rstuemke
asked on
Users Cannot Log Onto Domain Due To Time Restrictions Error - The Error Is False
Hello,
We have recently, since Daylight Savings Time happened, had several users, which suddenly cannot log in during their assign login time... typically 07:00am to 07:00pm. Login times assigned to Active Directory.
Global Policy is set to activate NTP Client and get time from tick.usno.navy.mil. Time in all domain controllers and PCs are correct. The odd thing is that it did not happen at the time change, but has manifested itself late last week and this week. Never been a problem before. Have check the PCS and the DAYLIGHT SAVINGS TIME box is checked. Very Odd. Any ideas? Please advise.
PDC is Windows 2003 Server R2
several BDCs are Windows 2008 Server, one is R2.
PCs all running XP Pro SP3 with current corrections
We have recently, since Daylight Savings Time happened, had several users, which suddenly cannot log in during their assign login time... typically 07:00am to 07:00pm. Login times assigned to Active Directory.
Global Policy is set to activate NTP Client and get time from tick.usno.navy.mil. Time in all domain controllers and PCs are correct. The odd thing is that it did not happen at the time change, but has manifested itself late last week and this week. Never been a problem before. Have check the PCS and the DAYLIGHT SAVINGS TIME box is checked. Very Odd. Any ideas? Please advise.
PDC is Windows 2003 Server R2
several BDCs are Windows 2008 Server, one is R2.
PCs all running XP Pro SP3 with current corrections
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Time, time zone & daylight savings are all set the same on your PCs and AD server(s)?
ASKER
I have set the GP setting to require login to require Domain Controller Authorization, as a test, to see what happens.
As far as getting time from PDC, how do I make the PDC get time from Naval Observatory, other than a script such as: net time /setsntp:tick.usno.navy.mi
By disabling NTP settings in GP, that should return the PCs to getting time from Domain?
All the PCs and Servers I have checked are identical in time.....
As far as getting time from PDC, how do I make the PDC get time from Naval Observatory, other than a script such as: net time /setsntp:tick.usno.navy.mi
By disabling NTP settings in GP, that should return the PCs to getting time from Domain?
All the PCs and Servers I have checked are identical in time.....
You can import this registry key on your PDC which will configure your time settings correctly.
https://www.experts-exchange.com/questions/23630502/Authoritative-Time-Server.html
On the GPO you should remove it then the client should start to sync with the PDC. You can force it by running w32tm /resync /rediscover on clients.
https://www.experts-exchange.com/questions/23630502/Authoritative-Time-Server.html
On the GPO you should remove it then the client should start to sync with the PDC. You can force it by running w32tm /resync /rediscover on clients.
ASKER
ok. Have ran the registry settings. Here are my GP settings.
ENABLE NTP CLIENT - ENABLED
CONFIGURE WINDOWS NTP CLIENT - ENABLED
ENABLE WINDOWS NTP SERVER - ENABLED
Should I set all to NOT CONFIGURED?
ENABLE NTP CLIENT - ENABLED
CONFIGURE WINDOWS NTP CLIENT - ENABLED
ENABLE WINDOWS NTP SERVER - ENABLED
Should I set all to NOT CONFIGURED?
Correct.
ASKER
tried "w32tm /resync /rediscover" on client and access was denied. All users are restricted. Suggestions?
Open command prompt As Administrator and try running it?
Make sure the gpo has been refreshed.
ASKER
have done gpupdate /force for all the clients.
Runing as admin ran the W32TM command
Ok.... will let it set and see what happens over the next couple of days. Will update early next week. Thanks.
Runing as admin ran the W32TM command
Ok.... will let it set and see what happens over the next couple of days. Will update early next week. Thanks.
ASKER
Thanks. Fixed the problems.