This article provides information on how to resolve the Kerio VPN client Failed authentication issue.
The following errors are shown in the Warning logs:
[15/Apr/2019 09:31:42] The time has shifted back (567 s).
[16/Apr/2019 09:31:44] The time has shifted back (568 s).
The Security logs would show the following entries:
[16/Apr/2019 05:59:21] Authentication: VPN Client: Client: x.x.x.x: Invalid password for NT/Kerberos user username1
[16/Apr/2019 09:25:17] Authentication: VPN Client: Client: y.y.y.y: Invalid password for NT/Kerberos user username2
Kerio Control connected to Directory Service
The time is not synchronized correctly between Kerio Control and AD/OD servers, which leads to VPN client authentication failures. The timestamps in Kerio VPN client, Kerio Control server, and Directory server are different (out of sync).
Log in to the Kerio Control Webadmin.
Navigate to Configuration > Advanced Options > System Configuration, and modify the NTP server settings to direct to the Trusted NTP servers.
Recommended servers are: