Jump to content

Time services issue after applying this months security updates

Guest neo [mvp outlook]

By Guest neo [mvp outlook]
in Windows 2003 Server

 Share

Recommended Posts

Guest neo [mvp outlook]

Guest neo [mvp outlook]

Posted
Posted

After apply January's security updates, I have noticed that time services

are failing throughout my test environment. Anyone else seeing this in

their active directory environment?

  • Replies 10
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Ace Fekay [MVP]

Guest Ace Fekay [MVP]

Posted
Posted

Re: Time services issue after applying this months security updates

 

In news:uGRh2zkUIHA.5360@TK2MSFTNGP03.phx.gbl,

neo [mvp outlook] <neo@discussions.microsoft.com> typed:

> After apply January's security updates, I have noticed that time

> services are failing throughout my test environment. Anyone else

> seeing this in their active directory environment?

 

Hi Neo,

 

Are there any Eventlog errors? Client errors? KDC, netlogon or NTFRS errors?

 

Have you previously set the time service on the PDC Emulator?

 

net stop w32time

net time /setsntp:192.5.41.41

net start w32time

 

--

Regards,

Ace

 

This posting is provided "AS-IS" with no warranties or guarantees and

confers no rights.

 

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

MVP Microsoft MVP - Directory Services

Microsoft Certified Trainer

 

Infinite Diversities in Infinite Combinations

Guest neo [mvp outlook]

Guest neo [mvp outlook]

Posted
Posted

Re: Time services issue after applying this months security updates

 

Yes, the PDC is/was set to acquire time from an external source.

 

The only thing showing up in the system event log is by W32Time where it

logs an event id 38. The text is just says, the time provider NTPClient

cannot reach or is receiving invalid time data from the fqdn of the primary

domain controller. In the parens it shows that it is using ntp.d and has

the ip address of the local machine and that of the pdc. Takes a bit and

then another event id where the service discards using the pdc as time

source. This started happening on all member workstation/servers and

secondard DC right after applying the updates to the PDC, hence the question

because I find it odd that 6 members of the test domain would act up at the

same time.

 

Other than that, I uninstalled both updates off the PDC, time services

started working again. I'll reinstall the TCPIP update today and let it run

for a couple and then try the LSASS update.

 

"Ace Fekay [MVP]" <PleaseAskMe@SomeDomain.com> wrote in message

news:Ogt7kuoUIHA.5508@TK2MSFTNGP04.phx.gbl...

> In news:uGRh2zkUIHA.5360@TK2MSFTNGP03.phx.gbl,

> neo [mvp outlook] <neo@discussions.microsoft.com> typed:

>> After apply January's security updates, I have noticed that time

>> services are failing throughout my test environment. Anyone else

>> seeing this in their active directory environment?

>

> Hi Neo,

>

> Are there any Eventlog errors? Client errors? KDC, netlogon or NTFRS

> errors?

>

> Have you previously set the time service on the PDC Emulator?

>

> net stop w32time

> net time /setsntp:192.5.41.41

> net start w32time

>

> --

> Regards,

> Ace

>

> This posting is provided "AS-IS" with no warranties or guarantees and

> confers no rights.

>

> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

> MVP Microsoft MVP - Directory Services

> Microsoft Certified Trainer

>

> Infinite Diversities in Infinite Combinations

>

Guest Newell White

Guest Newell White

Posted
Posted

Re: Time services issue after applying this months security update

 

Re: Time services issue after applying this months security update

 

FWIW, in our domain with 2 DCs as only servers, I applied updates to non-PDC

about 5 hours ago, and it can still get valid time data from the PDC.

--

Regards,

Newell White

 

 

"neo [mvp outlook]" wrote:

> Yes, the PDC is/was set to acquire time from an external source.

>

> The only thing showing up in the system event log is by W32Time where it

> logs an event id 38. The text is just says, the time provider NTPClient

> cannot reach or is receiving invalid time data from the fqdn of the primary

> domain controller. In the parens it shows that it is using ntp.d and has

> the ip address of the local machine and that of the pdc. Takes a bit and

> then another event id where the service discards using the pdc as time

> source. This started happening on all member workstation/servers and

> secondard DC right after applying the updates to the PDC, hence the question

> because I find it odd that 6 members of the test domain would act up at the

> same time.

>

> Other than that, I uninstalled both updates off the PDC, time services

> started working again. I'll reinstall the TCPIP update today and let it run

> for a couple and then try the LSASS update.

>

> "Ace Fekay [MVP]" <PleaseAskMe@SomeDomain.com> wrote in message

> news:Ogt7kuoUIHA.5508@TK2MSFTNGP04.phx.gbl...

