SQL Server Windows Authentication fails after tonight's security updates: The login is from an untrusted...
How to make a variable always equal to the result of some calculations?
If I blow insulation everywhere in my attic except the door trap, will heat escape through it?
Why were Madagascar and New Zealand discovered so late?
Was a professor correct to chastise me for writing "Prof. X" rather than "Professor X"?
How can I open an app using Terminal?
What can we do to stop prior company from asking us questions?
Is a stroke of luck acceptable after a series of unfavorable events?
What does this shorthand mean?
Text adventure game code
How to get regions to plot as graphics
Why didn't Theresa May consult with Parliament before negotiating a deal with the EU?
How do I get the green key off the shelf in the Dobby level of Lego Harry Potter 2?
Visit to the USA with ESTA approved before trip to Iran
What is the difference between "behavior" and "behaviour"?
How to use tikz in fbox?
How do we know the LHC results are robust?
How to start emacs in "nothing" mode (`fundamental-mode`)
What is meant by a M next to a roman numeral?
Why does C# sound extremely flat when saxophone is tuned to G?
Implement the Thanos sorting algorithm
How easy is it to start Magic from scratch?
Anatomically Correct Mesopelagic Aves
I believe this to be a fraud - hired, then asked to cash check and send cash as Bitcoin
How can I get through very long and very dry, but also very useful technical documents when learning a new tool?
SQL Server Windows Authentication fails after tonight's security updates: The login is from an untrusted domain
The Next CEO of Stack OverflowHas March 2015 Patch Tuesday broken 2003 shares?March 10th Patch Tuesday appears to cause SQL Server client connection problemsWindows Server 2012 R2 will sometimes fail to authenticate logins with domain (RDP, SQL Server)What is considered more secure for sql server securityWhy does Windows Automatic Updates ignore SQL Server service Packs?SQL Server - Connect as another domain userSQL Server Windows Auth Login sees Domain as untrustedCannot login to SQL Server 2008 R2 with Windows authenticationWhy Does A/D Account Need SQL Server Login?SQL Server Windows authentication - username not changedSQL Server domain-group based loginConnecting to SQL Server outside the domain with SQL AuthenticationUntrusted Domain connection error - Windows Authentication SQL Server 2017
We have the following setup:
- One Domain Controller (DC, Server 2003 R2 Standard x64)
- One SQL Server (SQL, Server 2008 R2 Standard x64)
- some clients.
All machines are in the same domain. All user accounts in use are domain accounts. SQL runs one instance of each SQL Server 2005, 2008, 2008R2, 2012 and 2014.
Since tonight (DC rebooted to install automatic Windows security updates), accessing the SQL 2005, 2008 and 2008R2 instances through Windows authentication does not work properly anymore:
When accessing one of these instances
- from one of the clients
- using Windows authentication
the following error occurs (it's the 2008R2 message, the 2005/2008 messages are similar):
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)
Obviously, the message text does not apply, since there is only one domain.
Now the surprising thing is: As soon as user is logged in on SQL (starting an RDP sesson or even simply running runas /user:MYDOMAINsomeuser cmd and keeping the window open), this user can access all SQL Server instances from all clients without any problems until the process running with that user's credentials is closed.
This means that I can just workaround this problem by executing the above runas command for all users on SQL once (and keeping the windows open), but, obviously, something is severely broken. I suspect tonight's security updates on DC have something to do with it (since that's the only thing that changed), but I'd rather avoid uninstalling and rebooting each one of them (12 updates were installed and DC is really old and slow).
Has anyone encountered this issue before and knows how to fix it permanently? Any other ideas (other than spending the next few days becoming a Kerberos expert)?
active-directory windows-server-2003 sql-server kerberos
asked Mar 12 '15 at 10:49
HeinziHeinzi
1,11352043
This question has an open bounty worth +50
reputation from billinkc ending in 7 days.
One or more of the answers is exemplary and worthy of an additional bounty.
Ran into a maddening issue with a combination of RDP into a virtual, using a Cisco's AnyConnect and runas to access client resources and it just wasn't happening. Ron DeFulio's answer saved me many more hours of head scratching.
add a comment |
We have the following setup:
- One Domain Controller (DC, Server 2003 R2 Standard x64)
- One SQL Server (SQL, Server 2008 R2 Standard x64)
- some clients.
