Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 63 Source: w32time

Source
Level
Description
The time service cannot provide secure (signed) time to client because the attempt to validate its computer account failed with error 1317. Falling back to insecure (unsigned) time for this client.
Comments
 
As per Microsoft: "This problem can occur when the password of the inter-domain trust account is not synchronized on both sides of the trust relationship". See ME816577 and ME892426 for more details on this issue.
The Microsoft article ME328701 might explain it.
This usual occurs because the domain controller can not validate the computer account. There are normally 2 reasons for this:
1) a DNS lookup failure, meaning it doesnt know wher to find the server to validate the information.
2) There is a problem with the computer account or the domain. Most of the time, a remove and readd to the domain fixes this issue.
NTP = Network Time Protocol, RFC 1305
SNTP = Simple Network Time Protocol, RFC 2030
The difference between SNTP and NTP is that SNTP is a simplified NTP but also with a modified header interpretation to accommodate Internet Protocol Version 6 (IPv6) and OSI addressing. SNTP Version 4 includes certain optional extensions to the basic Version 3 model, including an anycast mode and an authentication scheme designed specifically for multicast and anycast modes.
Seems that W2K uses SNTP4 and when tried to authenticate the caller computer, failed (error 1317 = "The specified user does not exist"). Then falen back to unsigned time. The caller will still obtain the time, so no problem.
I have a Windows 2000 Server acting as the NTP Time server within my environment. Whenever routers and switches set time from my 2K server, this warning is recorded in the event log. No need to repair. My routers and switches are not SNTP capable, but the time is properly set.


When adding a machine to the domain, it is recommend to reboot the workstation. However some helpdesk personal are also downloading windows updates and other device drivers and not rebooting right away. Narrowed down to any workstation after 20 minutes from adding to the domain and rebooting gets this error. Removing and adding back to domain fixed (as long as they did wait again).
Windows cannot provide secure time to client: also happens when computer account is disabled on the domain. Enable it using AD Users and Computers and it will disappear.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...