Kerberos error: Clock skew too great while getting initial credentials

What is Clock screw? “Clock skew is a phenomenon in synchronous digital circuit systems in which the same sourced clock signal arrives at different components at different times. The instantaneous difference between the readings of any two clocks is called their skew” Src: Wikipedia.

The screenshoot below shows that the Ansible server is actually not in sync with the Domain controller (DC).

This simply shows that devices are not in sync with the domain controller. The role responsible for this is the PDC Emulator. For more information on this, see https://techdirectarchive.com/2020/02/13/active-directory-flexible-single-master-operations-fsmo-roles/

The below shows a correct time set for the Ansible server

While the Domain controller has a great deviation in the time settings as shown below.

Solution: Set the right time on the Domain controller because Kerberos is time-sensitive.
– On the Server Manager,
– Select Local Server
– This will open up the Date and Time window
– Click on Change date and time.

For more details on post operating system installation, see https://techdirectarchive.com/2020/03/19/post-os-installation-configure-windows-server-2019-properties/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s