Solved

Event ID 1, time is getting reset

Posted on 2014-01-13
1
567 Views
Last Modified: 2014-01-22
I have a log posting about every ten seconds that something has updated the time on my server.

Windows Time service is running, but I think someone used the command line to set an NTP server or something.

OR, the ESXi host is updating the time for me.  Either way, i have thousands of entries about my time being reset and I need to clear it up.

I turned on advanced logging and I see lots of this:
will be made for 1 minutes. NTPCLIENT HAS NO SOURCE OF ACCURATE TIME.
150858 02:55:05.8480818s - PeerPollingThread: waiting 1.498s
150858 02:55:05.9030850s - ListeningThread -- DataAvailEvent set for socket 1 (0.0.0.0:123)
150858 02:55:05.9030850s - ListeningThread -- response heard from 64.4.10.33:123 <- 10.0.0.6:123
150858 02:55:05.9030850s - /-- NTP Packet:
150858 02:55:05.9030850s - | LeapIndicator: 0 - no warning;  VersionNumber: 3;  Mode: 4 - Server;  LiVnMode: 0x1C
150858 02:55:05.9030850s - | Stratum: 2 - secondary reference (syncd by (S)NTP)
150858 02:55:05.9030850s - | Poll Interval: 15 - out of valid range;  Precision: -6 - 15.625ms per tick
150858 02:55:05.9040850s - | RootDelay: 0x0000.0800s - 0.03125s;  RootDispersion: 0x0000.12B3s - 0.0730438s
150858 02:55:05.9040850s - | ReferenceClockIdentifier: 0x0A14E533 - source IP: 10.20.229.51
150858 02:55:05.9040850s - | ReferenceTimestamp:   0xD67F2574C8344079 - 13034141684782047300ns - 150858 02:54:44.7820473s
150858 02:55:05.9050851s - | OriginateTimestamp:   0xD67F2589CCD1FBE0 - 13034141705800079100ns - 150858 02:55:05.8000791s
150858 02:55:05.9050851s - | ReceiveTimestamp:     0xD67F2589E8344079 - 13034141705907047300ns - 150858 02:55:05.9070473s
150858 02:55:05.9050851s - | TransmitTimestamp:    0xD67F2589E8344079 - 13034141705907047300ns - 150858 02:55:05.9070473s
150858 02:55:05.9060851s - >-- Non-packet info:
150858 02:55:05.9060851s - | DestinationTimestamp: 150858 02:55:05.9060851s - 0xD67F2589E730941C150858 02:55:05.9060851s -  - 13034141705903085000ns150858 02:55:05.9060851s -  - 150858 02:55:05.9030850s
150858 02:55:05.9060851s - | RoundtripDelay: 103005900ns (0s)
150858 02:55:05.9070852s - | LocalClockOffset: 55465200ns - 0:00.055465200s
150858 02:55:05.9070852s - \--
150858 02:55:05.9080853s - Ignoring packet invalid mode combination (in:4 out:4).
150858 02:55:07.3461675s - PeerPollingThread: WaitTimeout
150858 02:55:07.3461675s - Resolving manual peer: time.windows.com
150858 02:55:07.3461675s - Association: (Local) 0.0.0.0:123 => 64.4.10.33:123 (Remote)
150858 02:55:07.3461675s - Created reachability group: (
150858 02:55:07.3461675s - 64.4.10.33:123,
150858 02:55:07.3461675s - )
150858 02:55:07.3461675s - PeerPollingThread: waiting 0.000s
150858 02:55:07.3461675s - PeerPollingThread: WaitTimeout
150858 02:55:07.3461675s - Reachability: Attempting to contact peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123).
150858 02:55:07.3461675s - PeerPollingThread: PeerListUpdated
150858 02:55:07.3461675s - Polling peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123)
150858 02:55:07.3461675s - Sending packet to time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123) in Win2K detect mode, stage 1.
150858 02:55:07.3471676s - Peer poll: Max:64.0000000s Cur:00.0000000s
150858 02:55:07.3471676s - PeerPollingThread: waiting 64.000s
150858 02:55:07.3471676s - PeerPollingThread: waiting 64.000s
150858 02:55:07.4131713s - ListeningThread -- DataAvailEvent set for socket 1 (0.0.0.0:123)
150858 02:55:07.4131713s - ListeningThread -- response heard from 64.4.10.33:123 <- 10.0.0.6:123
150858 02:55:07.4131713s - /-- NTP Packet:
