I'm by no means an expert in this subject matter of MRxSMB, but I'll try to
assist you to the best of my ability.
Here's what I've found:
<><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*** Problem Description ***
When adding a second Windows 2000 DC to an existing domain the following
error may
be noted at random: "The system cannot log you on due to the following
error: there
is a time difference between the client and server."
In addition, an Event 3034 may be logged in the event log that reads:
The redirector was unable to initialize security context or query context
attributes. The data section of this error is as follows:
0000: 00080000 00560002 00000000 80000bda
0010: 00000000 c0000133 00000000 00000000
0020: 00000000 00000000 00000468 c0000133
<><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*** Resolution ***
This problem may occur if the Kerberos Policy called "Maximum Tolerance for
Computer Clock Syncronization" is missing. This policy can be found in the
following location:
AD Users and Computers / Domain Controllers. Right-click "Domain
Controllers" and
select properties. Go to the group policy Tab. Choose the policy called
"Default
Domain Controller Policy" and then click on "Edit". [P.S. Kerberos policy is
in the
Default domain policy and not Default Domain Controller policy]
Expand "Computer Configuration" / Windows Settings / Security Settings /
Account
Policy / Kerberos Policy. There should be a policy called "Maximum Tolerance
for
Computer Clock Syncronization" which is set to 5 minutes by default. If this
is
missing then it must be recreated.
Although we cannot confirm this to be true, thoughts are that this entry can
potentially be
removed by one of the Nimda Virus variants as a previous customer reported
having this virus.
He tried to cleanup the machine, but did not rebuild it.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><>
--
Hope this helps,
Mike Rosado
Windows 2000 MCSE + MCDBA
Microsoft Enterprise Platform Support
Windows NT/2000/2003 Cluster Technologies
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
<
http://www.microsoft.com/info/cpyright.htm>
-----Original Message-----