I'm not finding anything with that message - is that the exact error you
are receiving? If not, what is the exact text of the error message?
In Windows 2000, Kerberos requires that the times be synchronized within 5
minutes. By default, all workstations will have their Windows Time
registry Type set to Nt5Ds (as outlined in kb 223184) so that they
synchronize with their authenticating DC. Is the time between these
machines within 5 minutes of one another? Check the time zone, date and
time.
I'd like to back up for a moment, though, since I'm not sure of the process
you used when your DC crashed.
Which DC failed? I assume the DC that held the FSMO roles crashed since
you seized the roles - is that correct? Did you perform a metadata cleanup
on the remaining DC to remove the information about the machine that
crashed per kb 216498?
Here is what should have happened:
The DC with the FSMO roles crashed.
1. You seize the FSMO roles to the remaining DC since the original DC is
not online and is not coming back (i.e. you're going to rebuild that box or
replace it with another box). Seizing recreates the FSMO roles from
scratch.
2. You then promote another server to become an additional domain
controller in the existing domain.
3. You transfer (not seize) the FSMO roles to the new DC since the FSMO
role holder is available.
Please provide a more clear picture of what took place - provide DC names
(or use DC 1, DC2 and DC3 in place of their real names) so it is easier to
follow what happened.
David Pharr, (e-mail address removed)
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Darshan Diora" <
[email protected]>
| Subject: Server & client clock does not match
| Date: Thu, 1 Jan 2004 18:49:59 +0530
| Lines: 12
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
| Message-ID: <
[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 203.199.117.125
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:60988
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| hi,
| I had a DC and an Additional DC. my DC failed and so i had to add a
new
| DC as an addional DC. i want this DC to be my main DC, so i seized all
roles
| from it. i set the correct time on this new DC, but than when any other
| machine try to login the domain i receive the error "Server and client
clock
| dosen't match" i cannot log onto my new DC also giving me same error, i
had
| restarted the DC but still same error, what should be done.
|
| Regards
| Darshan Diora
|
|
|
