freeipa client, user login fail [SOLVED]

[pervailance]

Please advise. freeipa server and client install with no issues. On the client machine, the admin can logout, a new user (added to freeipa server) can type their user name and (default password)... They are then prompted to change their password and have a home directory created.
My issue is this: Once the client machine is rebooted, then a new user types their username and default password but is not prompted to change their password, and is denied access. I have reviewed logs and cannot seem to locate the issue.

The output from tail -f /var/log/krb5kdc.log
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16151](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.xx.xx: CLIENT KEY EXPIRED: user1@XXX.com for krbtgt/XXX.com@XXX.com, Password has expired
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16151](info): closing down fd 12
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16150](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.xx.xx: NEEDED_PREAUTH: user1@XXX.com for krbtgt/XXX.com@XXX.com, Password has expired
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16150](info): closing down fd 12
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16150](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.xx.xx: FIND_FAST: <unknown client> for <unknown server>, Clock skew too great while handling ap-request armor
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16150](info): closing down fd 12

Update: The system seems to be working, however there seems to be a 10 to 15 minute delay after power on for the server to recognize the client machine...meaning that user1 is unable to login for a period of time.
How in the world can I improve the performance of freeipa? Thank you for your time


My initial setup:
# ipa-client-install --enable-dns-updates -mkhomedir

While ipa-client-install initially configured ntp, the service would fail upon reboot. The following command unsures its success
# timedatectl set-ntp true

hope this helps someone