150858 02:55:07.4131713s - | LeapIndicator: 0 - no warning;  VersionNumber: 3;  Mode: 4 - Server;  LiVnMode: 0x1C
150858 02:55:07.4131713s - | Stratum: 2 - secondary reference (syncd by (S)NTP)
150858 02:55:07.4131713s - | Poll Interval: 15 - out of valid range;  Precision: -6 - 15.625ms per tick
150858 02:55:07.4131713s - | RootDelay: 0x0000.0800s - 0.03125s;  RootDispersion: 0x0000.12B5s - 0.0730743s
150858 02:55:07.4131713s - | ReferenceClockIdentifier: 0x0A14E533 - source IP: 10.20.229.51
150858 02:55:07.4131713s - | ReferenceTimestamp:   0xD67F2574C86F02ED - 13034141684782943900ns - 150858 02:54:44.7829439s
150858 02:55:07.4131713s - | OriginateTimestamp:   0xD67F258B58DFF9D0 - 13034141707347167600ns - 150858 02:55:07.3471676s
150858 02:55:07.4131713s - | ReceiveTimestamp:     0xD67F258B6C460D2A - 13034141707422943900ns - 150858 02:55:07.4229439s
150858 02:55:07.4131713s - | TransmitTimestamp:    0xD67F258B6C460D2A - 13034141707422943900ns - 150858 02:55:07.4229439s
150858 02:55:07.4131713s - >-- Non-packet info:
150858 02:55:07.4131713s - | DestinationTimestamp: 150858 02:55:07.4131713s - 0xD67F258B69C59825150858 02:55:07.4131713s -  - 13034141707413171300ns150858 02:55:07.4131713s -  - 150858 02:55:07.4131713s
150858 02:55:07.4131713s - | RoundtripDelay: 66003700ns (0s)
150858 02:55:07.4131713s - | LocalClockOffset: 42774400ns - 0:00.042774400s
150858 02:55:07.4131713s - \--
150858 02:55:07.4131713s - Peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123) is not Win2K. Setting compat flags.
150858 02:55:07.4131713s - Peer poll: Max:64.0000000s Cur:63.9339963s
150858 02:55:07.4131713s - Response from peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123), ofs: +00.0427744s
150858 02:55:07.4141714s - 5 Age:5 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:08.0000000s
150858 02:55:07.4141714s - 4 Age:4 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:12.0000000s
150858 02:55:07.4141714s - 3 Age:3 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:14.0000000s
150858 02:55:07.4141714s - 2 Age:2 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:15.0000000s
150858 02:55:07.4141714s - 1 Age:1 Ofs:+00.0000000s Dly:+00.0000000s RDly:+00.0000000s Dsp:16.0000000s RDsp:00.0000000s Pnt:00.0000028s Dst:16.0000028s FDsp:15.5000000s
150858 02:55:07.4141714s - 0 Age:0 Ofs:+00.0427744s Dly:+00.0660037s RDly:+00.0312500s Dsp:00.0312258s RDsp:00.0730743s Pnt:00.0000000s Dst:00.0642276s FDsp:07.7500000s
150858 02:55:07.4141714s - Reachability:  peer time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123) is reachable.
150858 02:55:07.4141714s - Logging information: NtpClient is currently receiving valid time data from time.windows.com (ntp.m|0x0|0.0.0.0:123->64.4.10.33:123).
150858 02:55:07.4141714s - W32TmServiceMain: resync req, irreg already pending.
150858 02:55:07.4141714s - W32TmServiceMain: waiting i14.431s (62.431s)


Ideas?

Thanks

Cliff
0
Comment
Question by:crp0499
1 Comment
 
LVL 12

Accepted Solution

by:
SreRaj earned 500 total points
ID: 39778610
Hi,

By any chance is this server a Domain Controller holding PDC Emulator role, if so, then you will have to configure this PDC Emulator to sync its time from a Hardware Time Server Device or from time.windows.com and advertise itself as a time source for the domain. Please refer following article on how to do this.

http://technet.microsoft.com/en-us/library/dd723673(v=ws.10).aspx

If this is a member server, then you could execute the following command to configure it to sync time with PDC Emulator for the domain.

w32tm /config /syncfromflags:domhier /update
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now