0
LucFEMEA Server EngineerCommented:
Can you try replacing the battery on your server? I think it's worth a shot...
0
Rob StoneCommented:
You could try.  I only stumbled across it searching on google, I'm not a member of the site.  Why don't you email him and explain the situation and see if he helps. If so, it would be worth putting what he has to say on here.
0
grayeCommented:
The setting for the "Time skew" is in the Default Domain Security policy (under Account Policies)
0
rbauckhamAuthor Commented:
thanks
After a restart everthing worked for 4 hours fine then for no apparent reason the next user to log on recieves the time difference message and thats it I have to restart.
I am running out of options. I am going to restore a backup on different hardware to see if the problems remains. But four hours is a lenghty test period for any alterations made!

Does anyone know what options I have for reinstalling 2k again over the top of my curent config. (Win2k DC, exchange 2k) If I can not fix this how would you guys go about transferring Exchange 2k to another server etc? Quickest and simplest please.

Thanks again
0
LucFEMEA Server EngineerCommented:
I think you should first try the System File Checker as I didn't have very good experiences with "repair" installations...
Start => Run => type "SFC /scannow" (without the quotes) and press enter (keep your windows cd nearby)

But still, have you at least tried replacing the battery....
0
LucFEMEA Server EngineerCommented:
Or here => http://www.eecis.udel.edu/~mills/ntp/clock1a.html
http://www.eecis.udel.edu/~mills/ntp/clock2a.html

You can use these to make sure your servers time is the same as the atomic clock by using:

Net time /setsntp:<servername> or
Net time /setsntp:<IP-adres of timeserver>

LucF
0
rbauckhamAuthor Commented:
thanks
To change the battery on my server means a new motherboard. compaq ML 350. So I was going to restore on new hardware. this will kind of test this theory.
I have set the server to various time servers and set it to be its own. I have then set the clients to point to my DC's ipaddress as they should do anyway. Still no joy. Why would it work for 4 hours then give up the ghost with no other error than the one at attempted logon.

thanks again

RB
0
LucFEMEA Server EngineerCommented:
>>To change the battery on my server means a new motherboard. compaq ML 350.
I don't know about this motherboard you have, but changing your motherboard should be out of the question, some motherboards do have the battery soldered on the motherboard, but if you're handy you should be able to remove the original battery and connect another one to the connectors on the motherboard or have your supplier replace it. (normally it's a 3 volt battery so two AA batteries connected should be able to do this job also (just be carefull soldering these connections to your motherboard (assuming you know how to do this)))
0
grayeCommented:
Have you thought about changing the Kerberos Skew Time to something outragously large... just to keep things going while you're hunting for the real problem?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rbauckhamAuthor Commented:
This did the job . hope there's no repercussions!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.