Link to home
Start Free TrialLog in
Avatar of happydog234
happydog234

asked on

w32time faillure- auto-disbling IIS?

I've got a win2k3 std server running IIS, am FTP site. It is a member of the domain.  I keep getting w32time errors in my system log (see below).  I don't really care, EXCEPT, every few hours IIS and FTP get disabled.  There is no evidence of this happening in any event log.  I load the server, it fails.  I TS in, and I go to computer manager and see the little "x" on the "Web Sites" folder and the "FTP sites" folder.  

All I have to do is start the service again to get IIS and FTP back up.  No errors or difficulties in getting them back up.  But the server disables them every few hours.

It's obvious that they w32 time errors are a problem, but why could this happen?

Also, i've got a firewall, but set up a trusted entry for my DC for all ports.  Still no time sync.  

What am I looking for? Why IIS and FTP auto-disables on w32time failure.  Would be great to have a solution to my w32time issues, but that isn't the main question here.

The precise error is:
"The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. "
Avatar of John Gates, CISSP, CDPSE
John Gates, CISSP, CDPSE
Flag of United States of America image

THe reson your iis is shutting down is kerberos cannot authenticate users if more than 5 minutes of clock drift exists. Read the following:

http://support.microsoft.com/default.aspx?scid=216734

The article references Windows 2000 but this applies to Windows 2003 as well!
And set your server to go to ntp.nasa.gov then all should be well!

D
Avatar of happydog234
happydog234

ASKER

This doesn't really apply.  As a member server, it shoudl be pulling time from the DC.  It is not.  It isn't a good idea (from what I've read) to point member severs to time servers that aren't a DC in the network...
ASKER CERTIFIED SOLUTION
Avatar of John Gates, CISSP, CDPSE
John Gates, CISSP, CDPSE
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
My fault, needed to open icmp packets on my firewall from my DC

Thanks Dimante- good article