Printable View
سلام دوستان
من با یک log erorr با event id 22 برخورد کردم که مربوط به زمان ntp سرورم میشه در حقیقت تایم سرور dc من ثابت نیست و تغییر می کنه و این با عث شده که برای کلاینتهای تو شبکم مشکل به وجود بیاد و نتوونن joain to domain و .... داشته باشن.کسی هست که بتونه برای حل این مشکل کمکم کنه . ممنون
آیا تا حالا کسی با این erorr مواجه شده ؟ و اگر اره چطوری می تونم حلش کنم؟
[QUOTE=uni;250777]سلام دوستان
من با یک log erorr با event id 22 برخورد کردم که مربوط به زمان ntp سرورم میشه در حقیقت تایم سرور dc من ثابت نیست و تغییر می کنه و این با عث شده که برای کلاینتهای تو شبکم مشکل به وجود بیاد و نتوونن joain to domain و .... داشته باشن.کسی هست که بتونه برای حل این مشکل کمکم کنه . ممنون[/QUOTE]
[LEFT]Event ID 22 — Time Source Client Authentication
Updated: November 25, 2009
Applies To: Windows Server 2008
[IMG]http://i.technet.microsoft.com/cc756497.yellow%28en-us,WS.10%29.jpg[/IMG] The Windows Time source authenticates with a time source client. In an Active Directory forest, the Windows Time service (W32time) relies on standard domain security features to enforce the authentication of time data. The security of Network Time Protocol (NTP) packets that are sent between a domain member and a local domain controller that is acting as a time server is based on shared key authentication. The Windows Time service uses the local computer's Kerberos session key to create authenticated signatures on NTP packets that are sent across the network. When a computer requests the time from a domain controller in the domain hierarchy, the Windows Time service requires that the time be authenticated. The domain controller then returns the required information in the form of a 64-bit value that has been authenticated with the session key from the NetLogon service. If the returned NTP packet is not signed with the computer’s session key or if it is not signed correctly, the time is rejected. In this way, the Windows Time service provides security for NTP data in an Active Directory forest
[B]Resolve[/B]
[B]Investigate the cause of invalid responses from the time source[/B]
The error in Event Viewer should provide additional information. This condition may be the result of a network transmission error, configuration errors, or an attempted computer security attack. Ensure that the local computer is properly joined to the domain.
To perform these procedures, you must have membership in [B]Administrators[/B], or you must have been delegated the appropriate authority. Perform all steps on the computer that is logging the event to be resolved.
To verify client domain membership:
[LIST=1][*]Open a command prompt as an administrator. To open a command prompt as an administrator, click [B]Start[/B]. In [B]Start Search[/B], type [B]Command Prompt[/B]. At the top of the [B]Start[/B] menu, right-click [B]Command Prompt[/B], and then click [B]Run as administrator[/B]. If the [B]User Account Control[/B] dialog box appears, confirm that the action it displays is what you want, and then click [B]Continue[/B].[*]To display the workstation service configuration, at the command prompt, type [B]net config rdr[/B], and then press ENTER. The workstation domain and Domain Name System (DNS) name appear in the command output. The domain name should be correct. If it is not correct, join the client to the appropriate domain.[/LIST]
To join the client to a new domain:
[LIST=1][*]Open a command prompt as an administrator. To open a command prompt as an administrator, click [B]Start[/B]. In [B]Start Search[/B], type [B]Command Prompt[/B]. At the top of the [B]Start[/B] menu, right-click [B]Command Prompt[/B], and then click [B]Run as administrator[/B]. If the [B]User Account Control[/B] dialog box appears, confirm that the action it displays is what you want, and then click [B]Continue[/B].[*]At the command prompt, type [B]sysdm.cpl[/B], and then press ENTER. The [B]System Properties[/B] dialog box opens.[*]On the [B]Computer Name[/B] tab, click [B]Change[/B]. The [B]Computer Name/Domain Changes[/B] dialog box opens.[*]Under [B]Member of[/B], ensure that [B]Domain[/B] is selected, and then type the name of the domain in the box.[*]When you are prompted, type your [I]domainname\username[/I] and [I]password[/I] to join the computer to the domain, where [I]domainname[/I] is the name of the domain where your user account exists. When the domain is found, the membership is confirmed.[*]Click [B]OK[/B], and then restart the computer when you are prompted.[/LIST]
[B]Verify[/B]
To perform this procedure, you must have membership in [B]Administrators[/B], or you must have been delegated the appropriate authority.
To verify that the Windows Time service is synchronizing correctly:
[LIST=1][*]Open a command prompt as an administrator. To open a command prompt as an administrator, click [B]Start[/B]. In [B]Start Search[/B], type [B]Command Prompt[/B]. At the top of the [B]Start[/B] menu, right-click [B]Command Prompt[/B], and then click [B]Run as administrator[/B]. If the [B]User Account Control[/B] dialog box appears, confirm that the action it displays is what you want, and then click [B]Continue[/B].[*]At the command prompt, type [B]W32TM /resync[/B], and then press ENTER.[*]At the command prompt, type [B]W32TM /query /status[/B], and then press ENTER. This command displays the status of the Windows Time service synchronization. The [B]Last Successful Sync Time[/B] line of the output displays the date and time that you ran the [B]W32TM /resync[/B] command in the previous step.[/LIST]
To confirm that the Windows Time service synchronized successfully with its time source when you ran the [B]W32TM /resync[/B] command, verify that Event ID 35 appears in Event Viewer.
.
[/LEFT]
دوست عزیز این فرمان رو روی سرورم دیروز زدم ولی باز هم امروز با این مشکل مواجه شدم
خوب نزار با تایم سرورهای دیگه sync بشه
شخص دیگه ای در رابطه با این مشکل نظر یا راه حلی نداره؟
منظورت از سرور های دیگه چیه؟ time.microsoft.com یا سرور های تو شبکم؟ در ضمن این سرور نقش dc من رو داره و همه خودشونو با این sync می کنن
time.microsoft.com یا هر تایم سرور دیگه روی اینترنت
چطوری می تونم جلوشو بگیرم تا با بقیه خودشو sync نکنه
Control Panel>Date and Time > Internet Time
تیک
automatically synchronize with an internet time server رو بردار
