Link to home
Start Free TrialLog in
Avatar of ipsbend
ipsbend

asked on

Kerberos Error Event ID 5

We are a SBS2003 SP2/Exchange 03 w/ XP clients environment. We are receiving the Event ID 5 error on our server for some of the clients in our network:
Event Type:      Error
Event Source:      Kerberos
Event Category:      None
Event ID:      5
Date:            01/28/2008
Time:            8:04:21 AM
User:            N/A
Computer:      Server
Description:
The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server desktop05$.  This indicates that the ticket used against that server is not yet valid (in relationship to that server time).  Contact your system administrator  to make sure the client and server times are in sync, and that the KDC in realm domain.LOCAL is  in sync with the KDC in the client realm.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

In addition, all of our clients are getting the Event ID 29:
Event Type:      Error
Event Source:      W32Time
Event Category:      None
Event ID:      29
Date:            1/27/2008
Time:            10:49:41 AM
User:            N/A
Computer:      desktop20
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 959 minutes. NtpClient has no source of accurate time.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I'm thinking it's a time service problem. The Windows time service is started on the server. I've tried using the "net time" command on the clients but it didn't work.

Can anyone help?
ASKER CERTIFIED SOLUTION
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ipsbend
ipsbend

ASKER

Hi, Jeff. About the external source, I don't know much about them. I didn't see the one you mentioned on the MS site: http://support.microsoft.com/default.aspx/kb/q262680/. I was wondering if there is a particular reason why you use pool.ntp.org or is it just personal preference?

Thx!
The advantage of pool.ntp.org is that you are using a cluster of over 500 servers (if in North America -- over 900 in Europe, etc.) so you never have a problem getting a connection.  

You can read more about it here:  http://www.pool.ntp.org

Since I've switched the servers I manage to using these I never have a problem at all with W32Time.

Jeff
TechSoEasy
Avatar of ipsbend

ASKER

One thing I will add to this: We had a GPO on the server that was overriding some of this configuration. Removing the settings from the GPO allowed this solution to work.