Solved

Event ID 1, time is getting reset

Posted on 2014-01-13
1
622 Views
Last Modified: 2014-01-22
I have a log posting about every ten seconds that something has updated the time on my server.

Windows Time service is running, but I think someone used the command line to set an NTP server or something.

OR, the ESXi host is updating the time for me.  Either way, i have thousands of entries about my time being reset and I need to clear it up.

I turned on advanced logging and I see lots of this:
will be made for 1 minutes. NTPCLIENT HAS NO SOURCE OF ACCURATE TIME.
150858 02:55:05.8480818s - PeerPollingThread: waiting 1.498s
150858 02:55:05.9030850s - ListeningThread -- DataAvailEvent set for socket 1 (0.0.0.0:123)
150858 02:55:05.9030850s - ListeningThread -- response heard from 64.4.10.33:123 <- 10.0.0.6:123
150858 02:55:05.9030850s - /-- NTP Packet:
150858 02:55:05.9030850s - | LeapIndicator: 0 - no warning;  VersionNumber: 3;  Mode: 4 - Server;  LiVnMode: 0x1C
150858 02:55:05.9030850s - | Stratum: 2 - secondary reference (syncd by (S)NTP)
150858 02:55:05.9030850s - | Poll Interval: 15 - out of valid range;  Precision: -6 - 15.625ms per tick
150858 02:55:05.9040850s - | RootDelay: 0x0000.0800s - 0.03125s;  RootDispersion: 0x0000.12B3s - 0.0730438s
150858 02:55:05.9040850s - | ReferenceClockIdentifier: 0x0A14E533 - source IP: 10.20.229.51
150858 02:55:05.9040850s - | ReferenceTimestamp:   0xD67F2574C8344079 - 13034141684782047300ns - 150858 02:54:44.7820473s
150858 02:55:05.9050851s - | OriginateTimestamp:   0xD67F2589CCD1FBE0 - 13034141705800079100ns - 150858 02:55:05.8000791s
150858 02:55:05.9050851s - | ReceiveTimestamp:     0xD67F2589E8344079 - 13034141705907047300ns - 150858 02:55:05.9070473s
150858 02:55:05.9050851s - | TransmitTimestamp:    0xD67F2589E8344079 - 13034141705907047300ns - 150858 02:55:05.9070473s
150858 02:55:05.9060851s - >-- Non-packet info:
150858 02:55:05.9060851s - | DestinationTimestamp: 150858 02:55:05.9060851s - 0xD67F2589E730941C150858 02:55:05.9060851s -  - 13034141705903085000ns150858 02:55:05.9060851s -  - 150858 02:55:05.9030850s
150858 02:55:05.9060851s - | RoundtripDelay: 103005900ns (0s)
150858 02:55:05.9070852s - | LocalClockOffset: 55465200ns - 0:00.055465200s
150858 02:55:05.9070852s - \--
150858 02:55:05.9080853s - Ignoring packet invalid mode combination (in:4 out:4).
150858 02:55:07.3461675s - PeerPollingThread: WaitTimeout
150858 02:55:07.3461675s - Resolving manual peer: time.windows.com
150858 02:55:07.3461675s - Association: (Local) 0.0.0.0:123 => 64.4.10.33:123 (Remote)
150858 02:55:07.3461675s - Created reachability group: (
150858 02:55:07.3461675s - 64.4.10.33:123,
150858 02:55:07.3461675s - )
150858 02:55:07.3461675s - PeerPollingThread: waiting 0.000s
150858 02:55:07.3461675s - PeerPollingThread: WaitTimeout
150858 02:55:07.3461675s - Reachability: Attempting to contact peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123).
150858 02:55:07.3461675s - PeerPollingThread: PeerListUpdated
150858 02:55:07.3461675s - Polling peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123)
150858 02:55:07.3461675s - Sending packet to time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123) in Win2K detect mode, stage 1.
150858 02:55:07.3471676s - Peer poll: Max:64.0000000s Cur:00.0000000s
150858 02:55:07.3471676s - PeerPollingThread: waiting 64.000s
150858 02:55:07.3471676s - PeerPollingThread: waiting 64.000s
150858 02:55:07.4131713s - ListeningThread -- DataAvailEvent set for socket 1 (0.0.0.0:123)
150858 02:55:07.4131713s - ListeningThread -- response heard from 64.4.10.33:123 <- 10.0.0.6:123
150858 02:55:07.4131713s - /-- NTP Packet:
