Kerberos Client Received A Krb_ap_err_tkt_nyv Error From The
Microsoft Tech Companion App Microsoft Technical Communities Microsoft Virtual Academy Script Center Server and Tools Blogs TechNet Blogs TechNet Flash Newsletter TechNet Gallery event id 5 security kerberos TechNet Library TechNet Magazine TechNet Subscriptions TechNet Video TechNet Wiki Windows
Net Time /set /yes
Sysinternals Virtual Labs Solutions Networking Cloud and Datacenter Security Virtualization Downloads Updates Service Packs Security Bulletins Windows kdc Update Trials Windows Server 2016 System Center 2016 Windows 10 Enterprise SQL Server 2016 See all trials » Related Sites Microsoft Download Center TechNet Evaluation Center Drivers Windows Sysinternals TechNet Gallery Training Training Expert-led, virtual classes Training Catalog Class Locator Microsoft Virtual Academy Free Windows Server 2012 courses Free Windows 8 courses SQL Server training Microsoft Official Courses On-Demand Certifications Certification overview MCSA: Windows 10 Windows Server Certification (MCSE) Private Cloud Certification (MCSE) SQL Server Certification (MCSE) Other resources TechNet Events Second shot for certification Born To Learn blog Find technical communities in your area Support Support options For business For developers For IT professionals For technical support Support offerings More support Microsoft Premier Online TechNet Forums MSDN Forums Security Bulletins & Advisories Not an IT pro? Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Home Windows Server 2012 R2 Windows Server 2008 R2 Library Forums We’re sorry. The content you requested has been removed. You’ll be auto redirected in 1 second. Kerberos Kerberos Client Kerberos Client Configuration Kerberos Client Configuration Event ID 5 Event ID 5 Event ID 5 Event ID 4 Event ID 5 Event ID 10 TOC Collapse the table of content Expand the table of content This documentation is archived and is not being maintained. This documentation is archived and is not being maintained. Event ID 5 — Kerberos Client Configuration Updated: December 16, 2008Applies To: Windows Server 2008 R2 If the client computers are joined to an Active Directory domain, the Kerberos client is configured to request
Server Complains About a Time Difference - Some Logons and Services Fail You are being told by users, staff, and network admins that services and/or logons are failing to authenticate. When you look in the System Event Log, you see entries such as those below. Event Type:Error Event Source:Kerberos Event Category:None Event ID:5 Date:3/16/2013 Time:9:25:40 AM User:N/A Computer:INFMAIL06 Description: The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server host/COMPANYXdc02.COMPANYX.EXAMPLE.local. This indicates that the ticket used against that server is not yet valid (in relationship https://technet.microsoft.com/en-us/library/dd363871(v=ws.10).aspx to that server time). Contact your system administrator to make sure the client and server times are in sync, and that the KDC in realm COMPANYX.EXAMPLE.LOCAL is in sync with the KDC in the client realm. Event Type:Warning Event Source:LSASRV Event Category:SPNEGO (Negotiator) Event ID:40960 Date:3/16/2013 Time:9:10:31 AM User:N/A Computer:INFMAIL06 Description: The Security System detected an authentication error for the server https://www.puryear-it.com/your-windows-server-complains-about-a-time-difference-some-logons-and-services-fail ldap/COMPANYXDC03.COMPANYX.EXAMPLE.local. The failure code from authentication protocol Kerberos was "The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount. (0xc0000133)". Solution The network time is most probably off somehow. Here's the tricky bit, it may not be off in a way you think. The first thing to do is to compile a list of DCs and member servers and run net time on them: C:> for %a in (dc1 dc2 exchange1 exchange2) do net time \%a >> out.txt All of the times should match within a few seconds of one another. If not, you hvae a network time issue. Your AD PDC is the authorative time source. Start debugging there. Let's say that your network time appears correct however. Now what? I've seen an instance where an upgrade of a Windows 2003 to Windows 2008 R2 server has corrupted the timezone setting. In that case, reset the TZ. Open the system clock. Notice that the TZ setting isn't just wrong, but invalid. Set the correct TZ.
to find and is typical. The time on this DC was several years behind. I know, not really common to have such a time shift, but the https://spali.ch/active-directory-dc-authenticate-replicate/ symptoms were clear. So this was fixed very quickly. Event: Log Name: System Source: Microsoft-Windows-Security-Kerberos Date: 16.12.2013 00:59:36 Event ID: 5 Task Category: None Level: Error Keywords: Classic User: N/A Computer: