What problems might arise within a domain when the member servers are not properly time-sync'd? I'm aware that log entries are incorrect making troubleshooting more difficult in time-sensitive operations. But would there be other symptoms, perhaps between file servers, authentication and certificate servers, would manifest themselves?
Asked
Active
Viewed 269 times
2
-
1When you're talking about an AD domain: Kerberos tokens authentication tokens are only valid for 5 minutes IIRC. – HBruijn May 28 '15 at 19:54
2 Answers
5
Kerberos tickets granted for authentication are very time sensitive and the mechanism breaks down absent accurate time sync between clients, servers and ticket grantors.
uSlackr
- 6,412
- 21
- 37
-
2We've definitely had problems with "no logon servers available" type of exceptions on those servers I've found were not synchronized. – Robert Kerr May 28 '15 at 20:13
2
Many authentication protocols check for time skew. Kerberos (AD Auth) being a notable one.
jhenn
- 196
- 3