GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » NTP synchronization with the domain on Windows 2012 R2 (Kerio Connect NTP problem)
NTP synchronization with the domain on Windows 2012 R2 [message #130093] Wed, 01 June 2016 08:29 Go to next message
monkluk is currently offline  monkluk
Messages: 8
Registered: March 2016
Kerio Connect version 9. 0.4. User authentication takes place using Kerberos 5. The NTP service on a domain controller is configured correctly. At the moment the server time Kerio Connect rushes more than 300 seconds and users cannot authenticate with the error: Clock skew too great, error code 0x96c73a25 (-1765328347). Traffic between the controller and the Kerio is allowed.
Ask you suggest how can I correct this situation?

Report message to a moderator

Re: NTP synchronization with the domain on Windows 2012 R2 [message #130095 is a reply to message #130093] Wed, 01 June 2016 10:57 Go to previous messageGo to next message
Pavel Dobry (Kerio) is currently offline  Pavel Dobry (Kerio)
Messages: 2057
Registered: October 2003
Location: Czech Republic
If you are using VMware appliance, make sure that the clock of guest system is synchronised with vSphere host system. Otherwise configure your operating system to sync time with NTP (eg. https://wiki.debian.org/NTP)

Knowledge Base: http://manuals.gfi.com/en/kerio/home/Content/Home.htm.

Report message to a moderator

Re: NTP synchronization with the domain on Windows 2012 R2 [message #130096 is a reply to message #130095] Wed, 01 June 2016 11:12 Go to previous messageGo to next message
monkluk is currently offline  monkluk
Messages: 8
Registered: March 2016
Thank you so much. Your advice has helped. He did not do so earlier because he was not sure that VMtools guest mode can run synchronization.

Report message to a moderator

Re: NTP synchronization with the domain on Windows 2012 R2 [message #130099 is a reply to message #130093] Wed, 01 June 2016 15:02 Go to previous message
Maerad is currently offline  Maerad
Messages: 275
Registered: August 2013
Basic rule is, that you disable any kind of time sync if using kerberos/AD/LDAP in a virtualized enviroment. Even if the host has the right time, there could be a difference and the pc's sync their time with the domain controllers anyway.

I had to learn that the hard way too Smile

Report message to a moderator

Previous Topic: CardDAV Performance
Next Topic: import ssl certificate
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Mar 24 19:55:12 CET 2023

Total time taken to generate the page: 0.01769 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software