-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center. -
-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center. -
- HP Community
- Archived Topics
- Desktops (Archived)
- Group policy fails to apply after time change

Create an account on the HP Community to personalize your profile and ask a question

11-03-2015 12:17 PM
We have HP T520 thin clients in our environment running Windows 7 Embedded Standard. The write filter is turned on to prevent changes to the disks. After the DST time change this week, the thin clients do not apply their GPOs because the time on the client is one hour off as it first boots. It's later fixed by the NTP service, but I need the boot-time GPOs to apply every time.
I am able to temporarily remedy the problem by running these commands on the device, but of course it's all lost if the client is rebooted since the disks are not writable:
w32tm /config /update
w32tm /resync
gpupdate /force
Here's what event log shows:
Log Name: System
Source: NETLOGON
Date: 11/3/2015 8:58:04 AM
Event ID: 5719
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: THIN-0GT3.domain.com
Description:
This computer was not able to set up a secure session with a domain controller in domain DOMAINNAME due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
Log Name: System
Source: Microsoft-Windows-Security-Kerberos
Date: 11/3/2015 8:58:11 AM
Event ID: 5
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: THIN-0GT3.domain.com
Description:
The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server THIN-0GT3$. This indicates that the ticket used against that server is not yet valid (in relationship to that server time). Contact your system administrator to make sure the client and server times are in sync, and that the KDC in realm domain.com is in sync with the KDC in the client realm.
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 11/3/2015 8:58:11 AM
Event ID: 1126
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: THIN-0GT3.domain.com
Description:
Windows was unable to determine whether new Group Policy settings defined by a network administrator should be enforced for this user or computer because this computer's clock is not synchronized with the clock of one of the domain controllers for the domain. Because of this issue, this computer system may not be in compliance with the network administrator’s requirements, and users of this system may not be able to use some functionality on the network. Windows will periodically attempt to retry this operation, and it is possible that either this system or the domain controller will correct the time settings without intervention by an administrator, so the problem will be corrected.
If this issue persists for more than an hour, checking the local system's clock settings to ensure they are accurate and are synchronized with the clocks on the network's domain controllers is one way to resolve this problem. A network administrator may be required to resolve the issue if correcting the local time settings does not address the problem.
11-11-2015 02:42 PM
I fixed this - I ended up having to configure the Windows Time service. I had to use pool.ntp.org server because our domain controllers would not let the client sync time with them because the time on the clients was wrong.
(Who thought of that bit of genius? Hello client computer. Whats that you say? Your time is wrong? Well, I cannot provide you with the current time because your time is inaccurate.)
So I configured Windows Time service for auto-start, along with the pool.ntp.org servers, and that fixed it. Had to create a new image and deploy it to all clients with these new settings to completely resolve the issue.
