This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 46%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
I'm trying to setup Windows Time to sync with NTP on a standalone workstation. But when I try to start the service I get the following error.
System error 1290 has occurred.
The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.
I tried troubleshooting and I got an error but I didn't take a screenshot and it said something like when I tried to start.
w32tm service marked for deletion
And then I got the following type of error, I didn't take a screen shot but managed to type the error code into a seach engine before the error disappeared.
0x80070005
while running w32tm /query /peers which is an access denied error related to ACL so probably associated with SSID error. I don't remember what the error message was. I guess this is why people screen record their troubleshooting but someone said that can be dangerous if it is a remote access virus.
my ntp servers weren't matching up on registry, control panel -> date/time, and w32tm /query /peers
They kept showing different values because I changed the servers trying to troubleshoot.
After reading several posts on Microsoft Answers, Microsoft Community and Microsoft Technet, I managed to get to a point where it worked intermittently. I don't know what a PDC is so I skipped those steps.
I didn't set the service to run in its own process as that's generally a bad idea on Windows if its part of a service group and I read the comment about not being able to run w32tm /query after setting Windows Time to run in an independent permissions group.
Specifically to 1290 there is an ServiceSidType and RequiredPrivileges setting in the registry but I was having other issues besides the 1290 error and after investigating (or examining) everything, I came up with a reset .reg file
It restores all the settings for Windows Time services, dlls, and adds future security settings and when your all done, you can play around with w32tm on command prompt for all the other ntp goodies but I don't know what else may be wrong with my computer.
Is there a any Windows Users Groups where I can meet other Windows Technicians and maybe an MCSA or MCSE to call when I get into a bit of trouble (in over my head)?
Might try;
w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /manualpeerlist:<ntp ip address> /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration
--please don't forget to upvote and Accept as answer if the reply is helpful--
Hi,
If the system is non domain joined and standalone i will suggest you run the below command from a admin prompt to set the time source.
w32tm.exe /config /manualpeerlist: "europe.pool.ntp.org time.nist.gov 192.43.244.18 193.67.79.202" /syncfromflags:manual /reliable:yes /update
net stop w32time && net start w32time
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Copy and paste the code block into notepad and name the file W32TimeDefaultSettings.reg
run as an administrator.
Code is provided as is with no warranty or guarantee of liability and recommended for MCSE, MCITP or MCASAE
For MCSA ensure you are familiar with NTP and Windows Time Service or ask one of the above to help.
For MCTS or MCP working towards more advanced certification, same as above.
Do not be afraid to ask for help from someone more experienced.
Be prepared to buy them a beverage or lunch, get used to the idea of paying for help.
Joshua Cuellar, MCITP:Enterprise
IT\Software Engineering, B.Sc.
CompTIA GFL Security+
Additional notes below code.
Open an administrator command prompt and type:
net stop w32time
copy this to notepad and save as W32TimeDefaultSettings.reg and right click then run as administrator, reboot your computer.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\
61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,\
65,00,6d,00,54,00,69,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020
"Description"="@%SystemRoot%\\system32\\w32time.dll,-201"
"DisplayName"="Windows Time"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,5c,00,53,00,59,00,53,00,54,00,45,00,4d,00,33,00,32,00,5c,00,77,00,33,00,\
32,00,74,00,69,00,6d,00,65,00,2e,00,44,00,4c,00,4c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="SvchostEntry_W32Time"
"Type"="NTP"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient]
"DllName"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
5c,00,53,00,59,00,53,00,54,00,45,00,4d,00,33,00,32,00,5c,00,77,00,33,00,32,\
00,74,00,69,00,6d,00,65,00,2e,00,44,00,4c,00,4c,00,00,00
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
"DllName"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
5c,00,53,00,59,00,53,00,54,00,45,00,4d,00,33,00,32,00,5c,00,77,00,33,00,32,\
00,74,00,69,00,6d,00,65,00,2e,00,44,00,4c,00,4c,00,00,00
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider]
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,76,\
00,6d,00,69,00,63,00,74,00,69,00,6d,00,65,00,70,00,72,00,6f,00,76,00,69,00,\
64,00,65,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
"Enabled"=dword:00000001
"InputProvider"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TriggerInfo\0]
"Type"=dword:00000003
"Action"=dword:00000001
"Guid"=hex:ba,0a,e2,1c,51,98,21,44,94,30,1d,de,b7,66,e8,09
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
"UtilizeSslTimeData"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits]
"SecureTimeEstimated"=hex(b):6f,b5,b4,5a,1c,cb,d8,01
"SecureTimeHigh"=hex(b):6f,1d,79,bc,24,cb,d8,01
"SecureTimeLow"=hex(b):6f,4d,f0,f8,13,cb,d8,01
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime]
"SecureTimeTickCount"=hex(b):bf,7c,93,09,00,00,00,00
"SecureTimeConfidence"=dword:00000006
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security]
"Security"=hex:01,00,04,80,c0,00,00,00,cc,00,00,00,00,00,00,00,14,00,00,00,02,\
00,ac,00,07,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,\
00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,\
8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,9d,01,02,00,01,\
01,00,00,00,00,00,05,13,00,00,00,00,00,14,00,a9,00,02,00,01,01,00,00,00,00,\
00,05,13,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,00,00,\
00,be,74,e7,bc,ae,48,97,10,76,da,90,56,60,67,61,e6,11,7b,11,fb,01,01,00,00,\
00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
Notes:
Once you paste this into notepad and save the file you can open a copy in a code editor.
