Maximum Clock Skew

dstranathan
Valued Contributor II

Just curious about the JSS security setting "Maximum Clock Skew" (Maximum UTC time difference to allow between Mac computers & the JSS host server)...

I currently have this option set to "No Maximum" on my JSS.

If I change this to another option (i.e.; "5 mins"), what happens if the skew between a Mac client and my JSS is greater than 5 minutes? Does the client attempt to sync its time with the JSS? Are any time correction measures taken?

Both my JSS server and managed Mac clients are pointed to the same NTP server(s).

b9176682abe24db3b4e8103c714d2646

3 REPLIES 3

chriscollins
Valued Contributor

Well if it synced with the JSS that would probably defeat the purpose of the clock skew setting which is security and verifying certificates are still valid, etc, and would have the same overall effect of just having it set to no maximum skew.

I am pretty sure authentication from the client would just fail.

kerouak
Valued Contributor

Nope, It would fail.

No time sync would take place.

They would both Sync with you NTP servers so really shouldn't be any need for clock skew mate

mvijy
New Contributor

Hi All,
How to identify the "Clock Skew Error" machines?

In my organization there are few machines not deploying the policies then admins cross checking manually identified that machine having problem with Clock Skew. Then running systemsetup -setnetworktimeserver commads. then issue is fixing.

here I want to know the how many machine effected with this "Clock Skew Error" issue.
External Attributes are not targeting to this effected machine due to this issue. Apart from policy, external attributes any other way to identify ?