Re: W32Time Event ID 18 on XP Clients
- From: Bengt <braindrop@xxxxxxxxx>
- Date: Thu, 12 Jan 2006 22:36:51 +0100
Have you seen this one: http://support.microsoft.com/default.aspx?scid=kb;en-us;314054
/Bengt
John wrote:
We are running a W2K3 domain with XP SP2 clients, using AD and GP to manage and deploy software. After a reboot, some PCs get a W32Time 18 warning message, which is followed by W32Time 29 and Kerberos 7 events and then a series of Application Management 303 events (software assignment removals).
The W32Time-18 event indicates that "The time provider NtpClient failed to establish a trust relationship...".
These clients are all members of the domain, etc. and are physically connected to our LAN.
I'm looking for suggestions on how to troubleshoot this problem. Here are some observations:
1. The next attempt to obtain the time is successful, which is within 15 minutes, no reboot involved. 2. Problem cannot be reproduced on any machine 3. This series of events has occurred under our W2K domain before it was converted to W2K3, and on XP SP1 clients before moving to SP2. 4. It "seems" the problem occurs more frequently when software deployments are pending 5. The problem "seems" to occur on our desktop hardware (3-4 models of Dell Optiplex with varying network cards) but does not occur on laptops (3-4 models of Dell Latitude). We're trying to nail this down a bit more. 6. There is no pattern as to the location of these PCs in the AD structure, or physical locations in the buildings.
In the list of steps below, it appears the problem is between step 5 and 11.
Thanks, John
List of Machine Authentication steps:
1. The client starts up. The network interface is initialized. If the machine is not configured with static IP configuration information, it will run through the DHCP configuration process to obtain its IP configuration. 2. Once the client's network interface has been configured and the network protocol stack has been initialized, the machine will launch a DNS query for an LDAP service (Windows 2000 DC) to one of its configured DNS servers. The DNS query will look for an _ldap._tcp.default-first-site-name._sites.dc._msdcs.<domain name> SRV record. (The site name depends on the one registered on the machine, by default it is default-first-site-name). 3. When an LDAP service (Windows 2000 DC) has been located, the client will launch an LDAP query for a DC of the machine's definition domain to the LDAP server ("definition domain" means the domain containing the machine account). 4. The client will then negotiate an SMB dialect with the DC. The Server Message Block protocol (SMB) is an important file sharing protocol in both NT4 and Windows 2000. It is used to provide remote file services in a distributed client/server environment. Later on in the startup, it will be used by the client to download configuration information (including GPO settings) from the DC. 5. Next, the client will set up a secure channel with the DC. To do this it will connect to the DC's netlogon service. The secure channel is needed to send confidential information, such as authentication data, from the client to the DC in a secure way. 6. Once the secure channel has been set up, the client will launch another DNS query to its DNS server to find an authentication server (in Windows 2000, a DC running a KDC service). The DNS query will look for a _kerberos._tcp.default-first-site-name._sites.dc._msdcs.<domain name> SRV record. The site name depends on the one registered on the machine; by default it is default-first-site-name. 7. The machine Kerberos authentication phase takes place. 8. The Kerberos authentication takes place for every service that is not running using the local system account. 9. The client will then connect to the IPC$ share on the DC and start the Distributed File System (DFS) referral process. The DFS referral process downloads DFS configuration information from the DC to the client (downloading happens using the SMB protocol). 10. The client launches an RPC call to the DC to convert its name into a Distinguished name (DN). 11. Using the DN the client can then perform an LDAP query against its DC to find out the group policies applied to it. The group policy information is downloaded using the SMB protocol. 12. The client then launches another LDAP query to the DC to find out PKI configuration information (e.g., What are the Enterprise CAs?). 13. If NetBIOS is enabled on the client, it will start a browser election. 14. The client performs time synchronization with its DC. 15. Finally, the client launches a DNS query for the start of authority of its DNS domain; the client then performs a dynamic update of its DNS records on the DNS server returned from the previous query. 16. The client startup will be completed by closing down the connections with the DC.
.
- References:
- W32Time Event ID 18 on XP Clients
- From: John
- W32Time Event ID 18 on XP Clients
- Prev by Date: Re: ACPI Problem on win2k3 sp1
- Next by Date: Archive attribute keeps getting reset
- Previous by thread: W32Time Event ID 18 on XP Clients
- Next by thread: Archive attribute keeps getting reset
- Index(es):
Relevant Pages
|
