Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 17 Source: W32Time

Source
Level
Description
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.
Comments
 
This is what worked for me:

Open Registry Editor (regedit.exe) and configure the following registry entries:

    HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

This registry entry determines which peers W32Time will accept synchronization from. Change this REG_SZ value from NT5DS to NTP so the PDC Emulator synchronizes from the list of reliable time servers specified in the NtpServer registry entry described below.

    HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

This registry entry controls whether the local computer is marked as a reliable time server (which is only possible if the previous registry entry is set to NTP as described above). Change this REG_DWORD value from 10 to 5 here.

    HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer

This registry entry specifies a space-delimited list of stratum 1 time servers from which the local computer can obtain reliable time stamps. The list may consist of one or more DNS names or IP addresses (if DNS names are used then you must append , 0x1 to the end of each DNS name). For example, to synchronize the PDC Emulator in your forest root domain with tock.usno.navy.mil, an open-access SNTP time server run by the United States Naval Observatory, change the value of the NtpServer registry entry from time.windows.com, 0x1 to tock.usno.navy.mil, 0x1 here. Alternatively, you can specify the IP address of this time server, which is 192.5.41.209 instead.

Now stop and restart the Windows Time service using the following commands:

    net stop w32time

    net start w32time

And, at the end, in a Dos console, type:
w32tm /resync

See also the Configuring the Windows Time Service link.
To solve this problem I changed the value of the registry key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NTpServer] to time.windows.com, 0x1.
The Windows XP firewall blocks the updates as well. Make an exception for UDP port 123. We made an exception using Group policy. This is located under Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile -> Windows Firewall -> Define Port Exceptions. Use the Show button and then add 123:UDP:xxx.xxx.xxx.xxx/xx, xxx.xxx.xxx.xxx/xx:enabled:W32TM. Where the x's are your IP range, i.e.: 10.10.1.0/24, 10.10.10.0/24. You only need to set this for the Domain profile. The standard profile controls the firewall when not connected to your domain, so they could not synchronize with your DCs anyway.
From a newsgroup post: "If W32Time is failing, that means your computer can't reach "time.windows.com" nor "time.nist.gov". If that is the case, I suspect you are not connected directly to the Internet, or you have some kind of network problem. If you want to set up an alternative time server, run regedit and drill down to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers. Add a new "String Value" and rename it to "3". Change its value to another time server. If you are at work behind a firewall, you'll have to use a local server
within your intranet. I use "time.esec.com.au" because it's a little faster than the US ones. Finally, open "Date and Time Properties" and click the "Internet Time" tab. Select your new server from the "Server" drop down list and "Update Now".

See MSW2KDB and "How to fix time synchronization errors" for additional information on this problem.
This happens on Windows XP. To fix: go to "Date and Time Properties" and under "Internet Time" uncheck "Automatically synchonize with an Internet timeserver".


Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...