Clock skew too great or time difference at domain controller

Error message

Clock skew too great (37) - Identifier does not match expected value (906)
Error joining domain: T2007.SLC.REVINETIX.COM Failed to join domain: Time difference at domain controller Correct the time differences and try again.

Error description

The time difference between the domain controller and the CFA is too great.

Steps to resolve

To resolve the issue, make sure the time and date on the domain controller and on the CFA are the same.

  1. Identify the IP address of the domain controller that the CFA is a member of.

  2. Connect via SSH, and run the following commands:

    service ntpd stop
    ntpdate <IP_ADDRESS of the domain controller>
    service ntpd start
    

Settings > Networking > Active Directory should either show it joined or allow joining at this point.

Error joining the domain

Error message

Error joining domain: XXX has no support for encryption type (14) - XXX has no support for encryption type (14) - Identifier does not match expected value (906)

Error description

You see the following error when attempting to log into the Active Directory under Settings > Networking > Active Directory.

Steps to resolve

  1. On the Active Directory server, find the user that you are using to connect the CFA.

  2. Right-click the user, click Properties, click the Account tab, select Use Kerberos DES encryption for this account, and then click OK.

  3. Reset the password on the account.

    You can reset it to the same as it is set.