Hi All,
We have an AWS EC2 Instance with Version 1607 OS Build: 14393.5648. We had an incident where the server time was auto adjusted to year 2169. Further to which the time sync stopped working and the connection was lost to the domain controller (event log indicates ID 24
Time Provider NtpClient: No valid response has been received from domain controller WIN-XXXX.bxxxx.local after 8 attempts to contact it. This domain controller will be discarded as a time source and NtpClient will attempt to discover a new domain controller from which to synchronize. The error was: The peer is unreachable.).
The server uses Amazon Time Sync Service is available through NTP at the 169.254.169.123 (As instance does not require access to the internet, and do not have to configure security group rules or network ACL rules to allow access.) and the domain controllers (AWS managed) use the same IP address for time sync using GPO.
No other servers on the domain were impacted during the time (AD is single forest with single domain)
- How can we understand what caused the issue of server date change? as per the event log, we cannot identify.
- How can we prevent it?
More Details:
C:\Windows\system32>w32tm /dumpreg
Value Name Value Type Value Data
Start REG_DWORD 2
DisplayName REG_SZ @%SystemRoot%\system32\w32time.dll,-200
ErrorControl REG_DWORD 1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalService
Type REG_DWORD 32
Description REG_SZ @%SystemRoot%\system32\w32time.dll,-201
ObjectName REG_SZ NT AUTHORITY\LocalService
ServiceSidType REG_DWORD 1
RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege, SeChangeNotifyPrivilege, SeCreateGlobalPrivilege, SeSystemTimePrivilege
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
C:\Windows\system32>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 4 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0005382s
Root Dispersion: 7.7667947s
ReferenceId: 0xA9FEA97B (source IP: 169.254.169.123)
Last Successful Sync Time: 2/13/2023 3:07:22 AM
Source: 169.254.169.123,0x9
Poll Interval: 6 (64s)
C:\Windows\system32>w32tm /query /configuration
[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 10 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 4294967295 (Local)
MaxPosPhaseCorrection: 4294967295 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 1 (Local)
UpdateInterval: 100 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: AllSync (Local)
NtpServer: 169.254.169.123,0x9 time.windows.com,0x8 (Local)
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 0 (Local)
InputProvider: 0 (Local)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 4%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)