?
Solved

"there is a time difference between client and server"

Posted on 2003-11-26
21
Medium Priority
?
8,943 Views
Last Modified: 2012-06-22
"there is a time difference between client and server"

I recieve this error message when trying to logon to domain from all clients!
I have set the w32time service. I believe its working as I get event logs stating time is within <.5sec
The only way I can get users logged on is to restart the Dc. (I have only one dc on a small network)
Users can then logon but after a time (hours) all users can not logon after logging out.

I recieve no error message on the server.

Any help appreciated
0
Comment
Question by:rbauckham
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
  • 3
  • +1
21 Comments
 
LVL 32

Expert Comment

by:LucF
ID: 9827430
Use this line in the login script:

Net time /setnstp:<servername>

and see if it helps.

LucF
0
 
LVL 32

Expert Comment

by:LucF
ID: 9827439
0
 

Author Comment

by:rbauckham
ID: 9827453
afraid not. I have set this from the local admin of client. (as I can not logon)
The error appears as soon as you press enter on logon screen. and will not proceed past logon screen

RCB
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 32

Expert Comment

by:LucF
ID: 9827474
Try loggin on by rebooting the server or whatever you have to do, and then use my first comment, it should make sure your computertime is always up to date.

Also try replacing the battery on the servers motherboard, it might be dead or almost.
0
 

Author Comment

by:rbauckham
ID: 9827571
Ok I'll give it ago.  But shouldn't it set itself to the dc automatically?
0
 
LVL 32

Expert Comment

by:LucF
ID: 9827613
>But shouldn't it set itself to the dc automatically?
No.. too bad...
0
 
LVL 41

Expert Comment

by:graye
ID: 9828624
If it's happening to all clients, then it certaily looks like the time is off on the Domain Controller (not the client PCs).  I'd reboot the Domain Controller... catch the BIOS setup... change the date/time... and let 'er reboot.

Kerberos wants no more than a 5 minute variation in time.

I'll bet you can still log into any local account (since all local acounts are in the SAM registry database) and don't use Kerberos.
0
 

Author Comment

by:rbauckham
ID: 9830962
This has been done and the clocks (client and server) are set the same.

Is there a setting for the kerberos discretion any where?

why would the server suddenly stop clients logging on? why does a reboot make a difference?
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9831148
0
 

Author Comment

by:rbauckham
ID: 9831255
Stoner79

This issue is exactly the one I am getting.
I also have a terminal services software that home users connect to and recieve this error. Although as I am having the same issue on local clients it would appear that this is just a coincidence.
Would it be possible to contact the user who posted the original error to see if he found a solution?

Thanks
0
 
LVL 32

Expert Comment

by:LucF
ID: 9831460
Can you try replacing the battery on your server? I think it's worth a shot...
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9832054
You could try.  I only stumbled across it searching on google, I'm not a member of the site.  Why don't you email him and explain the situation and see if he helps. If so, it would be worth putting what he has to say on here.
0
 
LVL 41

Expert Comment

by:graye
ID: 9832670
The setting for the "Time skew" is in the Default Domain Security policy (under Account Policies)
0
 

Author Comment

by:rbauckham
ID: 9833581
thanks
After a restart everthing worked for 4 hours fine then for no apparent reason the next user to log on recieves the time difference message and thats it I have to restart.
I am running out of options. I am going to restore a backup on different hardware to see if the problems remains. But four hours is a lenghty test period for any alterations made!

Does anyone know what options I have for reinstalling 2k again over the top of my curent config. (Win2k DC, exchange 2k) If I can not fix this how would you guys go about transferring Exchange 2k to another server etc? Quickest and simplest please.

Thanks again
0
 
LVL 32

Expert Comment

by:LucF
ID: 9833614
I think you should first try the System File Checker as I didn't have very good experiences with "repair" installations...
Start => Run => type "SFC /scannow" (without the quotes) and press enter (keep your windows cd nearby)

But still, have you at least tried replacing the battery....
0
 
LVL 32

Expert Comment

by:LucF
ID: 9833629
0
 
LVL 32

Expert Comment

by:LucF
ID: 9833687
Or here => http://www.eecis.udel.edu/~mills/ntp/clock1a.html
http://www.eecis.udel.edu/~mills/ntp/clock2a.html

You can use these to make sure your servers time is the same as the atomic clock by using:

Net time /setsntp:<servername> or
Net time /setsntp:<IP-adres of timeserver>

LucF
0
 

Author Comment

by:rbauckham
ID: 9833719
thanks
To change the battery on my server means a new motherboard. compaq ML 350. So I was going to restore on new hardware. this will kind of test this theory.
I have set the server to various time servers and set it to be its own. I have then set the clients to point to my DC's ipaddress as they should do anyway. Still no joy. Why would it work for 4 hours then give up the ghost with no other error than the one at attempted logon.

thanks again

RB
0
 
LVL 32

Expert Comment

by:LucF
ID: 9833805
>>To change the battery on my server means a new motherboard. compaq ML 350.
I don't know about this motherboard you have, but changing your motherboard should be out of the question, some motherboards do have the battery soldered on the motherboard, but if you're handy you should be able to remove the original battery and connect another one to the connectors on the motherboard or have your supplier replace it. (normally it's a 3 volt battery so two AA batteries connected should be able to do this job also (just be carefull soldering these connections to your motherboard (assuming you know how to do this)))
0
 
LVL 41

Accepted Solution

by:
graye earned 1500 total points
ID: 9834942
Have you thought about changing the Kerberos Skew Time to something outragously large... just to keep things going while you're hunting for the real problem?
0
 

Author Comment

by:rbauckham
ID: 9897125
This did the job . hope there's no repercussions!
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this blog post, we’ll look at how using thread_statistics can cause high memory usage.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question