All machines are in the same domain. All user accounts in use are domain accounts. SQL runs one instance of each SQL Server 2005, 2008, 2008R2, 2012 and 2014.
Since tonight (DC rebooted to install automatic Windows security updates), accessing the SQL 2005, 2008 and 2008R2 instances through Windows authentication does not work properly anymore:
When accessing one of these instances
- from one of the clients
- using Windows authentication
the following error occurs (it's the 2008R2 message, the 2005/2008 messages are similar):
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)
Obviously, the message text does not apply, since there is only one domain.
Now the surprising thing is: As soon as user is logged in on SQL (starting an RDP sesson or even simply running runas /user:MYDOMAINsomeuser cmd and keeping the window open), this user can access all SQL Server instances from all clients without any problems until the process running with that user's credentials is closed.
This means that I can just workaround this problem by executing the above runas command for all users on SQL once (and keeping the windows open), but, obviously, something is severely broken. I suspect tonight's security updates on DC have something to do with it (since that's the only thing that changed), but I'd rather avoid uninstalling and rebooting each one of them (12 updates were installed and DC is really old and slow).
Has anyone encountered this issue before and knows how to fix it permanently? Any other ideas (other than spending the next few days becoming a Kerberos expert)?
active-directory windows-server-2003 sql-server kerberos
asked Mar 12 '15 at 10:49
HeinziHeinzi
1,11352043
This question has an open bounty worth +50
reputation from billinkc ending in 7 days.
One or more of the answers is exemplary and worthy of an additional bounty.
Ran into a maddening issue with a combination of RDP into a virtual, using a Cisco's AnyConnect and runas to access client resources and it just wasn't happening. Ron DeFulio's answer saved me many more hours of head scratching.
Have you checked your DC's clock? While I can't explain the instance discrepancy, a DC's clock being wrong does cause the behavior your explaining when limiting yourself to looking at one instance. Also you might want to look at upgrading your DC OS as end of life is nearing.
– Reaces
Mar 12 '15 at 12:01
@Reaces: Thanks for the hint, but the clocks are perfectly synchronous. Yes, the DC is the next machine scheduled for replacement.
– Heinzi
Mar 12 '15 at 12:56
add a comment |
We have the following setup:
- One Domain Controller (DC, Server 2003 R2 Standard x64)
- One SQL Server (SQL, Server 2008 R2 Standard x64)
- some clients.
All machines are in the same domain. All user accounts in use are domain accounts. SQL runs one instance of each SQL Server 2005, 2008, 2008R2, 2012 and 2014.
Since tonight (DC rebooted to install automatic Windows security updates), accessing the SQL 2005, 2008 and 2008R2 instances through Windows authentication does not work properly anymore:
When accessing one of these instances
- from one of the clients
- using Windows authentication
the following error occurs (it's the 2008R2 message, the 2005/2008 messages are similar):
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)
Obviously, the message text does not apply, since there is only one domain.
Now the surprising thing is: As soon as user is logged in on SQL (starting an RDP sesson or even simply running runas /user:MYDOMAINsomeuser cmd and keeping the window open), this user can access all SQL Server instances from all clients without any problems until the process running with that user's credentials is closed.
This means that I can just workaround this problem by executing the above runas command for all users on SQL once (and keeping the windows open), but, obviously, something is severely broken. I suspect tonight's security updates on DC have something to do with it (since that's the only thing that changed), but I'd rather avoid uninstalling and rebooting each one of them (12 updates were installed and DC is really old and slow).
Has anyone encountered this issue before and knows how to fix it permanently? Any other ideas (other than spending the next few days becoming a Kerberos expert)?
active-directory windows-server-2003 sql-server kerberos
asked Mar 12 '15 at 10:49
HeinziHeinzi
1,11352043
We have the following setup:
- One Domain Controller (DC, Server 2003 R2 Standard x64)
- One SQL Server (SQL, Server 2008 R2 Standard x64)
- some clients.
All machines are in the same domain. All user accounts in use are domain accounts. SQL runs one instance of each SQL Server 2005, 2008, 2008R2, 2012 and 2014.
Since tonight (DC rebooted to install automatic Windows security updates), accessing the SQL 2005, 2008 and 2008R2 instances through Windows authentication does not work properly anymore:
When accessing one of these instances
- from one of the clients
- using Windows authentication
the following error occurs (it's the 2008R2 message, the 2005/2008 messages are similar):
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)
Obviously, the message text does not apply, since there is only one domain.
Now the surprising thing is: As soon as user is logged in on SQL (starting an RDP sesson or even simply running runas /user:MYDOMAINsomeuser cmd and keeping the window open), this user can access all SQL Server instances from all clients without any problems until the process running with that user's credentials is closed.
This means that I can just workaround this problem by executing the above runas command for all users on SQL once (and keeping the windows open), but, obviously, something is severely broken. I suspect tonight's security updates on DC have something to do with it (since that's the only thing that changed), but I'd rather avoid uninstalling and rebooting each one of them (12 updates were installed and DC is really old and slow).
Has anyone encountered this issue before and knows how to fix it permanently? Any other ideas (other than spending the next few days becoming a Kerberos expert)?
active-directory windows-server-2003 sql-server kerberos
active-directory windows-server-2003 sql-server kerberos
asked Mar 12 '15 at 10:49
HeinziHeinzi
1,11352043
asked Mar 12 '15 at 10:49
HeinziHeinzi
1,11352043
edited Mar 12 '15 at 10:55
Heinzi
asked Mar 12 '15 at 10:49
HeinziHeinzi
1,11352043
asked Mar 12 '15 at 10:49
HeinziHeinzi
1,11352043
asked Mar 12 '15 at 10:49
HeinziHeinzi
1,11352043
1,11352043
This question has an open bounty worth +50
reputation from billinkc ending in 7 days.
One or more of the answers is exemplary and worthy of an additional bounty.
Ran into a maddening issue with a combination of RDP into a virtual, using a Cisco's AnyConnect and runas to access client resources and it just wasn't happening. Ron DeFulio's answer saved me many more hours of head scratching.
This question has an open bounty worth +50
reputation from billinkc ending in 7 days.
One or more of the answers is exemplary and worthy of an additional bounty.
Ran into a maddening issue with a combination of RDP into a virtual, using a Cisco's AnyConnect and runas to access client resources and it just wasn't happening. Ron DeFulio's answer saved me many more hours of head scratching.
Have you checked your DC's clock? While I can't explain the instance discrepancy, a DC's clock being wrong does cause the behavior your explaining when limiting yourself to looking at one instance. Also you might want to look at upgrading your DC OS as end of life is nearing.
– Reaces
Mar 12 '15 at 12:01
@Reaces: Thanks for the hint, but the clocks are perfectly synchronous. Yes, the DC is the next machine scheduled for replacement.
– Heinzi
Mar 12 '15 at 12:56
add a comment |
Have you checked your DC's clock? While I can't explain the instance discrepancy, a DC's clock being wrong does cause the behavior your explaining when limiting yourself to looking at one instance. Also you might want to look at upgrading your DC OS as end of life is nearing.
– Reaces
Mar 12 '15 at 12:01
@Reaces: Thanks for the hint, but the clocks are perfectly synchronous. Yes, the DC is the next machine scheduled for replacement.
– Heinzi
Mar 12 '15 at 12:56
Have you checked your DC's clock? While I can't explain the instance discrepancy, a DC's clock being wrong does cause the behavior your explaining when limiting yourself to looking at one instance. Also you might want to look at upgrading your DC OS as end of life is nearing.
– Reaces
Mar 12 '15 at 12:01
Have you checked your DC's clock? While I can't explain the instance discrepancy, a DC's clock being wrong does cause the behavior your explaining when limiting yourself to looking at one instance. Also you might want to look at upgrading your DC OS as end of life is nearing.
– Reaces
Mar 12 '15 at 12:01
@Reaces: Thanks for the hint, but the clocks are perfectly synchronous. Yes, the DC is the next machine scheduled for replacement.
– Heinzi
Mar 12 '15 at 12:56
@Reaces: Thanks for the hint, but the clocks are perfectly synchronous. Yes, the DC is the next machine scheduled for replacement.
– Heinzi
Mar 12 '15 at 12:56
add a comment |
3 Answers
3
active
oldest
votes
check if your DC installed the update KB3002657 tonight.
see http://support2.microsoft.com/?kbid=3002657
I had the same issue.
Deinstalling this update solved the problem for me.
answered Mar 12 '15 at 13:38
simsonsimson
761
Well spotted, I just discovered that myself and wanted to write exactly the same thing. :-) Apparently KB3002657 causes a lot of trouble today.
– Heinzi
Mar 12 '15 at 13:40
Some Clients will show the Error Message "The login is from an untrusted domain". e.g. if you connect via RDP or at an MSSQL-Server. Just remove the Host you want connect to from your domain an add it again.
– simson
Mar 13 '15 at 13:44
add a comment |
The following fix via Group Policy worked for me:
- Open Group Policy Administrator
- Navigate to Computer Configuration >> Windows Settings >> Local Polices >> Security Options
- Double Click "Network Security: LAN Manager authentication level"
- Change option from "Send NTLM Responses" to "Send LM & NTLM responses"
- Run
gpupdate /forceon affected computers and servers.
answered Mar 16 '15 at 18:42
Ron DeFulioRon DeFulio
211
add a comment |
I don't have the exact details, but we were having the same symptoms and workaround with the RDP session. I alerted the IT group to this solution from simson, and they said they would uninstall the security update, which had been applied over the weekend. This seems to have fixed the problem.
answered Mar 16 '15 at 21:08
Mike BMike B
111
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f674884%2fsql-server-windows-authentication-fails-after-tonights-security-updates-the-lo%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
check if your DC installed the update KB3002657 tonight.
see http://support2.microsoft.com/?kbid=3002657
I had the same issue.
Deinstalling this update solved the problem for me.
answered Mar 12 '15 at 13:38
simsonsimson
761
Well spotted, I just discovered that myself and wanted to write exactly the same thing. :-) Apparently KB3002657 causes a lot of trouble today.
– Heinzi
Mar 12 '15 at 13:40
Some Clients will show the Error Message "The login is from an untrusted domain". e.g. if you connect via RDP or at an MSSQL-Server. Just remove the Host you want connect to from your domain an add it again.
– simson
Mar 13 '15 at 13:44
add a comment |
check if your DC installed the update KB3002657 tonight.
see http://support2.microsoft.com/?kbid=3002657
I had the same issue.
Deinstalling this update solved the problem for me.
answered Mar 12 '15 at 13:38
simsonsimson
761
Well spotted, I just discovered that myself and wanted to write exactly the same thing. :-) Apparently KB3002657 causes a lot of trouble today.
– Heinzi
Mar 12 '15 at 13:40
Some Clients will show the Error Message "The login is from an untrusted domain". e.g. if you connect via RDP or at an MSSQL-Server. Just remove the Host you want connect to from your domain an add it again.
– simson
Mar 13 '15 at 13:44
add a comment |
check if your DC installed the update KB3002657 tonight.
see http://support2.microsoft.com/?kbid=3002657
I had the same issue.
Deinstalling this update solved the problem for me.
answered Mar 12 '15 at 13:38
simsonsimson
761
check if your DC installed the update KB3002657 tonight.
see http://support2.microsoft.com/?kbid=3002657
I had the same issue.
Deinstalling this update solved the problem for me.
answered Mar 12 '15 at 13:38
simsonsimson
761
answered Mar 12 '15 at 13:38
simsonsimson
761
answered Mar 12 '15 at 13:38
simsonsimson
761
answered Mar 12 '15 at 13:38
simsonsimson
761
761
Well spotted, I just discovered that myself and wanted to write exactly the same thing. :-) Apparently KB3002657 causes a lot of trouble today.
– Heinzi
Mar 12 '15 at 13:40
Some Clients will show the Error Message "The login is from an untrusted domain". e.g. if you connect via RDP or at an MSSQL-Server. Just remove the Host you want connect to from your domain an add it again.
– simson
Mar 13 '15 at 13:44
add a comment |
Well spotted, I just discovered that myself and wanted to write exactly the same thing. :-) Apparently KB3002657 causes a lot of trouble today.
– Heinzi
Mar 12 '15 at 13:40
Some Clients will show the Error Message "The login is from an untrusted domain". e.g. if you connect via RDP or at an MSSQL-Server. Just remove the Host you want connect to from your domain an add it again.
– simson
Mar 13 '15 at 13:44
Well spotted, I just discovered that myself and wanted to write exactly the same thing. :-) Apparently KB3002657 causes a lot of trouble today.
– Heinzi
Mar 12 '15 at 13:40
Well spotted, I just discovered that myself and wanted to write exactly the same thing. :-) Apparently KB3002657 causes a lot of trouble today.
– Heinzi
Mar 12 '15 at 13:40
Some Clients will show the Error Message "The login is from an untrusted domain". e.g. if you connect via RDP or at an MSSQL-Server. Just remove the Host you want connect to from your domain an add it again.
