Overview
This article provides information on how to resolve the Kerio VPN client Failed authentication issue.
The following errors are shown in the Warning logs:
[15/Apr/2019 09:31:42] The time has shifted back (567 s).
[16/Apr/2019 09:31:44] The time has shifted back (568 s).
The Security logs would show the following entries:
[16/Apr/2019 05:59:21] Authentication: VPN Client: Client: x.x.x.x: Invalid password for NT/Kerberos user username1
[16/Apr/2019 09:25:17] Authentication: VPN Client: Client: y.y.y.y: Invalid password for NT/Kerberos user username2
Prerequisites
Kerio Control connected to Directory Service
Root Cause
The time is not synchronized correctly between Kerio Control and AD/OD servers, which leads to VPN client authentication failures. The timestamps in Kerio VPN client, Kerio Control server, and Directory server are different (out of sync).
Resolution
-
Log in to the Kerio Control Webadmin.
-
Navigate to Configuration > Advanced Options > System Configuration, and modify the NTP server settings to direct to the Trusted NTP servers.
Recommended servers are:-
0.kerio.pool.ntp.org -
1.kerio.pool.ntp.org -
2.kerio.pool.ntp.org -
3.kerio.pool.ntp.org
-