Event Log message received: "Message: Clock skew too great"

book

Article ID: 165739

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

When the ProxySG tries to access the Internet, it prompts an Appliance Error (internal_error):


2. The Event Logs shows a lot of entry such as below:

2012-10-18 18:59:37-04:00EDT  "[LwKrb5GetTgtImpl /home/service-releng/p4/scorpius/sg_6_3/src/security/likewise/lwadvapi/threaded/krbtgt.c:262] KRB5 Error code: -1765328347 (Message: Clock skew too great)"  0 250034:1   sg_syslog.cpp:78
2012-10-18 18:59:37-04:00EDT  "[LsaSrvAuthenticateUserEx() /home/service-releng/p4/scorpius/sg_6_3/src/security/likewise/lsass/server/api/auth.c:337] Failed to authenticate user (name = 'logmeinsvc') -> error = 40087, symbol = LW_ERROR_CLOCK_SKEW, client pid = 0"  0 250034:1   sg_syslog.cpp:78
2012-10-18 18:59:37-04:00EDT  "[LwKrb5GetTgtImpl /home/service-releng/p4/scorpius/sg_6_3/src/security/likewise/lwadvapi/threaded/krbtgt.c:262] KRB5 Error code: -1765328347 (Message: Clock skew too great)"  0 250034:1   sg_syslog.cpp:78
2012-10-18 18:59:37-04:00EDT  "[LsaSrvAuthenticateUserEx() /home/service-releng/p4/scorpius/sg_6_3/src/security/likewise/lsass/server/api/auth.c:337] Failed to authenticate user (name = 'logmeinsvc') -> error = 40087, symbol = LW_ERROR_CLOCK_SKEW, client pid = 0"  0 250034:1   sg_syslog.cpp:78
2012-10-18 18:59:39-04:00EDT  "General error communicating with Active Directory."  28 3B0003:1   pe_policy_action_auth_internal.cpp:646
2012-10-18 18:59:52-04:00EDT  "General error communicating with Active Directory."  28 3B0003:1   pe_policy_action_auth_internal.cpp:646
2012-10-18 18:59:52-04:00EDT  "General error communicating with Active Directory."  28 3B0003:1   pe_policy_action_auth_internal.cpp:646

 

Resolution

   Check and see if the ProxySG appliance's clock has the correct current time, and matches the time of the Active Directory. Follow these steps:

  1. Management Console > Configuration > Clock.
  2. Click on Acquire UTC time.
  3. Verify the time of day.

Notes

  • If Enable NTP is not checked, check and enable it. If for some reason the customer does not want to enable the NTP service,  manually change the time and date to match the current time and date.

  • If you need help on "How to configure IWA direct on SGOS 6.3", please refer to 000011341. 

 

 

 

 

 

 

Attachments