• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 503
  • Last Modified:

w32time faillure- auto-disbling IIS?

I've got a win2k3 std server running IIS, am FTP site. It is a member of the domain.  I keep getting w32time errors in my system log (see below).  I don't really care, EXCEPT, every few hours IIS and FTP get disabled.  There is no evidence of this happening in any event log.  I load the server, it fails.  I TS in, and I go to computer manager and see the little "x" on the "Web Sites" folder and the "FTP sites" folder.  

All I have to do is start the service again to get IIS and FTP back up.  No errors or difficulties in getting them back up.  But the server disables them every few hours.

It's obvious that they w32 time errors are a problem, but why could this happen?

Also, i've got a firewall, but set up a trusted entry for my DC for all ports.  Still no time sync.  

What am I looking for? Why IIS and FTP auto-disables on w32time failure.  Would be great to have a solution to my w32time issues, but that isn't the main question here.

The precise error is:
"The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. "
0
happydog234
Asked:
happydog234
  • 2
  • 2
1 Solution
 
John Gates, CISSPSecurity ProfessionalCommented:
THe reson your iis is shutting down is kerberos cannot authenticate users if more than 5 minutes of clock drift exists. Read the following:

http://support.microsoft.com/default.aspx?scid=216734

The article references Windows 2000 but this applies to Windows 2003 as well!
And set your server to go to ntp.nasa.gov then all should be well!

D
0
 
happydog234Author Commented:
This doesn't really apply.  As a member server, it shoudl be pulling time from the DC.  It is not.  It isn't a good idea (from what I've read) to point member severs to time servers that aren't a DC in the network...
0
 
John Gates, CISSPSecurity ProfessionalCommented:
Ok, is your DC properly syncing with an outside time source?  Also I have never heard of time shutting down IIS.  I think you may have a bug bug on that box.  Did you check for code red etc on this machine?  Did you run the IIS lockdown tool on it?

D
0
 
happydog234Author Commented:
My fault, needed to open icmp packets on my firewall from my DC

Thanks Dimante- good article
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now