When running Windows 2000, you may very often see a message in the Event Viewer indicating a problem with time synchronization (W32Time). It's much more important than most people realize to have the time set correctly. The database foundation relies on accurate time references to perform many different tasks.
Windows 2000 machines that belong to an Active Directory domain, sync time from the PDC emulator for their domain. The PDC emulator of a child domain syncs with the PDC emulator of its parent domain. If this is the root of the forest, the PDC emulator should be set to synchronize with an external NTP server. There are many public servers that may be used or a private server an be set up.
See http://www.eecis.udel.edu/~mills/ntp/servers.html for a list of public servers.
Once you select a couple of servers, use the command:
"net time /setsntp:server1 server2 server3" where servername syntax can be IP or FQDN, to set it up for synchronization.
Specifying multiple servers provides redundancy.
Then issue the command net time /sync to force to force an immediate sync. This will provide a stable time environment and prevent problems accessing AD objects.
Timing is important in Kerberos because it uses a time stamping system to eliminate Windows NT replay attack. If the time or date is not synchronized between your computer and the domain to which you are attempting to log on, the following error message will occur:
The system cannot log you on due to the following error: There is a time difference between the Client and Server. Please try again or consult your system administrator.
This was first published in April 2001