Time Provider NtpClient: The response received from domain controller terminal1.BHDOCS.COM has a bad signature. The response may have been tampered with and will be ignored.
We had this issue occurring between two W2K3 DCs both on the same subnet. We fixed it as specified below:
1. Stop the time service: Net stop w32time
2. Unload the w32time service: W32tm /unregister
3. Reload the w32time service: W32tm /register
4. Set up the SNTP source server: Net time /setsntp:prefered.timesource.com
5. Start w32time service: Net start w32time
6. Test the connection and time synchronization: W32tm /resync
Restart the W32Time Service. I have seen this when the Time provider is moved from one DC to another and the client fail to recognise the move. Run the following command from a dos prompt: w32tm /monitor. This will show you which DCs are synchronising with what Time provider. See ME816042 for additional information on the Time Provider settings.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.