Search

GlobalSCAPE Knowledge Base

Using Single Sign On (SSO) to login to Mail Express triggers "Clock skew too great" error

Karla Marsh
Mail Express - DEPRECATED

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • Mail Express, v3.3 and later

SYMPTOM

Using Single Sign On (SSO) to log in to Mail Express triggers "Clock skew too great" error

RESOLUTION

Make sure the server running Mail Express and the Kerberos or Active Directory domain controller have synchronized clocks.

MORE INFORMATION

Clients can be prevented from authenticating by the mechanisms that Kerberos authentication uses to prevent "replay" attacks. In a replay attack, a malicious user captures the network traffic and replays it to trick the authenticating server into accepting the attacker as a legitimate user who is providing credentials. If this error occurs frequently for users in your system (and you know your network is not being attacked), you could change the value of the "Maximum tolerance for computer clock synchronization" to a higher value. Refer to the Microsoft Technet article Authentication Errors are Caused by Unsynchronized Clocks for more information.

Details
Last Modified: 11 Years Ago
Last Modified By: aacuna@globalscape.com
Type: ERRMSG
Article not rated yet.
Article has been viewed 17K times.
Options
Also In This Category
Tags