Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Date Change killed AD 1

Status
Not open for further replies.
NatRH

NatRH

IS-IT--Management
Sep 24, 2002
4
US
Greetings,

Had a situation where my time server set the date on my Domain Controller back by 1 year. After resetting the date, my secondary domain controller quit replicating.

The issue I'm really concerned about is that all my domain members can no longer see the DC by UNC. Typing \\domainController gives me an error about not sufficient permissions. Also my domain printers quit working.

Logins appear to work right now, but accessing the UNC share or browsing the network fails.

Any ideas?
 
Sort by date Sort by votes
Windows AD is very time sensitive. When the DCs were out of sync with each other they stopped talking to each other.

You will probably need to do a full network restart to get everything working again.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
Because the DC's quit talking, would that affect network printing if the printers are shared from the main DC?

Also, I cannot understand why the \\DomainController function is not working, which appears to be the issue with the printers also.

Thanks for the help.
 
Upvote 0 Downvote
All network services rely on machines being within a few minutes of each other time wise. If they are not then services will begin to fail.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
mrdenny is correct. The KDC service relies heavily on the time. There is a also a kerberos threshold that can be set in GPO to limit the time difference in authentication.
 
Upvote 0 Downvote
Thanks for everyone's help.

I added the registry entry to allow the secondary DC to replicate again. Once replication was successful I rebooted every device in two facilities.

After about 6 hours of monitoring, it appears like everything is back to normal.

That was quite a scare and will most certainly cause a fine tuning of my AD disaster recovery skills.

Happy Weekend!

 
Upvote 0 Downvote
Thanks.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
626
suncit
suncit
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
255
DrB0b
DrB0b
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
414
DTGMI
DTGMI
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
864
gbaughma
gbaughma
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
201
on3mansh0w
on3mansh0w

Part and Inventory Search

Sponsor

Back
Top