Disable event 1 kernel-general in windows 2008 R2
Hi Experts,
We desperately need to disable event 1 kernel-general in windows 2008 R2 indicating the system time has changed.
Please advise.
Thanks,
We desperately need to disable event 1 kernel-general in windows 2008 R2 indicating the system time has changed.
Please advise.
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
NTP client does it every 6 hours.
1 minute offset in 6 hours signifies badly damaged hardware (or that your virtualization solution does not keep time correctly)
What are your time servers? Are your domain controllers in sync?
1 minute offset in 6 hours signifies badly damaged hardware (or that your virtualization solution does not keep time correctly)
What are your time servers? Are your domain controllers in sync?
ASKER
This behaviour seems really random. Sometimes it happens 3 times a day, sometimes it does not happen in 2 weeks.
This is a physical server, and I have seen this event everywhere even on my Windows 7 machine, which syncs with Internet.
This is a physical server, and I have seen this event everywhere even on my Windows 7 machine, which syncs with Internet.
it is a normal time synching event. "Windows Time" service is responsible for it.
particular message sets time one minute ahead. That is bad. i would recommend to check (with ntpdate from meinberg NTP if no better idea) if all DCs have same time set.
This event is a sign of normal operation otherwise. If you filter then say pay attention to offset of >10min or so.
You can use Meinberg NTP to adjust timer speed in place of default NTP. It will report communication error with upstream NTP anyway.
particular message sets time one minute ahead. That is bad. i would recommend to check (with ntpdate from meinberg NTP if no better idea) if all DCs have same time set.
This event is a sign of normal operation otherwise. If you filter then say pay attention to offset of >10min or so.
You can use Meinberg NTP to adjust timer speed in place of default NTP. It will report communication error with upstream NTP anyway.
ASKER
Log Name: System
Source: Microsoft-Windows-Kernel-G
Date: 13/01/2011 5:37:33 PM
Event ID: 1
Task Category: None
Level: Information
Keywords: Time
User: SYSTEM
Computer: Database01
Description:
The system time has changed to ¿2011¿-¿01¿-¿13T22:37:33.5
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ke
<EventID>1</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2011-01-13T22:
<EventRecordID>9677</Event
<Correlation />
<Execution ProcessID="4" ThreadID="80" />
<Channel>System</Channel>
<Computer>YMDB02</Computer
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="NewTime">2011-01-13T
<Data Name="OldTime">2011-01-13T
</EventData>
</Event>