• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3637
  • Last Modified:

Kerberos Error Event ID 5

We are a SBS2003 SP2/Exchange 03 w/ XP clients environment. We are receiving the Event ID 5 error on our server for some of the clients in our network:
Event Type:      Error
Event Source:      Kerberos
Event Category:      None
Event ID:      5
Date:            01/28/2008
Time:            8:04:21 AM
User:            N/A
Computer:      Server
Description:
The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server desktop05$.  This indicates that the ticket used against that server is not yet valid (in relationship to that server time).  Contact your system administrator  to make sure the client and server times are in sync, and that the KDC in realm domain.LOCAL is  in sync with the KDC in the client realm.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

In addition, all of our clients are getting the Event ID 29:
Event Type:      Error
Event Source:      W32Time
Event Category:      None
Event ID:      29
Date:            1/27/2008
Time:            10:49:41 AM
User:            N/A
Computer:      desktop20
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 959 minutes. NtpClient has no source of accurate time.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I'm thinking it's a time service problem. The Windows time service is started on the server. I've tried using the "net time" command on the clients but it didn't work.

Can anyone help?
0
ipsbend
Asked:
ipsbend
  • 2
  • 2
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
ipsbend,

That's a good guess of what it is.  Run the following commands at a CMD prompt to configure your SBS with an authoritative time server that will work better for your network:

w32tm /config /manualpeerlist:"0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8" /syncfromflags:MANUAL
w32tm /config /update
net stop w32time
net start w32time
w32tm /resync /nowait

Then you can either rerun "w32tm /resync" on all of your workstations, or you can add the following line to your SBS_LOGIN_SCRIPT.bat file and it'll sync each workstation automatically at the next login:

net time \\<servername> /set /y

(replacing <servername> with your actual server's name)


Jeff
TechSoEasy
0
 
ipsbendAuthor Commented:
Hi, Jeff. About the external source, I don't know much about them. I didn't see the one you mentioned on the MS site: http://support.microsoft.com/default.aspx/kb/q262680/. I was wondering if there is a particular reason why you use pool.ntp.org or is it just personal preference?

Thx!
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The advantage of pool.ntp.org is that you are using a cluster of over 500 servers (if in North America -- over 900 in Europe, etc.) so you never have a problem getting a connection.  

You can read more about it here:  http://www.pool.ntp.org

Since I've switched the servers I manage to using these I never have a problem at all with W32Time.

Jeff
TechSoEasy
0
 
ipsbendAuthor Commented:
One thing I will add to this: We had a GPO on the server that was overriding some of this configuration. Removing the settings from the GPO allowed this solution to work.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now