UnauthorizedAccessException accessing registry after setting clocks forward c#

Question

I'm trying to test how our software works when faced with different clock situations (ie machines are out of sync, daylight savings time, etc). The test driver tries to disable the Windows Time service and modify the clocks on a remote machines using WMI.

A strange problem I'm running into is that if I set the computer clocks ahead or behind by a large amount (say several months) I start getting UnauthorizedAccessExceptions when trying to work with the remote registry.

Anyone seen this behaviour before?

Update: The accounts are service accounts that will not expire.

Answer 1

Found out the problem is that Kerberos security will think that you are trying to do a reply attack since any authorization request coming in to a domain controller will look like it's coming from too far in the future (same for a request too far in the past). From what I can gather 5 minutes is the default allowable windows for clocks to be out of synch.

Kerberos has strict time requirements, which means the clocks of the involved hosts must be synchronized within configured limits. The tickets have a time availability period and if the host clock is not synchronized with the Kerberos server clock, the authentication will fail. The default configuration per MIT requires that clock times are no more than five minutes apart. In practice Network Time Protocol daemons are usually used to keep the host clocks synchronized.

http://en.wikipedia.org/wiki/Kerberos_(protocol)

So I had to come up with a way to get around this to cover the unlikely scenario that time service wasn't functioning.