When you sign in to a Microsoft Office Communicator Web Access (CWA) website (such as https://cwa.contoso.com) that is hosted on a Windows Server 2008-based member server, you may receive the following error message:
Cannot sign in because your computer clock is not set correctly or your account is invalid. (Error code: 0-1-492).
This issue occurs because the Service Principal Name (SPN) of the Windows Server 2008-hosted CWA server's virtual server's FQDN is missing from its computer account's information in Active Directory Domain Services (AD DS).
To resolve this issue, add a Kerberos SPN for the HTTP service to the computer account that hosts CWA. The SPN must match the CWA website's FQDN.
Note Windows Server 2008 includes the Setspn.exe command-line tool. The Windows Server 2008 Setspn.exe tool is used to add, update, and analyze the application of Service Principal Names through an AD DS forest.
To add the SPN for the FQDN of the CWA virtual server to the local HTTP service on the Windows Server 2008-based member server, follow these steps:
On the Windows Server 2008-based member server that is hosting CWA open a command prompt by using elevated privileges.
Type the following Setspn.exe command, and then press ENTER:
setspn.exe -A HTTP/<FQDN of the CWA 2007 R2 Virtual Server> <FQDN of the CWA 2007 R2 Server>
Restart the Windows Server 2008-based member server.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about how to use Setspn with Windows Server 2008, please visit the following website: