|
Posted by S. Pidgorny on November 13, 2005, 2:34 am
If you were Registered and logged in, you could reply and use other advanced thread options
The easies way is to make sure domain time synchronisation actually works.
You need to inspect the clients' logs to see if there are entries from the
time service and run series of tests to make sure both NTP and CIFS time
synchronisation is functional.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
>I have a domain that i have inherited, the security logs are full of
>failures
> due to kerberos time skew. i think i have been able to reset the secure
> channel between the 2 domain controllers, i have also set up the pdc as
> the
> time server for the rest of the domain. some of the patched computers
> have
> synced with the time server as far as time and as far as being trusted
> members of the domain but many have not. also alot of userenv code 1000
> errors on the broken clients. whats the easiest way to fix this? i have
> seen
> this before ( not here) and found the only way to fix was to unjoin and
> rejoin the domain but for nearly 100 clients that would not be fun.
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 673
> Date: 11/10/2005
> Time: 5:53:08 PM
> User: NT AUTHORITY\SYSTEM
> Computer: WESLEY01DC02
> Description:
> Service Ticket Request:
> User Name:
> User Domain:
> Service Name:
> Service ID: -
> Ticket Options: 0x40800000
> Ticket Encryption Type: -
> Client Address: 172.16.100.254
> Failure Code: 0x25
> Logon GUID: -
> Transited Services: -
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
| 
XML site map