Synology AD Domain users unable to logon to SMB shares

I rebooted a domain controller tonight, after which no domain users could logon to the Synology Rackstation. It seemed to have got itself into a state, unable to resync the domain data, etc. so I removed it from the domain, rebooted it and then rejoined it to the domain, which seemed to work fine. After rejoining the domain user credentials were still not accepted via SMB, however I could logon to the web admin site. My experience of Active Directory tells me to check 2 things first. DNS and Time. DNS seemed to be fine and the NetBIOS name resolved so that left the time. I logged onto the two DCs and both had a time that was 8 minutes slower than the Synology (which syncs via ntp.org). The two Windows Server 2012 Server domain controllers weren’t configured to sync their time to the internet, which you can fix with the commands below (via an escalated command prompt)…

net stop w32time  
w32tm /config /syncfromflags:manual /manualpeerlist:“uk.pool.ntp.org”  
w32tm /config /reliable:yes  
net start w32time

check it with…

w32tm /query /configuration

About a minute later I could access the server with my AD account again and other users just needed to reboot and the issue was fixed.

About Jac