150858 02:55:07.4131713s - | LeapIndicator: 0 - no warning;  VersionNumber: 3;  Mode: 4 - Server;  LiVnMode: 0x1C
150858 02:55:07.4131713s - | Stratum: 2 - secondary reference (syncd by (S)NTP)
150858 02:55:07.4131713s - | Poll Interval: 15 - out of valid range;  Precision: -6 - 15.625ms per tick
150858 02:55:07.4131713s - | RootDelay: 0x0000.0800s - 0.03125s;  RootDispersion: 0x0000.12B5s - 0.0730743s
150858 02:55:07.4131713s - | ReferenceClockIdentifier: 0x0A14E533 - source IP: 10.20.229.51
150858 02:55:07.4131713s - | ReferenceTimestamp:   0xD67F2574C86F02ED - 13034141684782943900ns - 150858 02:54:44.7829439s
150858 02:55:07.4131713s - | OriginateTimestamp:   0xD67F258B58DFF9D0 - 13034141707347167600ns - 150858 02:55:07.3471676s
150858 02:55:07.4131713s - | ReceiveTimestamp:     0xD67F258B6C460D2A - 13034141707422943900ns - 150858 02:55:07.4229439s
150858 02:55:07.4131713s - | TransmitTimestamp:    0xD67F258B6C460D2A - 13034141707422943900ns - 150858 02:55:07.4229439s
150858 02:55:07.4131713s - >-- Non-packet info:
150858 02:55:07.4131713s - | DestinationTimestamp: 150858 02:55:07.4131713s - 0xD67F258B69C59825150858 02:55:07.4131713s -  - 13034141707413171300ns150858 02:55:07.4131713s -  - 150858 02:55:07.4131713s
150858 02:55:07.4131713s - | RoundtripDelay: 66003700ns (0s)
150858 02:55:07.4131713s - | LocalClockOffset: 42774400ns - 0:00.042774400s
150858 02:55:07.4131713s - \--
150858 02:55:07.4131713s - Peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123) is not Win2K. Setting compat flags.
150858 02:55:07.4131713s - Peer poll: Max:64.0000000s Cur:63.9339963s
150858 02:55:07.4131713s - Response from peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123), ofs: +00.0427744s
150858 02:55:07.4141714s - 5 Age:5 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:08.0000000s
150858 02:55:07.4141714s - 4 Age:4 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:12.0000000s
150858 02:55:07.4141714s - 3 Age:3 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:14.0000000s
150858 02:55:07.4141714s - 2 Age:2 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:15.0000000s
150858 02:55:07.4141714s - 1 Age:1 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:15.5000000s
150858 02:55:07.4141714s - 0 Age:0 Ofs:+00.0427744s Dly:+00.0660037s RDly:+00.0312500s Dsp:00.0312258s RDsp:00.0730743s Pnt:00.0000000s Dst:00.0642276s FDsp:07.7500000s
150858 02:55:07.4141714s - Reachability:  peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123) is reachable.
150858 02:55:07.4141714s - Logging information: NtpClient is currently receiving valid time data from time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123).
150858 02:55:07.4141714s - W32TmServiceMain: resync req, irreg already pending.
150858 02:55:07.4141714s - W32TmServiceMain: waiting i14.431s (62.431s)


Ideas?

Thanks

Cliff
0
Comment
Question by:crp0499
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 12

Accepted Solution

by:
SreRaj earned 500 total points
ID: 39778610
Hi,

By any chance is this server a Domain Controller holding PDC Emulator role, if so, then you will have to configure this PDC Emulator to sync its time from a Hardware Time Server Device or from time.windows.com and advertise itself as a time source for the domain. Please refer following article on how to do this.

http://technet.microsoft.com/en-us/library/dd723673(v=ws.10).aspx

If this is a member server, then you could execute the following command to configure it to sync time with PDC Emulator for the domain.

w32tm /config /syncfromflags:domhier /update
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question