![]() ![]() In addition to Kerberos issues, you want time on the member servers to be in sync for practical purposes. ![]() Although the default time sync tolerance of 5 minutes is typically left in place, this can be customized if required using Group Policy. This is a security mechanism to prevent replay attacks. If the time on a member server is more than 5 minutes different than the domain controller, Kerberos will fail all authentication requests from that server. The most significant issue is authentication and access issues due to Kerberos failing. ![]() When time among the devices in a domain is out of sync, various problems can occur. In this post, we'll look at the impact of time being out of sync, how to configure time sync correctly, and how to troubleshoot when things go wrong. Time synchronization is an important part of any Active Directory domain. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |