After deploying new VMs, it is not possible to connect using network credentials, but local accounts work, and NTP servers are not set. What is the MOST likely cause?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your skills for the CompTIA Cloud+ exam. Prepare with interactive quizzes, detailed explanations, and real exam simulations. Set the stage for your cloud certification success!

Multiple Choice

After deploying new VMs, it is not possible to connect using network credentials, but local accounts work, and NTP servers are not set. What is the MOST likely cause?

Explanation:
Authentication in a domain environment often relies on Kerberos, which is highly time-sensitive. The tickets used to prove a user’s identity include timestamps, and the domain controllers will reject a ticket if the client’s clock is too far out of sync. When new VMs can’t log in with domain (network) credentials but can log in with local accounts, and there’s no set time source (NTP) on the machines, the most likely issue is that the clocks on the VMs aren’t synchronized with the domain time. If the VM clocks drift out of the allowed skew window, domain authentication fails even though local logins work. To fix this, ensure proper time synchronization is in place—configure the Windows Time service (or the hypervisor/host time sync) to sync with a reliable time source (NTP) and verify that the VM and domain controllers share a consistent time. After the clocks are aligned, domain logins should succeed again. Why the other options don’t fit as well: a directory services outage would typically affect login through the domain more broadly, not just when NTP isn’t configured, and local accounts would still be usable if the VM isn’t contacting the domain. licensing issues would present activation or compliance messages, not a failure of network logins specifically. The statement about directory services requiring NTP servers is less precise than the actual issue of time synchronization; the symptom strongly points to clock skew affecting Kerberos authentication rather than a service outage or licensing problem.

Authentication in a domain environment often relies on Kerberos, which is highly time-sensitive. The tickets used to prove a user’s identity include timestamps, and the domain controllers will reject a ticket if the client’s clock is too far out of sync. When new VMs can’t log in with domain (network) credentials but can log in with local accounts, and there’s no set time source (NTP) on the machines, the most likely issue is that the clocks on the VMs aren’t synchronized with the domain time. If the VM clocks drift out of the allowed skew window, domain authentication fails even though local logins work.

To fix this, ensure proper time synchronization is in place—configure the Windows Time service (or the hypervisor/host time sync) to sync with a reliable time source (NTP) and verify that the VM and domain controllers share a consistent time. After the clocks are aligned, domain logins should succeed again.

Why the other options don’t fit as well: a directory services outage would typically affect login through the domain more broadly, not just when NTP isn’t configured, and local accounts would still be usable if the VM isn’t contacting the domain. licensing issues would present activation or compliance messages, not a failure of network logins specifically. The statement about directory services requiring NTP servers is less precise than the actual issue of time synchronization; the symptom strongly points to clock skew affecting Kerberos authentication rather than a service outage or licensing problem.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy