Time synchronization error: ""VAS_ERR_KRB5: System time out of sync with AD. Clock Skew too great. (4264601)

You receive a time synchronization error when logging in to a server.

e.g.:
VAS_ERR_KRB5: System time out of sync with realm YOURDOMAIN.COM (dc1.yourdomain.com)
Caused by:
KRB5KRB_AP_ERR_SKEW (-1765328347): Clock skew too great

vastool status reports the error "303 VAS is not in time sync with the AD controller it is contacting."
[root@centos lib]# vastool status
FAILURE: 303 VAS is not in time sync with the AD controller it is contacting.
Result: <Test(s) failed> (4 seconds)(v0.5.7)

The client is out of time sync with AD

1. Resync the time with AD:
# /opt/quest/bin/vastool timesync

2. Use VGP or manually set the timesync-interval on the VAS client, e.g.:
# /opt/quest/bin/vastool configure vas vasd timesync-interval 30

timesync-interval = <integer (hours)>
Default value: 12

vasd will operate as a time synchronization agent for the Unix host if no other process is using the NTP port (123). If this port is not bound
when vasd starts then vasd will query Active Directory Domain Controllers for the current time and then ensure that the Unix hostâs clock is
synchronized to ensure that Kerberos operations work correctly.

The value for this option controls the frequency of time synchronization and should be set to an interval in hours where vasd will perform a
time synchronization. The default value is 12 hours. Setting this value to -1 will cause vasd to synchronize time every 30 seconds, This may
be very useful when VAS is deployed in environments where the system clock is not reliable and skews very quickly. Virtual machine
environments commonly have this problem. If this value is set to 0 then vasd will not synchronize time, even if the SNTP port is unbound. The
following example shows how to timesync every hour.

[vasd]
timesync-interval = 1