Event ID/Source search
Keyword search
Example: Windows cannot unload your registry file
EventID.Net Splunk Add-on
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
read more...
Event ID: 26 Source: W32Time
| Source: W32Time |
| Type: Error |
| Description: Time Provider NtpClient: The response received from domain controller terminal1.BHDOCS.COM has a bad signature. The response may have been tampered with and will be ignored. |
| English: Request a translation of the event description in plain English. |
| Comments: ISON Group We had this issue occurring between two W2K3 DCs both on the same subnet. We fixed it as specified below: 1. Stop the time service: Net stop w32time 2. Unload the w32time service: W32tm /unregister 3. Reload the w32time service: W32tm /register 4. Set up the SNTP source server: Net time /setsntp:prefered.timesource.com 5. Start w32time service: Net start w32time 6. Test the connection and time synchronization: W32tm /resync  x
3
Anonymous Restart the W32Time Service. I have seen this when the Time provider is moved from one DC to another and the client fail to recognise the move. Run the following command from a dos prompt: w32tm /monitor. This will show you which DCs are synchronising with what Time provider. See ME816042 for additional information on the Time Provider settings. x
3
|
| Private comment: Subscribers only. See example of private comment |
| Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links... |
| Feedback:
Send comments or solutions
- Notify me when updated
|
| Printer friendly |
Subscribe to EventID.Net now!