BSA/TSSA - Actual error from domain authentication: Clock skew too great (37)

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    TrueSight Server Automation


    COMPONENT:

    TrueSight Server Automation


    APPLIES TO:

    TrueSight Server Automation



    PROBLEM:

     

    Users are unable to connect to the Truesight Server Automation (TSSA) Application Server with a "User authentication failed" error when using Domain Authentication method

    Active Directory authentication is properly configured and it was working previously with no obvious changes made to the environment.

    The follow warnings appear in the TSSA appserver log file:

    [Authentication-Service-Thread-0] [WARN] [::XX.XX.XX.XX] [Appserver] username@domain.name cannot login, caught a login exception
    [Authentication-Service-Thread-0] [WARN] [::XX.XX.XX.XX] [Appserver] Authentication method in use is Domain Authentication.
    [Authentication-Service-Thread-0] [WARN] [::XX.XX.XX.XX] [Appserver] Actual error from domain authentication: Clock skew too great (37)

      

     

     


    SOLUTION:

     

    The time difference between the TSSA Application Server and the Key Distribution Center (KDC) (or ActiveDirectory domain controller) is too great.
    Normally, the time difference should be no great than 5 minutes. Use a time server to synchronize the servers or adjust the time manually to be closer in sync..

      
    Related Products:  
       
    1. BMC BladeLogic Server Automation Suite

     


    Article Number:

    000046542


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles