Bobcares

Remote desktop cannot verify the identity time or date difference – Resolve it now

by | Nov 22, 2020

The error ‘remote desktop cannot verify the identity time or date difference’ occurs while trying to connect to a remote server in the AD domain via RDP.

Here at Bobcares, we have seen several such Windows-related errors as part of our Server Management Services for web hosts and online service providers.

Today we’ll take a look at the causes for this error and see the fix.

 

Why does the ‘remote desktop cannot verify the identity time or date difference’ error occur

This error occurs while trying to connect to a remote server in the AD domain via RDP.

For instance, the error appears as below.

remote desktop cannot verify the identity time or date difference

This error specifies that the RDP client couldn’t authenticate using Kerberos. It happens because the time difference between the local and remote computer exceeds 5 minutes.

 

How we resolve the error ‘remote desktop cannot verify the identity time or date difference’

In order to fix this error, our Support Engineers opened the remote server console over ILO. Also, we made sure that the time and time zone was the same on both computers.

We run the below command to check the time on the remote computer.

net time \\remote-computer-IP-address

Here is the command we use to sync the time manually if necessary and restart the w32time service.

w32tm /config /manualpeerlist:your_ntp_server_ip NTP,0x8 /syncfromflags:manual
net stop w32time & net start w32time & w32tm /resync

Note: If the remote server is a virtual machine, we ensure that the time synchronization with the host hypervisor is disabled in the VM settings.

Since we have physical access to the remote computer, we check the DNS server in the network adapter settings. Also, we make sure that we can access this DNS server from the remote server. For that, we make use of the below command.

nslookup some_server_name DNSServername

In case, the DNS DNS server is not responding, we make sure that it is working correctly or we try to specify another DNS server address.

However, if multiple network adapters are used on the remote computer, we make sure that the routing table is correct when accessing the DNS server. The computer may try to access the DNS server using another network adapter a different IP subnet.

Then we try to connect to the remote computer using the IP address instead of the full FQDN DNS name in the RDP client connection window. In our case, Kerberos won’t be used for authentication.

We make sure that a trust relationship with the AD domain exists. To do it, we run this PowerShell command.

Test-ComputerSecureChannel

If there are trusted relationships, it will return True.

To repair the trusted relationship with the Active Directory domain, we run this command:

Test-ComputerSecureChannel -Repair -Credential contoso\your_admin_account_name

If the below error appears then we check the availability of the domain controller from the server and open TCP/UDP ports for the “Domain and Trusts” service.

Test-ComputerSecureChannel: Cannot reset the secure channel password for the computer account in the domain. Operation failed with the following exception: The server is not operational

Also, we make sure that the same “RDP Security Layer” is selected both on the local and remote computer.

We set this parameter by using the “Require use of specific security layer for remote (RDP) connections” policy. It is present in the GPO section Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Security by selecting less secure RDP level.

Or we do it by using the below registry key.

HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer

 

[Are you still stuck with Windows error? – We are here to help you]

 

Conclusion

In short, this error occurs while trying to connect to a remote server in the AD domain via RDP. Today, we saw the solution provided by our Support Engineers.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF