MacGyverSolutions
asked on
W32Time Event 27 on domain members
I have a Windows 2003 domain with two domain controllers. All of the domain members have the W32Time event 27 in the system logs. (The response received from domain controller is missing the signature. The response may have been tampered with and will be ignored.)
Now, I would typically do all the w32tm /resync, /setsntp, etc tricks, but this is happening to ALL domain members, so there must be another global issue. In addition, those fixes do not stick with the servers I've tried them on. I feel like this is a PDC or Group Policy issue, though registry settings on the PDC look OK, and there does not seem to be a GP in place which affects time.
Any ideas?
Now, I would typically do all the w32tm /resync, /setsntp, etc tricks, but this is happening to ALL domain members, so there must be another global issue. In addition, those fixes do not stick with the servers I've tried them on. I feel like this is a PDC or Group Policy issue, though registry settings on the PDC look OK, and there does not seem to be a GP in place which affects time.
Any ideas?
Do you have a Certificate Authority on your domain? Does the DC have a digital certificate that recently expired?
Run w32tm /query /status on one of the workstations to see what the Source is configured for. It's possible that an update or something similar caused the computers to lose the proper Domain Hierarchy configuration for time sync. If the Source shows anything other than a single Domain Controller, you'll want to run w32tm /resync /rediscover to restore the proper configuration. Also look through your Logon and Startup scripts to make sure there aren't any registry modifications being deployed that affect the Time Sync system.
ASKER
Devin - there is no CA on this domain.
AC - These servers don't seem to support the "w32tm /query /status" command; I get "The command /query is unknown." However when I run "w32tm /monitor" I get the following (edited):
dc1.domain.local [192.168.14.231]:
ICMP: 0ms delay.
NTP: error ERROR_TIMEOUT - no response from server in 1000ms
dc2.domain.local *** PDC *** [192.168.14.112]:
ICMP: 0ms delay.
NTP: +0.0000000s offset from dc2.domain.local
RefID: auth01.dns.datacenter.com [222.222.222.196]
All members are currently using time.windows.com. Again, I'm sure that setting the SNTP server manually would work, but since this is happening on ALL domain member servers, there must be something deeper. There are no logon scripts, and the only GP being applied is the default domain policy. Could something be up with the PDC emulator, or maybe NTDS settings?
AC - These servers don't seem to support the "w32tm /query /status" command; I get "The command /query is unknown." However when I run "w32tm /monitor" I get the following (edited):
dc1.domain.local [192.168.14.231]:
ICMP: 0ms delay.
NTP: error ERROR_TIMEOUT - no response from server in 1000ms
dc2.domain.local *** PDC *** [192.168.14.112]:
ICMP: 0ms delay.
NTP: +0.0000000s offset from dc2.domain.local
RefID: auth01.dns.datacenter.com [222.222.222.196]
All members are currently using time.windows.com. Again, I'm sure that setting the SNTP server manually would work, but since this is happening on ALL domain member servers, there must be something deeper. There are no logon scripts, and the only GP being applied is the default domain policy. Could something be up with the PDC emulator, or maybe NTDS settings?
ASKER
BTW, dc2 is the current PDC emulator.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Found my own solution when looking into Windows services which may have conflicted with the NTP services.