Solved

Computer / Network time issues - not synchronized.

Posted on 2007-11-26
10
2,490 Views
Last Modified: 2010-04-21
Hello;

I'm having an issue with 1 of 95 client computers connected to my domain.
When trying to logon to the domain from this client workstation, i get the following error popup:
" The current time on this computer and the current time on the network are different. See Help & Support ...."

I've tried everything in article 21379402.
http://www.experts-exchange.com/Operating_Systems/Q_21379402.html

This started without any reason.  No new updates were installed as well as any new software.

When trying to run some of the commands when logged in as local admin, i get access denied errors
for example, running NET TIME /DOMAIN:mydomain /SET, i get ACCESS DENIED.  I've also tried using RUN AS to run that command.

I've replaced the NIC, CAT 5e cable, removed workstation from Domain, changed PC name, re-joined domain - still same issue.

So i do get enough communication when logged in as local admin to disconnect and reconnect to the domain - but still can't logon as any domain user.

Any help would be graciously appreciated.


Thanks

Tom
0
Comment
Question by:garrtech
  • 5
  • 3
  • 2
10 Comments
 
LVL 9

Expert Comment

by:cmorffew
ID: 20352391
what is the response you get for running just NET TIME?
Do you see your domain controller Listed:e.g.
Current time at \\servername is 11/26/2007 2:47 PM

Do you have any security policies set either by Group Policy or in the local Security policy of the machine you are having issues with?
0
 

Author Comment

by:garrtech
ID: 20352602
The response i get is: ACCESS DENIED
and it does not show the domain controller.

1 have one security policy set (domain), that is to disable the ability for domain users to change the time on their PC unless they are part of the Domain Admins group.  So far, no other computer has been affected.  The policy has been in place for approximately 2 weeks now.


0
 

Author Comment

by:garrtech
ID: 20352628
Correction:

The error message when typing NET TIME in the CMD window is:

"System error 5 has occurred.
Access is denied."

0
 
LVL 38

Expert Comment

by:younghv
ID: 20352779
garrtech,
Are you seeing any 'Error Messages' in your Event Viewer on that computer?
If so, post the Source and Event ID.

Also - from the 'dumb things I've done personally' file - have you tried swapping out the battery in the mother board?

I wasted two days last week trouble-shooting a 'time problem' that was nothing more than a worn out battery.

Vic
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 20353056
garrtech,
Can you login to the machine in question as a domain admin and try the NET TIME command again.

From what you have told us, you need to logon as a domain admin to change the time - the local admin account will not work as per your domain policy.

If you cannot logon as a domain admin;
1. logoff as local admin and reboot machine but dont logon again
2.  disable the policy for that machine in GP Management (remove the link for that machine or disable inheritance) - you will have to do this either on the server or your admin machine where you have the group policy management plug-in installed
3.  logon to the machine in question as local admin
4. run gpupdate /force and then try the NET TIME cmd again.

CM
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:garrtech
ID: 20353216
Vic, I checked the battery and replaced with new battery.  Thanks Vic.
CM, I had tried to disable the policy (thankfully it was setup on a per OU rather than a domain policy), rand GPUPDATE /FORCE.  I also ran a command that displayed the results of the last GP Update (can't remember the command if my life depended on it... sorry) and it showed the Policies were updated since the last time i ran GPUPDATE /FORCE.

But wait....

I seem to have fixed the issue... here's what I did:

1. Logged in a local admin

2. Ran the following cmd:  NET USE \\DOMAINSERVERNAME /USER:DOMAIN\ADMINISTRATOR

3. I was then prompted for the Domain Admin Password, entered it.

4. Ran the following cmd: NET TIME /SET  > completed successfully.


That was great - the time was now synchronized with the domain.

Logged out, but couldn't log in with a domain account.  I got the following error:
"Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account is not found.  Please try again later"

So, logged back in as local admin.
The part where it said 'your computer account is not found' set off an idea. The idea was to try to remove and re-add this PC to the domain - but i ended up running the NETWORK ID WIZARD (because i clicked it by accident, System Properties > Computer Name tab).

Ran the wizard:
1. Selected 'computer is part of business'
2. selected 'network w/domain'
3. used domain admin/password to connect to domain
4. Msg popup "a computer account was found, do you want to use this account" i said yes.
5. next screen asked for a user account, entered the domain user's account (name/passwrd) that will be using this workstation.
6. Restarted the computer.

Now i was able to login as both admin or any user account onto the workstation through the Domain.


Anyone have any ideas as to what the heck happened here? I'm just glad it's working, but i need to understand this!  It's driving me nutz.


Thanks for everyone's suggestions and previous posts.

Tom

0
 
LVL 38

Expert Comment

by:younghv
ID: 20353277
It sounds like a variation of the old trick where you drop a 'domain' box down into a workgroup and then 're-add' it to the domain - then re-boot.

If you have any 409061/40960 errors or anything with lsasvr in it - the drop out and re-add has worked for me in the past.

Of course, could just be some of that Windows "FM" (where the M stands for Magic....)

Vic
0
 

Author Comment

by:garrtech
ID: 20353453
I just looked at the Event Viewer again and yes, it did have 40960 errors. Suprised that when i did remove the workstation from the domain and then re-added it, that it didn't work.

Gotta love that Windows 'FM' - I like that term, new to me - going to use it more often :)

Tom
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 20353793
Take a look at a previous suggestion I made - save me some typing.
We've done quite a few NT-AD migrations and we always seem to end up with some authentication/time problems.

Vic

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22502744.html
0
 

Author Closing Comment

by:garrtech
ID: 31411054
My own solution was very similar to Vic's, albeit, somewhat of a different process.  Thanks Vic for your help.  
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now