SharkNorris
asked on
Certain iMac's now can't log in to mixed environment
Hi,
I have recently inherited a client that has a mixed environment.
They have 2 locations connected by a IPSEC VPN.
2 IBM Windows Server 2008 r2 mirrored in each location with six 2008+ iMac's in one location and 4 in the other.
In each of the locations we cannot log onto the network on 2 machines. We can log on using local admin accounts; access the internet and low security shared resources. I can even log in via remote desktop to the servers.
I found that the clocks on the iMac's are about 5-6 minutes slower than the server. Looking at this I thought this possibly was the cause with Active Directory not authenticating the machines.
I have looked at the servers time server and it is time.microsoft.com and when I try to amend the ntp.conf file on the iMac's to represent this and have them sync up nothing changes.
I have been working on this for a few days and am really banging my head against a wall now.
Any ideas would be greatly appreciated.
I have recently inherited a client that has a mixed environment.
They have 2 locations connected by a IPSEC VPN.
2 IBM Windows Server 2008 r2 mirrored in each location with six 2008+ iMac's in one location and 4 in the other.
In each of the locations we cannot log onto the network on 2 machines. We can log on using local admin accounts; access the internet and low security shared resources. I can even log in via remote desktop to the servers.
I found that the clocks on the iMac's are about 5-6 minutes slower than the server. Looking at this I thought this possibly was the cause with Active Directory not authenticating the machines.
I have looked at the servers time server and it is time.microsoft.com and when I try to amend the ntp.conf file on the iMac's to represent this and have them sync up nothing changes.
I have been working on this for a few days and am really banging my head against a wall now.
Any ideas would be greatly appreciated.
strung
By "nothing changes", do you mean that the Macs' clocks are still 5 - 6 minutes slow, or do you mean that the Macs' clocks now show the same time as the servers' but you still can't log in?
Alternatively, is the server clock wrong? 5 to 6 minutes is a lot. It ought to be easy to tell whether the clocks on the servers or the Macs are wrong.
ASKER
Nothing changes in that the clocks are still slower than the server and logging on to the network is still not possible from those machines
I have tried the method found on http://www.macinstruct.com/node/92 with no luck.
Now I am wondering if the server time is off; but then the other 9 or so machines are fine...
I have tried the method found on http://www.macinstruct.com/node/92 with no luck.
Now I am wondering if the server time is off; but then the other 9 or so machines are fine...
My guess is the sever is off. The other 9 machines may be picking up their time from the server. You can set PC's to pick up their time from the server.
Should be easy to tell which is right. Compare the time to the time on your smart phone.
Should be easy to tell which is right. Compare the time to the time on your smart phone.
If your server is set up as in this KB: http://support.microsoft.com/kb/816042 then your Windows computers are probably picking up their time by sync with the server, whereas the Macs are synching with the Apple Time Server. If your server's time is wrong, then that would account for your problem.
The link in the previous message will tell you how to sync the server to an external time server.
ASKER
I'll report back when on-site tomorrow with more info or hopefully a "hoorah!" and its working.
Thanks for the help strung.
Thanks for the help strung.
ASKER
Also I must not have been clear enough, the only Windows environments on the network are the two mirrored servers - otherwise its all iMac's. Some work, and some do not.
Are your Windows servers running NTP server? They should be. If yes, try using them as the NTP server for the Macs and run two tests:
1. use the Windows server's IP address.
2. use the Windows server's FQDN.
1. use the Windows server's IP address.
2. use the Windows server's FQDN.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The suggestions of other people were unsuccessful but further testing myself resolved the issue.