I experienced an issue on a Windows 2003 server where it could not access certain network shares even though permissions and network connectivity were configured correctly.
While trying to access some network shares I got the following message:
1 2 3 4
<strong> </strong><a href="file://\\NETWORKSHARE\PATH">\\NETWORKSHARE\PATH</a> is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. <strong>This server's clock is not synchronized with the primary domain controller's clock.
This makes sense because Active Directory uses Kerberos authentication which relies on time
synchronization across the domain from a central location, the PDC server.
Looking in the system event logs of the server which could not access the network share I noticed events related to the issue in the last few days:
1 2 3 4
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 960 minutes. NtpClient has no source of accurate time.
1 2 3 4
Time Provider NtpClient: No valid response has been received from manually configured peer xxx.xxx.x.xx after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name.
This confirms two things, we can't sync our time on this server and that for some reason it has been configured manually to sync with a specific server. In this case, the manual time server selected was not the PDC and this should not have to be configured manually anyways.
To configure the server to automatically sync with the domain time we can use the following command at the cmd prompt.
1 2 3
w32tm /config /syncfromflags:domhier /update net stop w32time net start w32time
After running this command the time was able to sync successfully and the network shares were accessible from the server without issue.