"The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server host/xxx. This indicates that the ticket used against the server is not yet valid(in relationship to the server time)."
We had recently moved our time server to a new IP and these are the steps needed for the time sync:
1. Control station time: This is not critical for AD logins, but nonetheless, it can be set from 2 locations:
- From GUI: login as root to the control station, go to Manage Control stations , change the IP for the time server and save your settings.
- or, from command line: edit /etc/ntp.conf and /etc/ntp/step-tickers to have IP addresses of the ntp servers.
To see the current settings on the data mover:
server_date server_2 timesvc stats ntp
To change the time servers, following 2 steps are needed:
server_date ALL timesvc stop ntp
Update: (After I kept getting alerts regarding time sync from celerra, I realized that time sync only works with server_2 or primary data mover and server_3 has to be pointed to internal control station IP, so use the following steps.)
server_date server_2 timesvc start ntp enter_ip1 enter_ip2
server_date server_3 timesvc start ntp 18.104.22.168
(use the spaces between ip addresses if you have multiple hosts)
(and 22.214.171.124 is the standard internal IP for control station. Since server_3 can only reach that network, it would be good with that)
Give it a minute or so and you can check the new time using:
If the control station is also time synced, time between server_2 and server_3 should be same as well.