– simson
Mar 13 '15 at 13:44
Some Clients will show the Error Message "The login is from an untrusted domain". e.g. if you connect via RDP or at an MSSQL-Server. Just remove the Host you want connect to from your domain an add it again.
– simson
Mar 13 '15 at 13:44
add a comment |
The following fix via Group Policy worked for me:
- Open Group Policy Administrator
- Navigate to Computer Configuration >> Windows Settings >> Local Polices >> Security Options
- Double Click "Network Security: LAN Manager authentication level"
- Change option from "Send NTLM Responses" to "Send LM & NTLM responses"
- Run
gpupdate /forceon affected computers and servers.
answered Mar 16 '15 at 18:42
Ron DeFulioRon DeFulio
211
add a comment |
The following fix via Group Policy worked for me:
- Open Group Policy Administrator
- Navigate to Computer Configuration >> Windows Settings >> Local Polices >> Security Options
- Double Click "Network Security: LAN Manager authentication level"
- Change option from "Send NTLM Responses" to "Send LM & NTLM responses"
- Run
gpupdate /forceon affected computers and servers.
answered Mar 16 '15 at 18:42
Ron DeFulioRon DeFulio
211
add a comment |
The following fix via Group Policy worked for me:
- Open Group Policy Administrator
- Navigate to Computer Configuration >> Windows Settings >> Local Polices >> Security Options
- Double Click "Network Security: LAN Manager authentication level"
- Change option from "Send NTLM Responses" to "Send LM & NTLM responses"
- Run
gpupdate /forceon affected computers and servers.
answered Mar 16 '15 at 18:42
Ron DeFulioRon DeFulio
211
The following fix via Group Policy worked for me:
- Open Group Policy Administrator
- Navigate to Computer Configuration >> Windows Settings >> Local Polices >> Security Options
- Double Click "Network Security: LAN Manager authentication level"
- Change option from "Send NTLM Responses" to "Send LM & NTLM responses"
- Run
gpupdate /forceon affected computers and servers.
answered Mar 16 '15 at 18:42
Ron DeFulioRon DeFulio
211
answered Mar 16 '15 at 18:42
Ron DeFulioRon DeFulio
211
answered Mar 16 '15 at 18:42
Ron DeFulioRon DeFulio
211
answered Mar 16 '15 at 18:42
Ron DeFulioRon DeFulio
211
211
add a comment |
add a comment |
I don't have the exact details, but we were having the same symptoms and workaround with the RDP session. I alerted the IT group to this solution from simson, and they said they would uninstall the security update, which had been applied over the weekend. This seems to have fixed the problem.
answered Mar 16 '15 at 21:08
Mike BMike B
111
add a comment |
I don't have the exact details, but we were having the same symptoms and workaround with the RDP session. I alerted the IT group to this solution from simson, and they said they would uninstall the security update, which had been applied over the weekend. This seems to have fixed the problem.
answered Mar 16 '15 at 21:08
Mike BMike B
111
add a comment |
I don't have the exact details, but we were having the same symptoms and workaround with the RDP session. I alerted the IT group to this solution from simson, and they said they would uninstall the security update, which had been applied over the weekend. This seems to have fixed the problem.
answered Mar 16 '15 at 21:08
Mike BMike B
111
I don't have the exact details, but we were having the same symptoms and workaround with the RDP session. I alerted the IT group to this solution from simson, and they said they would uninstall the security update, which had been applied over the weekend. This seems to have fixed the problem.
answered Mar 16 '15 at 21:08
Mike BMike B
111
answered Mar 16 '15 at 21:08
Mike BMike B
111
answered Mar 16 '15 at 21:08
Mike BMike B
111
answered Mar 16 '15 at 21:08
Mike BMike B
111
111
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f674884%2fsql-server-windows-authentication-fails-after-tonights-security-updates-the-lo%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Have you checked your DC's clock? While I can't explain the instance discrepancy, a DC's clock being wrong does cause the behavior your explaining when limiting yourself to looking at one instance. Also you might want to look at upgrading your DC OS as end of life is nearing.
– Reaces
Mar 12 '15 at 12:01
@Reaces: Thanks for the hint, but the clocks are perfectly synchronous. Yes, the DC is the next machine scheduled for replacement.
– Heinzi
Mar 12 '15 at 12:56