Lines 61-82 are security settings, most ntp servers don't have this implemented yet but its good to start getting used to seeing these settings.
If you want to remove them and add them in later once your more familiar with secure ntp, that should be fine.
If you want to leave them in in case your ntp server does use secure connections, that is fine also.
On lines 28 to 30 you can remove this string
,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,00,00
This adds the SeImpersonatePrivilege to the NTP service, it works without it. This privilege allows the system to impersonate the user for authentication.
Example the system might have a certificate to interface with an upstream server but a specific user has a certificate to make changes or request changes/request updates to the upstream service.
This is more advanced role based security and the default implementation for NTP should probably be anonymous.
Identify, Impersonate and Delegate (on behalf of) are more advanced systems management topics which will be covered later.
To summarize, its part of the security settings and shouldn't hurt to have it in there as long as its set to anonymous by default. There are logs that will show how is actually logged into the client system if that ever needs to be reviewed.
If your afraid of making mistakes delete lines 21-30 and insert this in line 21
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\
61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,\
65,00,6d,00,54,00,69,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,00,00
So for example, you would delete lines 61-82 and delete lines 21-30 and insert the non SE Impersonate into line 21.
Once this is done you can run the following commands or put it in a batch file:
Note:
w32time is the service name (use with net stop and net start)
w32tm is the command name use to configure and use the ntp client service, use with cmd prompt
net stop w32time
ipconfig /flushdns
ipconfig /release
ipconfig /renew
w32tm /register
net start w32time
w32tm /resync
w32tm /query /peers
scroll through the output to make sure you don't have any errors. Read the errors, take notes and work through them one at a time.
w32tm /unregister removes the windows time service from administrative tools/services
w32tm /register adds the windows time service to administrative tools/services
net start w32time wont work if the service isn't registered
net stop w32time should give less errors but don't start the service, unregister and try to stop, that's how you get system corruption issues.
reboot the computer
use the gui for internet time and regedit and compare to your command line output.
All the registry keys in the .reg file can be found in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
from Windows 2000 SP4 to Windows 11 and Windows 2022 regardless of platform or edition
The reg file will also replace dll reference and sid values. After that you can use w3w32tm /?2tm to change config from the command line:
w32tm /?
Control Panel -> View by Small Icons or View by Large Icons -> Date and Time -> Internet time
From here you can change the ntp server and update the time
e.g w32tm /config /update /manualpeerlist:servername.domain.tld
e.g w32tm /resync
Note: you can add multiple servers from the command prompt, haven't tried this in the gui but it might work
e.g w32tm /config /update /manualpeerlist:servername.domain.tld servername2.domain.tld servername3.domain.tld
You can view the servers in the registry, explore the keys and understand what you are working with.
Final Note
Do not ever apply domain controller settings to a workstation or server that is not a domain controller unless you know what you are doing, have permission to do so and a specific reason why you doing so and an understanding of implications, caveats and other solutions or workarounds.
This post providee an ntp client configuration and should work on both workstations or servers.
Do not change local or network sytem services to different credentials unless you know what you are doing. Do not change the authentication method (group services vs. own) unless you know what you are doing and know how to correctly modify all other underlying services.
Even people that know what they are doing, will think twice about these credentials and authentication method changes as it can cause errors later down the line with a system update that follows Microsoft configuration specifications.
Once you are done with this first part and your Windows Time Service is working its a good idea to do some final clean up on the computer.
If your on a domain controller, now you can fix your upstream and downstream services but the NTP client should be working now.
Is there a question here? What problem are you trying to solve?
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Yeah this worked so far. Been a few days. Computer is running faster and smoother and for some reason quieter. I'm going to probably switch out the battery soon and do a /resync when it boots back up.
Sounds good, please don't forget to close up the thread by 
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--