W32Time Event 27 on domain members

Posted on 2011-05-10
Last Modified: 2012-05-11
I have a Windows 2003 domain with two domain controllers. All of the domain members have the W32Time event 27 in the system logs. (The response received from domain controller is missing the signature. The response may have been tampered with and will be ignored.)

Now, I would typically do all the w32tm /resync, /setsntp, etc tricks, but this is happening to ALL domain members, so there must be another global issue. In addition, those fixes do not stick with the servers I've tried them on. I feel like this is a PDC or Group Policy issue, though registry settings on the PDC look OK, and there does not seem to be a GP in place which affects time.

Any ideas?
Question by:MacGyverSolutions
    LVL 8

    Expert Comment

    Do you have a Certificate Authority on your domain? Does the DC have a digital certificate that recently expired?
    LVL 38

    Expert Comment

    by:Adam Brown
    Run w32tm /query /status on one of the workstations to see what the Source is configured for. It's possible that an update or something similar caused the computers to lose the proper Domain Hierarchy configuration for time sync. If the Source shows anything other than a single Domain Controller, you'll want to run w32tm /resync /rediscover to restore the proper configuration. Also look through your Logon and Startup scripts to make sure there aren't any registry modifications being deployed that affect the Time Sync system.
    LVL 2

    Author Comment

    Devin - there is no CA on this domain.

    AC - These servers don't seem to support the "w32tm /query /status" command; I get "The command /query is unknown." However when I run "w32tm /monitor" I get the following (edited):
    dc1.domain.local []:
        ICMP: 0ms delay.
        NTP: error ERROR_TIMEOUT - no response from server in 1000ms
    dc2.domain.local *** PDC *** []:
        ICMP: 0ms delay.
        NTP: +0.0000000s offset from dc2.domain.local
            RefID: []

    All members are currently using Again, I'm sure that setting the SNTP server manually would work, but since this is happening on ALL domain member servers, there must be something deeper. There are no logon scripts, and the only GP being applied is the default domain policy. Could something be up with the PDC emulator, or maybe NTDS settings?
    LVL 2

    Author Comment

    BTW, dc2 is the current PDC emulator.
    LVL 2

    Accepted Solution

    I believe I found a solution - however the steps taken above will hopefully help out the next person to run into these issues.

    Turns out that the domain controllers had a program called "Tardis 2000" installed on them, which was stepping on the domain controller's NTP services. This was preventing domain members from getting signed time updates. I disabled the Tardis service, restarted the Windows Time service, and everything seems to have cleared up. Don't know why Tardis was installed (I inherited these servers) but keep an eye out for anything which may try to provide NTP services on domain controllers, as this can cause major Kerberos authentication issues, and fills up the event logs of member servers.

    Thanks for your help Devin and AC.
    LVL 2

    Author Closing Comment

    Found my own solution when looking into Windows services which may have conflicted with the NTP services.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now