We help IT Professionals succeed at work.
Get Started

Changing AD NTP time source and potential Kerberos authentication problems

sagdoc
sagdoc asked
on
1,401 Views
Last Modified: 2015-01-09
I have an AD 2008 domain and am in the process of setting up a reliable outside time source (the domain was originally setup without one, other than using the default PDC).  As of now, all servers and workstations are synced to the PDC.  My intent is to modify the Default Domain Controllers policy to include the following Windows Time service settings:
NTP Server – (outside time source FQDN)
Type – NTP

There are other settings but you get the idea.  This should sync all of my DC’s in the domain with the settings in the NTP Server.  Additionally I was going to create a GPO at the default domain level and set the Type to NT5DS which uses the domain hierarchy (I know this is the default for workstations and servers in the domain but doing this should guarantee it).

I have one big concern before I do this, however.  Currently the domain PDC is about 13 minutes off of the reliable time source.  Once I change the Default Domain to pull the time from the ‘Stratum device’ all of my servers and workstations will be off by 13 minutes.  Is this going to cause Kerberos V5 authentication problems with all
of my applications?  

If I temporarily change the following GPO setting “Maximum tolerance for
computer clock synchronization” from the current 5 minutes to say 15 minutes before I make Time service settings, will this resolve the Kerberos authentication problems until everything eventually syncs up?

Thanks
Comment
Watch Question
Commented:
This problem has been solved!
Unlock 1 Answer and 8 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE