Windows Server

Kerberos error: Clock skew too great while getting initial credentials

What is Clock screw? “Clock skew is a phenomenon in synchronous digital circuit systems in which the same sourced clock signal arrives at different components at different times. The instantaneous difference between the readings of any two clocks is called their skew”. For a similar error, see Unspecified GSS failure, minor code may provide more information Clock skew too great when Connecting to Hive Server.

The screenshoot below shows that the Ansible server is actually not in sync with the Domain controller (DC).

This simply shows that devices are not in sync with the domain controller. The role responsible for this is the PDC Emulator. For more information on this, see https://techdirectarchive.com/2020/02/13/active-directory-flexible-single-master-operations-fsmo-roles/

The below shows a correct time set for the Ansible server

While the Domain controller has a great deviation in the time settings as shown below.

Solution: Set the right time on the Domain controller because Kerberos is time-sensitive.
– On the Server Manager,
– Select Local Server
– This will open up the Date and Time window
– Click on Change date and time.

For more details on post operating system installation, see https://techdirectarchive.com/2020/03/19/post-os-installation-configure-windows-server-2019-properties/

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Buy me a coffeeBuy me a coffee

Advertisements
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x