Wednesday, May 02, 2012

User can't login to domain because of time difference.

I saw this problem today. My User could not login to the DOMAIN because of time differences between the computer and the Domain Time.

Problem:  Privileged domain login fails with "There is a time and/or date difference between the client and server."

Cause:  This behavior can occur if the time or date is not synchronized between your computer and the domain to which you are attempting to log on. If the client computer's time or date is not synchronized with the authenticating domain controller, Kerberos validation does not succeed.

Option 1: Do not require Kerberos
  • On the server bring up Active Directory Users and Computers
  • Bring up the user that is having problems logging in. 
  • Go to the Account Tab
  • Go to Account Options and scroll down to the check box, "Do not require Kerberos preauthentication".
  • Check this box and Apply
  • The user should be able to login.

Option 2:  User the NET TIME command on the computer as local user with Admininister Privileges.

 NET TIME /DOMAIN:name /SET   (NET TIME /DOMAIN : name /SET .. no spaces)

C:\>net time
C:\>net time \\computername /DOMAIN:yourdomain /set
C:\>net time \\computername

REF:   KB232386

No comments: