[on behalf fo Rodney]
Hi Team,
We're using VSJ 3.3 in a web application (on Tomcat). During SSO with AD, users sometimes are not able to login and the error found in Tomcat STDOUT is :
{ERROR} av.AuthenticatorValidatorBase Thread [http-8080-Processor24]; Rejected AP-REQ because timestamp (1314873940000) is 324056 ms old (max skew = 300000)
++++ KRB-AP-REQ Message ++++
encryption type: 23 (DECRYPTED OK)
ap options: mutual-required
Ticket:
encryption type: 23
service principal:HTTP/service-account@domain.com
client:username@domain.com
subkey: [23, 4 be cc e0 b9 ef b0 a8 68 9f 2e 93 c8 31 3a 9 ]
client time: Thu Sep 01 03:45:40 PDT 2011
cusec: 394
sequence number: 1253074037
++++++++++++++++++++++++++++
We have confirmed that the DC and the app server time is in sync when the issue occurs.
Any ideas?
Thanks in advance!
Rodney