Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 12 Source: w32time

Source
Level
Description
The NTP server <server> isn't synced, time not set.
Comments
 
Verify that HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type is set to NTP (instead of Nt5DS) on the domain controller holding the forest root PDC master role.
We were experiencing event ID 12 along with incorrect time throughout the forest. We found the "Type" on both of our root DCs was set to Nt5DS. It turned out they were getting time from each other instead of the Internet. Setting the "Type" on the PDC of the forest root to NTP solved the problem.
ME816042 has information on how to configure an authoritative time server in Windows Server 2003.
From a newsgroup post: "This may also indicate a possible firewall rule or lack of, blocking NTP (UDP 123) to this machine".

As per Microsoft: "The purpose of the Time service is to ensure that all computers that are running Windows 2000 or later in an organization use a common time. The Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage". See ME216734 to find out how to configure an authoritative time server in Windows 2000 and ME314054 for Windows XP.

See ME555225 for information on how to manually sync time between domain client and local time server.
The NTP server has to be set. This is not anything big, but can cause problems for servers on an NT domain. Use: “net time /setsnpt: <server name>”.
You can get rid of this warning with the following commands:
1) Set a chain of SNTP servers to synchronize with via “net time /setsntp: <server name>”. You can get a list of local servers to synchronize to from the link below.
2) Run the command “w32tm /config /syncfromflags:MANUAL /reliable:YES /update”. This directs Windows to think that the time is reliable on the local server. The only way to get it reliable is to synchronize with the servers as in step 1.


The SNTP server that the Windows 2000 machine is using for time synchronization has lost sync with its master clock, and is returning a "Clock Not Synchronized (11)" message, in accordance with RFC 2030.  This event should only occur when the Windows 2000 machine has been directed to use an SNTP server for time sync, using the "net time /setsntp:<servername>" command, rather than a Windows 2000 domain controller (the default). This indicates a problem with the time server.
From W32time.doc: "This message appears if time was obtained from an NTP server, but it indicated that the server might not have accurate time. The time is not set, since it is better to be safe than sorry."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...