Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 26 Source: W32Time

Source
Level
Description
Time Provider NtpClient: The response received from domain controller terminal1.BHDOCS.COM has a bad signature. The response may have been tampered with and will be ignored.
Comments
 
We had this issue occurring between two W2K3 DCs both on the same subnet. We fixed it as specified below:
1. Stop the time service:  Net stop w32time
2. Unload the w32time service:  W32tm /unregister
3. Reload the w32time service:  W32tm /register
4. Set up the SNTP source server:  Net time /setsntp:prefered.timesource.com
5. Start w32time service:  Net start w32time
6. Test the connection and time synchronization:  W32tm /resync
Restart the W32Time Service. I have seen this when the Time provider is moved from one DC to another and the client fail to recognise the move. Run the following command from a dos prompt: w32tm /monitor. This will show you which DCs are synchronising with what Time provider. See ME816042 for additional information on the Time Provider settings.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...