Clock skew too great for CAC authentication
Clock skew is the range of time allowed for a server to accept authentication. If the clock skew too far off, you will receive a
clock skew too great error message. The clock skew between the BMC Atrium Single Sign-On server and the OCSP server must not be more than 15 minutes, otherwise OCSP validation fails.
This error indicates that the clock on one or both of the servers has the wrong time. To resolve this issue either use a time server to synchronize the computers, or manually set the clock on one or both of the computers to the correct time.