Sometimes when joining a machine to a new domain, you might get an error saying "The time on your machine does not match with the network time". On getting this error while logging in, the machine will not allow you to log in to the domain. I just got this error today when setting up a new virtual machine for the environment.
The basic issue here is that the time on the machine is not automatically synched with the time on the domain controller. (Not sure why this matters, great if somebody can clarify).
But anyways, to resolve this problem, simply login as a local account and sync the time with the domain controller using the Net time command.
To do this, goto the command prompt and run the following -
NET TIME /domain:mydomainname /SET /Y
This will synchronize the machine time to that of the domain controller. After doing this, you can simply log off and log on again with the domain user.
Time matters when logging into a Windows domain as Kerberos authentication uses time sensitive tickets to ensure that a security breach can't be achieved by someone sniffing the network, picking up credentials/other data and decrypting them at their leisure.
It's all a bit more complicated than that oversimplified, and slightly wrong (!?) explanation, but that's the jist of it.
A slightly less-relevant counter-question to u: Do u know how to ensure that your virtual machine timer is always keep correct time w.r.t to the host OS? I use VMWare to create my virtual machines. What about u?
I fixed by just changing the local clock to the server time manually. I was off by a day, that's what caused the error.
Hi Raunchy Guitarist,
You can ensure that your virtual machines' times are always correct wrt the host time by enabling the "Time synchronization between the virtual machine and the host operating system" checkbox on the "Options" tab of the "VMware tools properties" window.
This might depend on your VMware version BTW, mine's Workstation 7.0