"The time at the Primary Domain Controller is different than the time at the Backup Domain Controlle

  1. Spin

    Spin Guest


    Running Windows Server 2003 Active Directory. Once in a while, I will see a
    message in the event log similar to the following:

    "The Security System detected an authentication error for the server
    ldap/DC01.mycomp.com. The failure code from authentication protocol
    Kerberos was "The time at the Primary Domain Controller is different than
    the time at the Backup Domain Controller or member server by too large an

    I also see messages like this:

    "The time service detected a time difference of greater than 5000
    milliseconds for 900 seconds. The time difference might be caused by
    synchronization with low-accuracy time sources or by suboptimal network
    conditions. The time service is no longer synchronized and cannot provide
    the time to other clients or update the system clock. When a valid time
    stamp is received from a time service provider, the time service will
    correct itself"

    Now this perplexes me, because when I look at the clocks on both systems,
    they are the same, not even a second off. Anyone seen this before?
    Spin, Dec 6, 2008
  2. Hello Spin,

    I would check replication between the DC's. Is a firewall between them which
    blocks port 123 UDP?

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], Dec 6, 2008
  3. Spin

    Paul Bergson Guest

    Check to make sure the time zones are properly setup. This is usually the
    issue. You see they both say 12:00 pm but what happened is (For example)
    one is Central and one is Pacific, so in actuality they are 2 hours off.
    Paul Bergson, Dec 8, 2008
