Hi,
I have a strange problem I was hoping somebody could help with.
A few days ago one of my 2 DCs died taking with it DNS and all fsmo roles. I
had to build a new server, seize the roles using "ntdsutil" and create a new
AD integrated DNS server on the new server. Not the best solution but all
seemed to go well.
The only problem I seem to be having is related to time - SOME clients when
loging in receive an error stating that "There is a time difference between
the client and server" and can't login. All that is required to allow these
client login is to stop and restart the KDC on the new PDC emulator then
they can immediatly logon. Using "w32tm -once" I can see there is no time
difference between the client and the server!
What is strange is, on the new DC, sometime after all clients have logged
off for the evening, the server will start to report Error 1000 (Userenv)
every 5 minutes. The text of the log is "Windows cannot determine the user
or computer name. Return value (1398)." But the following morning I will
have to restart the KDC to allow the few clients that receive the time
difference error to logon (Note this only effects some clients). Then I
won't see this error until that evening again.
EventID.net has a suggestion to resync the client but this is not a client
side issue I don't beleive (Maybe I'm wrong - I was wrong once before). I
tried the suggestion anyway but this did not solve the problem. I have
tested the DC's connection to the external ntp a number of times
successfully.
I haven't been able to find any sites with info about the specific Return
value 1398 except the small bit as mentioned on EventID.
Netdiag and DCDIAG on the new dc pass all tests.
Any ideas appreciated
Thanks
|
Similar Threads
Linear Mode
