We help IT Professionals succeed at work.

Time different on client machine and server prevents login

266 Views
Last Modified: 2013-12-04
I have a customer with a laptop and when he heads back to his docking station after being out of the office for a day or two (not in a different time zone), he tries to login to the network and his laptop stops the login and reports an issue where his local time is different than the server, and disallows him to login. As i've been researching, this is caused by Kerberos security relying on correct time between a client machine and the server. I had the customer disconnect from the network, login as the local administrator, plug back into the network, log off, log back in as himself, and that time around he was able to login fine.

The odd thing is though when he logged in as the local admin, the time on the laptop was indeed correct

Anyone have an idea why this is happening? It's happened to him in the past, and i've done this with him again and again to patch the issue.
Comment
Watch Question

Photographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
What is the Client OS?

Is the time acutally different (greater the 20 Seconds) between the workstation and the Server?  If not, on the account tab of the user properties in Active directory Users and computers, "logon without kerberos preauthentication" is it selected.   Try deslecting this box.

Author

Commented:
Yes, the time difference is around 30 seconds.

Client OS is XP Pro SP2.

Would disabling Kerberos preauthentication potentially open up a security threat?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
First you said "The odd thing is though when he logged in as the local admin, the time on the laptop was indeed correct", then you say "Yes, the time difference is around 30 seconds" - so where do you see these 30 seconds?
Also look into your system event log, you will find messages about w32time service that corrected the system time - when do they appear?

Commented:
I can't comment on the securit threat question, but since the time is actually off that recommendation doesn't apply to you.

What is the status of your w32time service on this client machine?

Is it started and configured for Automatic startup?

Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
Agreed, if you have non windows devices, or just want a real time server, then NTP is the way to go!  I too find it much easier to work with then Windows.

Windows time is usually, 'okay'.  But like most windows operations, you will run into problems with it eventually.

While I don't have the symtime Utility ChiefIT mentioned, any base installation of Linux can run as a NTP Time server.  We have 2 for redundancy, connecting to the same Stratum 1 servers.

But your computer 'should' be getting its time from the PDC Before it attempts to log in.  That is why I asked about the state of your time service.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.