Although in our mind we know if machine joined to the AD domain, it will by default register two records by default HOST/NetBIOSName and HOST/FQDN, and we also know those two SPN represent various services principal names following something called catch-all mechanism.
That means if a Windows client wants to access the SMB share, it could ask KDC to get this machine’s SPN as cifs/FQDN format, if they want to access web services(we assume the machine provide this service), it could ask KDC to get this machine’s SPN as http/FQDN format.
But do you have the inner voice echoing which passage I based upon, at least I ask myself this question and spent half day searching for the source of the catch-all mechanism, however, I could find nothing from Microsoft official website to decipher how/when/why it works 🙁
We know NTP is used to synchronize time from authorized time server to the client to keep the client local time consistent with standard time.
However, what if we successfully set up the NTP servers, but the client is still out of sync with NTP server time to time which causes authentication issue? We need to know how to troubleshoot the related issue.
Before troubleshooting the NTP related issues, you should have following knowledge:
- What is a reference clock?
- How will NTP use a reference clock?
- How will NTP know about Time Sources?
- What happens if the Reference Time changes?
- How is Time synchronized?
- Which Network Protocols are used by NTP?
- When are the Servers polled?
- How frequently will the System Clock be updated?
- How frequently are Correction Values updated?