10-06-2010 05:13 AM - edited 03-10-2019 05:28 PM
Hello,
I am adding active directory to my acs5.0 and i got this error "clock skew error"
My ACS has the same time with the active directory and same timezone GMT+3.
thanks
10-06-2010 05:20 AM
Hi,
Since you are not able to get the Ad connection to work with the ACS 5.0 and getting "clock skew error". ACS and AD must be time-synchronized to within 5 minutes. Time in ACS is set according to the Network Time Protocol (NTP) server. Both AD and ACS should be synchronized by the same NTP server. Using the command line interface on your appliance, you must configure the NTP client to work with the same NTP server that the AD domain is synchronized with. Here is the complete command reference guide. CLI Reference Guide for the Cisco Secure Access Control System 5.0: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/command/re
ference/ACS_CLI_guide.html Here are some commands highlighted for setting the time up. ntp server: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/command/re
ference/CLIappA.html#wp1013780 clock timezone: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/command/re
ference/CLIappA.html#wp1013028 You can run the following commands to verify the time. show clock:To display the day, month, date, time, time zone, and year of the system software clock show ntp :To show the status of the Network Time Protocol (NTP) associations show timezone: To display the time zone as set on the systemYou can refer to the link below to setup the AD connection. Microsoft Active Directory: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/user/guide
/users_id_stores.html#wp1053213
thanks,
Vinay
10-06-2010 06:14 AM
Hello,
Still clock skew problem. same time. acs timezone is UTC and windows server 2008 is UTC + 3 both have the same ntp server configure, of course same time.
What might be the additional workaround for this?
thank you and best regards
10-06-2010 06:31 AM
It seems to be turns out that due to DST. Check the ACS timezone is it EST (show timezones display EST5EDT) and AD timezone is Eastern? So is the timezones matches?
See below: http://www.travelmath.com/time-zone/EST5EDT#
10-06-2010 11:59 PM
Hello,
I will try this timezone this coming thursday, Maybe timezone problem.
thanks
10-07-2010 12:25 AM
Hi Vinashar
My options in my active directory is using UTC, so I use UTC + 3 timezone. How can i adjust my ACS to UTC+3 timezone of my active directory. I tried GMT+3 in my ACS and UTC+3 in my active directory and still clock skew error..
thanks
10-07-2010 12:37 AM
Hi,
Lets try the following command and see if it fixes it.
http://www.worldtimeserver.com/convert_time_in_UTC.aspx
Thanks,
Vinay
10-09-2010 04:13 AM
hi vinashar,
just try again if i can add the active directory and still clock skew problem. The timezone of my Active directory is UTC+3 and my ACS is GMT+3. Of course, I have the same time.
10-21-2010 05:20 AM
Guys, I had the exact same issue. In order to solve it, I removed the NTP configuration from my ACS (my AD is not using NTP) and adjusted it manually until I get the difference between them of 3 seconds. I configured the same timezone on both sides, but I cannot guarantee that it's required.
Let me know if that works for you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide