TSM client certificates with domain account, failed, but regular account successes. The synchronization between TSM server and AD is normal.
Review the configuration of time between TSM server and AD server, and make the time of two servers be the same.
Regular account on TSM server could pass the certification, but domain account failed, it says that the process of certification between TSM and AD matters. Access into the console of TSM server, add AD server related information into AD synchronization option again, and do certification test with test account. Certification failed as the result, because the system time discrepant more than 5 minutes, certification failed.
Because of time discrepant widely, domain account couldn’t pass the certification of AD, this mechanism exists in domain certification mechanism. TSM act as a middleware, if time discrepant with the time of AD widely, then all domain certification at TSM client failed.