> > In news:uGRh2zkUIHA.5360@TK2MSFTNGP03.phx.gbl,

> > neo [mvp outlook] <neo@discussions.microsoft.com> typed:

> >> After apply January's security updates, I have noticed that time

> >> services are failing throughout my test environment. Anyone else

> >> seeing this in their active directory environment?

> >

> > Hi Neo,

> >

> > Are there any Eventlog errors? Client errors? KDC, netlogon or NTFRS

> > errors?

> >

> > Have you previously set the time service on the PDC Emulator?

> >

> > net stop w32time

> > net time /setsntp:192.5.41.41

> > net start w32time

> >

> > --

> > Regards,

> > Ace

> >

> > This posting is provided "AS-IS" with no warranties or guarantees and

> > confers no rights.

> >

> > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

> > MVP Microsoft MVP - Directory Services

> > Microsoft Certified Trainer

> >

> > Infinite Diversities in Infinite Combinations

> >

>

>

>

Guest neo [mvp outlook]

Guest neo [mvp outlook]

Posted
Posted

Re: Time services issue after applying this months security update

 

Re: Time services issue after applying this months security update

 

Thanks Newell, give me hope that things just didn't apply right to the pdc.

 

"Newell White" <NewellWhite@discussions.microsoft.com> wrote in message

news:272F7474-960F-4AC5-B734-19BFEA8A1477@microsoft.com...

> FWIW, in our domain with 2 DCs as only servers, I applied updates to

> non-PDC

> about 5 hours ago, and it can still get valid time data from the PDC.

> --

> Regards,

> Newell White

>

>

> "neo [mvp outlook]" wrote:

>

>> Yes, the PDC is/was set to acquire time from an external source.

>>

>> The only thing showing up in the system event log is by W32Time where it

>> logs an event id 38. The text is just says, the time provider NTPClient

>> cannot reach or is receiving invalid time data from the fqdn of the

>> primary

>> domain controller. In the parens it shows that it is using ntp.d and has

>> the ip address of the local machine and that of the pdc. Takes a bit and

>> then another event id where the service discards using the pdc as time

>> source. This started happening on all member workstation/servers and

>> secondard DC right after applying the updates to the PDC, hence the

>> question

>> because I find it odd that 6 members of the test domain would act up at

>> the

>> same time.

>>

>> Other than that, I uninstalled both updates off the PDC, time services

>> started working again. I'll reinstall the TCPIP update today and let it

>> run

>> for a couple and then try the LSASS update.

>>

>> "Ace Fekay [MVP]" <PleaseAskMe@SomeDomain.com> wrote in message

>> news:Ogt7kuoUIHA.5508@TK2MSFTNGP04.phx.gbl...

>> > In news:uGRh2zkUIHA.5360@TK2MSFTNGP03.phx.gbl,

>> > neo [mvp outlook] <neo@discussions.microsoft.com> typed:

>> >> After apply January's security updates, I have noticed that time

>> >> services are failing throughout my test environment. Anyone else

>> >> seeing this in their active directory environment?

>> >

>> > Hi Neo,

>> >

>> > Are there any Eventlog errors? Client errors? KDC, netlogon or NTFRS

>> > errors?

>> >

>> > Have you previously set the time service on the PDC Emulator?

>> >

>> > net stop w32time

>> > net time /setsntp:192.5.41.41

>> > net start w32time

>> >

>> > --

>> > Regards,

>> > Ace

>> >

>> > This posting is provided "AS-IS" with no warranties or guarantees and

>> > confers no rights.

>> >

>> > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

>> > MVP Microsoft MVP - Directory Services

>> > Microsoft Certified Trainer

>> >

>> > Infinite Diversities in Infinite Combinations

>> >

>>

>>

>>

Guest Ace Fekay [MVP]

Guest Ace Fekay [MVP]

Posted
Posted

Re: Time services issue after applying this months security update

 

Re: Time services issue after applying this months security update

 

In news:eplhnzvUIHA.1168@TK2MSFTNGP02.phx.gbl,

neo [mvp outlook] <neo@discussions.microsoft.com> typed:

> Thanks Newell, give me hope that things just didn't apply right to

> the pdc.

 

Hmm, we just updated 20 DCs without a problem at one of our customers. So

not sure where to point you to for a resolution. What is the specific KB of

the LSASS update? Have you also posted this to our private MVP group as

well?

 

Ace

Guest neo [mvp outlook]

Guest neo [mvp outlook]

Posted
Posted

Re: Time services issue after applying this months security update

 

Re: Time services issue after applying this months security update

 

The items in question are MS08-001 (TCPIP) and MS08-002 (LSASS).

 

No I didn't, figured I would start in the publics first since I'm guaranteed

of getting more MVP and peer eyeballs on it versus our private group. If

something was really foul, I trust this venue to let me know me know it in

spades.

 

"Ace Fekay [MVP]" <PleaseAskMe@SomeDomain.com> wrote in message

news:%23g95FD0UIHA.1132@TK2MSFTNGP06.phx.gbl...

> In news:eplhnzvUIHA.1168@TK2MSFTNGP02.phx.gbl,

> neo [mvp outlook] <neo@discussions.microsoft.com> typed:

>> Thanks Newell, give me hope that things just didn't apply right to

>> the pdc.

>

> Hmm, we just updated 20 DCs without a problem at one of our customers. So

> not sure where to point you to for a resolution. What is the specific KB

> of the LSASS update? Have you also posted this to our private MVP group as

> well?

>

> Ace

>

Guest Ace Fekay [MVP]

Guest Ace Fekay [MVP]

Posted
Posted

Re: Time services issue after applying this months security update

 

Re: Time services issue after applying this months security update

 

In news:e7XB3I$UIHA.1208@TK2MSFTNGP05.phx.gbl,

neo [mvp outlook] <neo@discussions.microsoft.com> typed:

> The items in question are MS08-001 (TCPIP) and MS08-002 (LSASS).

>

> No I didn't, figured I would start in the publics first since I'm

> guaranteed of getting more MVP and peer eyeballs on it versus our

> private group. If something was really foul, I trust this venue to

> let me know me know it in spades.

 

Good point. My bet is probably something in the TCPIP hotfix affecting the

DC running the time service by blocking necessary UDP 123.. To verify this

we would need to run a packet sniffer and look at NTP traffic.

 

Not sure if you looked at eventid.net, but this link mentions possibilities:

http://eventid.net/display.asp?eventid=38&eventno=3198&source=W32Time&phase=1

 

I would try the following first since it is only a time service setting that

you can revert back to default. Just back up the w32time reg key first,

found at:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time

Time synchronization may not succeed when you try to synchronize with a

non-Windows NTP server in Windows Server 2003

http://support.microsoft.com/default.aspx?scid=kb;en-us;875424

 

Otherwise I would try this. It doesn't mention anything about either article

but does mention suboptiomal network conditions. TCPIP? Not sure.

In Windows Server 2003 and in Windows XP, W32Time frequently logs Event ID

50, and poor time synchronization occurs

http://support.microsoft.com/default.aspx?scid=kb;en-us;830092

 

 

Ace

Guest Ace Fekay [MVP]

Guest Ace Fekay [MVP]

Posted
Posted

Re: Time services issue after applying this months security update

 

Re: Time services issue after applying this months security update

 

In news:e7XB3I$UIHA.1208@TK2MSFTNGP05.phx.gbl,

neo [mvp outlook] <neo@discussions.microsoft.com> typed:

> The items in question are MS08-001 (TCPIP) and MS08-002 (LSASS).

>

> No I didn't, figured I would start in the publics first since I'm

> guaranteed of getting more MVP and peer eyeballs on it versus our

> private group. If something was really foul, I trust this venue to

> let me know me know it in spades.

>

 

How did you ever make out with this?

 

Ace

Guest neo [mvp outlook]

Guest neo [mvp outlook]

Posted
Posted

Re: Time services issue after applying this months security update

 

Re: Time services issue after applying this months security update

 

Everything is working fine after re-applying.

 

"Ace Fekay [MVP]" <PleaseAskMe@SomeDomain.com> wrote in message

news:%234PgXgjWIHA.3940@TK2MSFTNGP05.phx.gbl...

> In news:e7XB3I$UIHA.1208@TK2MSFTNGP05.phx.gbl,

> neo [mvp outlook] <neo@discussions.microsoft.com> typed:

>> The items in question are MS08-001 (TCPIP) and MS08-002 (LSASS).

>>

>> No I didn't, figured I would start in the publics first since I'm

>> guaranteed of getting more MVP and peer eyeballs on it versus our

>> private group. If something was really foul, I trust this venue to

>> let me know me know it in spades.

>>

>

> How did you ever make out with this?

>

> Ace

>

Guest Ace Fekay [MVP]

Guest Ace Fekay [MVP]

Posted
Posted

Re: Time services issue after applying this months security update

 

Re: Time services issue after applying this months security update

 

In news:ejiby%233WIHA.3400@TK2MSFTNGP03.phx.gbl,

neo [mvp outlook] <neo@discussions.microsoft.com> typed:

> Everything is working fine after re-applying.

 

Cool, good to know. We haven't applied the updates at our one large client

with 30 DCs. I actually suggested to hold off on it because I remembered the

issues you had and wanted to find out how you made out.

 

Thanks, Neo.

 

Cheers!

 

Ace

 Share
Go to topic listing
×
×
  • Create New...