Solved

sbs2003 has kerberos errors trying to replicate to 2000 standard server

Posted on 2004-09-29
3
185 Views
Last Modified: 2013-12-04
a 2003 sbs server was replicating fine to a 2000 standard server across a vpn all fine then all of a sudden error messages of a kerberos nature users on the 2000 side coulndt log on etc managed to sort all out except now the DNS is taken off the 2000 server as it is only the 2000 server that replicates all to the 2003 server the 2003 server cannot replicate and all operrations are on the 2003 server all dns on the 2003 server is tested ok.  dont want to rebuild the 2003 server but will try to jion another 2000 server to elimainate the 2000 side what are the chances that on of the hotfix updates has nadged the 2003 server ????? microsoft have given up when i mentioned this...
0
Comment
Question by:iriley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 12178232
iriley
Kerberos gets very unhappy when the time on the two machines in question is out by more than 5 minutes. Make sure the two machines are set to the same time and correct timezone.

Cheers

JamesDS
0
 
LVL 1

Author Comment

by:iriley
ID: 13161170
spoke to ms about this after trying suggestion and they were not too happy that it would work ??? eventually found out off one of the staff that the network has always been bad and that someone has rebuilt it 3 times ( STAYED WELL CLEAR CANT FIX FAULTS WHEN PEOPLE ARE TELLING ME INCORRECT INFO)
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 13161225
iriley

For the benefit of other viewers...

Not sure what microsoft would have said to you, but it is a fact that a 5 minute drift on domain controllers (or any member of a domain) will cause kerberos errors and can stop replication on Domain Controllers.

This figure is configurable in GPO, but it is not advised to mess about with kerberos settings without knowing what you're doing.

Therefore, in any situation where replication is failing it is never a bad idea to check that time and timezones are configured correctly.

Nevertheless, thanks for the points and glad you have a direction to go now.

Cheers

JamesDS
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question