Solved

Event ID 1, time is getting reset

Posted on 2014-01-13
1
589 Views
Last Modified: 2014-01-22
I have a log posting about every ten seconds that something has updated the time on my server.

Windows Time service is running, but I think someone used the command line to set an NTP server or something.

OR, the ESXi host is updating the time for me.  Either way, i have thousands of entries about my time being reset and I need to clear it up.

I turned on advanced logging and I see lots of this:
will be made for 1 minutes. NTPCLIENT HAS NO SOURCE OF ACCURATE TIME.
150858 02:55:05.8480818s - PeerPollingThread: waiting 1.498s
150858 02:55:05.9030850s - ListeningThread -- DataAvailEvent set for socket 1 (0.0.0.0:123)
150858 02:55:05.9030850s - ListeningThread -- response heard from 64.4.10.33:123 <- 10.0.0.6:123
150858 02:55:05.9030850s - /-- NTP Packet:
150858 02:55:05.9030850s - | LeapIndicator: 0 - no warning;  VersionNumber: 3;  Mode: 4 - Server;  LiVnMode: 0x1C
150858 02:55:05.9030850s - | Stratum: 2 - secondary reference (syncd by (S)NTP)
150858 02:55:05.9030850s - | Poll Interval: 15 - out of valid range;  Precision: -6 - 15.625ms per tick
150858 02:55:05.9040850s - | RootDelay: 0x0000.0800s - 0.03125s;  RootDispersion: 0x0000.12B3s - 0.0730438s
150858 02:55:05.9040850s - | ReferenceClockIdentifier: 0x0A14E533 - source IP: 10.20.229.51
150858 02:55:05.9040850s - | ReferenceTimestamp:   0xD67F2574C8344079 - 13034141684782047300ns - 150858 02:54:44.7820473s
150858 02:55:05.9050851s - | OriginateTimestamp:   0xD67F2589CCD1FBE0 - 13034141705800079100ns - 150858 02:55:05.8000791s
150858 02:55:05.9050851s - | ReceiveTimestamp:     0xD67F2589E8344079 - 13034141705907047300ns - 150858 02:55:05.9070473s
150858 02:55:05.9050851s - | TransmitTimestamp:    0xD67F2589E8344079 - 13034141705907047300ns - 150858 02:55:05.9070473s
150858 02:55:05.9060851s - >-- Non-packet info:
150858 02:55:05.9060851s - | DestinationTimestamp: 150858 02:55:05.9060851s - 0xD67F2589E730941C150858 02:55:05.9060851s -  - 13034141705903085000ns150858 02:55:05.9060851s -  - 150858 02:55:05.9030850s
150858 02:55:05.9060851s - | RoundtripDelay: 103005900ns (0s)
150858 02:55:05.9070852s - | LocalClockOffset: 55465200ns - 0:00.055465200s
150858 02:55:05.9070852s - \--
150858 02:55:05.9080853s - Ignoring packet invalid mode combination (in:4 out:4).
150858 02:55:07.3461675s - PeerPollingThread: WaitTimeout
150858 02:55:07.3461675s - Resolving manual peer: time.windows.com
150858 02:55:07.3461675s - Association: (Local) 0.0.0.0:123 => 64.4.10.33:123 (Remote)
150858 02:55:07.3461675s - Created reachability group: (
150858 02:55:07.3461675s - 64.4.10.33:123,
150858 02:55:07.3461675s - )
150858 02:55:07.3461675s - PeerPollingThread: waiting 0.000s
150858 02:55:07.3461675s - PeerPollingThread: WaitTimeout
150858 02:55:07.3461675s - Reachability: Attempting to contact peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123).
150858 02:55:07.3461675s - PeerPollingThread: PeerListUpdated
150858 02:55:07.3461675s - Polling peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123)
150858 02:55:07.3461675s - Sending packet to time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123) in Win2K detect mode, stage 1.
150858 02:55:07.3471676s - Peer poll: Max:64.0000000s Cur:00.0000000s
150858 02:55:07.3471676s - PeerPollingThread: waiting 64.000s
150858 02:55:07.3471676s - PeerPollingThread: waiting 64.000s
150858 02:55:07.4131713s - ListeningThread -- DataAvailEvent set for socket 1 (0.0.0.0:123)
150858 02:55:07.4131713s - ListeningThread -- response heard from 64.4.10.33:123 <- 10.0.0.6:123
150858 02:55:07.4131713s - /-- NTP Packet:
150858 02:55:07.4131713s - | LeapIndicator: 0 - no warning;  VersionNumber: 3;  Mode: 4 - Server;  LiVnMode: 0x1C
150858 02:55:07.4131713s - | Stratum: 2 - secondary reference (syncd by (S)NTP)
150858 02:55:07.4131713s - | Poll Interval: 15 - out of valid range;  Precision: -6 - 15.625ms per tick
150858 02:55:07.4131713s - | RootDelay: 0x0000.0800s - 0.03125s;  RootDispersion: 0x0000.12B5s - 0.0730743s
150858 02:55:07.4131713s - | ReferenceClockIdentifier: 0x0A14E533 - source IP: 10.20.229.51
150858 02:55:07.4131713s - | ReferenceTimestamp:   0xD67F2574C86F02ED - 13034141684782943900ns - 150858 02:54:44.7829439s
150858 02:55:07.4131713s - | OriginateTimestamp:   0xD67F258B58DFF9D0 - 13034141707347167600ns - 150858 02:55:07.3471676s
150858 02:55:07.4131713s - | ReceiveTimestamp:     0xD67F258B6C460D2A - 13034141707422943900ns - 150858 02:55:07.4229439s
150858 02:55:07.4131713s - | TransmitTimestamp:    0xD67F258B6C460D2A - 13034141707422943900ns - 150858 02:55:07.4229439s
150858 02:55:07.4131713s - >-- Non-packet info:
150858 02:55:07.4131713s - | DestinationTimestamp: 150858 02:55:07.4131713s - 0xD67F258B69C59825150858 02:55:07.4131713s -  - 13034141707413171300ns150858 02:55:07.4131713s -  - 150858 02:55:07.4131713s
150858 02:55:07.4131713s - | RoundtripDelay: 66003700ns (0s)
150858 02:55:07.4131713s - | LocalClockOffset: 42774400ns - 0:00.042774400s
150858 02:55:07.4131713s - \--
150858 02:55:07.4131713s - Peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123) is not Win2K. Setting compat flags.
150858 02:55:07.4131713s - Peer poll: Max:64.0000000s Cur:63.9339963s
150858 02:55:07.4131713s - Response from peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123), ofs: +00.0427744s
150858 02:55:07.4141714s - 5 Age:5 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:08.0000000s
150858 02:55:07.4141714s - 4 Age:4 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:12.0000000s
150858 02:55:07.4141714s - 3 Age:3 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:14.0000000s
150858 02:55:07.4141714s - 2 Age:2 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:15.0000000s
150858 02:55:07.4141714s - 1 Age:1 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:15.5000000s
150858 02:55:07.4141714s - 0 Age:0 Ofs:+00.0427744s Dly:+00.0660037s RDly:+00.0312500s Dsp:00.0312258s RDsp:00.0730743s Pnt:00.0000000s Dst:00.0642276s FDsp:07.7500000s
150858 02:55:07.4141714s - Reachability:  peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123) is reachable.
150858 02:55:07.4141714s - Logging information: NtpClient is currently receiving valid time data from time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123).
150858 02:55:07.4141714s - W32TmServiceMain: resync req, irreg already pending.
150858 02:55:07.4141714s - W32TmServiceMain: waiting i14.431s (62.431s)


Ideas?

Thanks

Cliff
0
Comment
Question by:crp0499
1 Comment
 
LVL 12

Accepted Solution

by:
SreRaj earned 500 total points
ID: 39778610
Hi,

By any chance is this server a Domain Controller holding PDC Emulator role, if so, then you will have to configure this PDC Emulator to sync its time from a Hardware Time Server Device or from time.windows.com and advertise itself as a time source for the domain. Please refer following article on how to do this.

http://technet.microsoft.com/en-us/library/dd723673(v=ws.10).aspx

If this is a member server, then you could execute the following command to configure it to sync time with PDC Emulator for the domain.

w32tm /config /syncfromflags:domhier /update
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question