Users Cannot Log Onto Domain Due To Time Restrictions Error - The Error Is False

Hello,

We have recently, since Daylight Savings Time happened, had several users, which suddenly cannot log in during their assign login time... typically 07:00am to 07:00pm.  Login times assigned to Active Directory.
Global Policy is set to activate NTP Client and get time from tick.usno.navy.mil.   Time in all domain controllers and PCs are correct.   The odd thing is that it did not happen at the time change, but has manifested itself late last week and this week.  Never been a problem before.  Have check the PCS and the DAYLIGHT SAVINGS TIME box is checked.   Very Odd.  Any ideas?  Please advise.

PDC is Windows 2003 Server R2
several BDCs are Windows 2008 Server, one is R2.
PCs all running XP Pro SP3 with current corrections
rstuemkeAsked:
Who is Participating?
 
Darius GhassemConnect With a Mentor Commented:
Here is the thing your PDC should be dealing with your time. The clients should be getting time from the PDC and the PDC should be getting time from a external time source. Forcing the clients to get time from a external time source might be the cause of the problems.
0
 
richardcardinCommented:
Time, time zone & daylight savings are all set the same on your PCs and AD server(s)?
0
 
rstuemkeAuthor Commented:
I have set the GP setting to require login to require Domain Controller Authorization, as a test, to see what happens.  

As far as getting time from PDC, how do I make the PDC get time from Naval Observatory, other than a script such as:   net time /setsntp:tick.usno.navy.mil

By disabling NTP settings in GP, that should return the PCs to getting time from Domain?

All the PCs and Servers I have checked are identical in time.....
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Darius GhassemCommented:
You can import this registry key on your PDC which will configure your time settings correctly.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23630502.html

On the GPO you should remove it then the client should start to sync with the PDC. You can force it by running w32tm /resync /rediscover on clients.
0
 
rstuemkeAuthor Commented:
ok. Have ran the registry settings.   Here are my GP settings.

ENABLE NTP CLIENT - ENABLED
CONFIGURE WINDOWS NTP CLIENT - ENABLED
ENABLE WINDOWS NTP SERVER - ENABLED

Should I set all to NOT CONFIGURED?
0
 
Darius GhassemCommented:
Correct.
0
 
rstuemkeAuthor Commented:
tried "w32tm /resync /rediscover" on client and access was denied.   All users are restricted.  Suggestions?
0
 
richardcardinCommented:
Open command prompt As Administrator and try running it?
0
 
Darius GhassemCommented:
Make sure the gpo has been refreshed.
0
 
rstuemkeAuthor Commented:
have done gpupdate /force for all the clients.

Runing as admin ran the W32TM command

Ok.... will let it set and see what happens over the next couple of days.  Will update early next week.  Thanks.
0
 
rstuemkeAuthor Commented:
Thanks. Fixed the problems.
0
All Courses

From novice to tech pro — start learning today.