kerberos time skew

TheMSsForum.com: The Microsoft Software Forum

I have a domain that i have inherited, the security logs are full of failures
due to kerberos time skew. i think i have been able to reset the secure
channel between the 2 domain controllers, i have also set up the pdc as the
time server for the rest of the domain. some of the patched computers have
synced with the time server as far as time and as far as being trusted
members of the domain but many have not. also alot of userenv code 1000
errors on the broken clients. whats the easiest way to fix this? i have seen
this before ( not here) and found the only way to fix was to unjoin and
rejoin the domain but for nearly 100 clients that would not be fun.


Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 673
Date: 11/10/2005
Time: 5:53:08 PM
User: NT AUTHORITY\SYSTEM
Computer: WESLEY01DC02
Description:
Service Ticket Request:
User Name:
User Domain:
Service Name:
Service ID: -
Ticket Options: 0x40800000
Ticket Encryption Type: -
Client Address: 172.16.100.254
Failure Code: 0x25
Logon GUID: -
Transited Services: -


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Top

Re: kerberos time skew by S

S
Sun Nov 13 01:34:27 CST 2005

The easies way is to make sure domain time synchronisation actually works.
You need to inspect the clients' logs to see if there are entries from the
time service and run series of tests to make sure both NTP and CIFS time
synchronisation is functional.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"bill" <bill@discussions.microsoft.com> wrote in message
news:C58F1075-8788-4160-A618-9EC004ADA6E2@microsoft.com...
>I have a domain that i have inherited, the security logs are full of
>failures
> due to kerberos time skew. i think i have been able to reset the secure
> channel between the 2 domain controllers, i have also set up the pdc as
> the
> time server for the rest of the domain. some of the patched computers
> have
> synced with the time server as far as time and as far as being trusted
> members of the domain but many have not. also alot of userenv code 1000
> errors on the broken clients. whats the easiest way to fix this? i have
> seen
> this before ( not here) and found the only way to fix was to unjoin and
> rejoin the domain but for nearly 100 clients that would not be fun.
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 673
> Date: 11/10/2005
> Time: 5:53:08 PM
> User: NT AUTHORITY\SYSTEM
> Computer: WESLEY01DC02
> Description:
> Service Ticket Request:
> User Name:
> User Domain:
> Service Name:
> Service ID: -
> Ticket Options: 0x40800000
> Ticket Encryption Type: -
> Client Address: 172.16.100.254
> Failure Code: 0x25
> Logon GUID: -
> Transited Services: -
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>


Top