It's a mess. At one point we had a backup domain controller that had gotten incorrectly setup as a time server, and was out of sync with the rest of the world, with a slight amount of drift. Randomly, our test servers would end up syncing time from that server at times, and wind up slightly off. When the time got slightly more than around five or ten minutes off, connections (over TLS encryption) from those boxes to our Lync IM servers would start failing, and weirdness would ensue. Reboot the box, or sometimes just sign in and out, and things would straighten out, for a while. Very spooky.

This was all years ago, so my recollection may be fuzzy, but I spent entirely too much time futzing with SIP traces and certs. Weird, weird things can result from time inconsistencies is my takeaway, however.

In the world of Active Directory (Kerberos), issues will start appearing when time is off by as little as five minutes.

As they should. Five minutes off is not a big deal for a grandfather clock, but it is for most crypto.