Windows includes the W32Time Time Service tool that is required by the Kerberos authentication protocol. The purpose of the Time service is to ensure that all computers that are running Windows 2000 or later in an organization use a common time. The Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.
The PDC operations master at the root of the forest is the authoritative time source for the organization, and you should configure the PDC operations master to gather the time from an external source. This is logged in the system event log on the computer as event 62.
Configure the Time service on the PDC operations master at the root of the forest to recognize an external Simple Network Time Protocol (SNTP) time server as authoritative by using the Net Time command. There are several SNTP servers run by the U.S. Naval Observatory that are satisfactory for this function.
For more information on specific W32Time service error messages, see Microsoft Knowledge Base article 232209 (Win32 Time Service Informational, Warning, and Error Messages) at http://go.microsoft.com/fwlink/?LinkId=26029.
| Target | Microsoft.Exchange.ServerRole.2003 | ||
| Category | EventCollection | ||
| Enabled | True | ||
| Event_ID | 62 | ||
| Event Source | W32time | ||
| Alert Generate | True | ||
| Alert Severity | Warning | ||
| Alert Priority | Normal | ||
| Remotable | True | ||
| Alert Message |
| ||
| Event Log | Application |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| EventDS | DataSource | Microsoft.Windows.EventProvider | Default |
| GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
Home
<Rule ID="This_domain_controller_is_a_primary_domain_controller__The_domain_controller_must_synchronize_time_from_an_external_source" Enabled="onEssentialMonitoring" Target="Exch2003Core!Microsoft.Exchange.ServerRole.2003" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>.</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>62</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>W32time</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertOwner>$Data/PublisherName$</AlertOwner>
<AlertMessageId>$MPElement[Name="This_domain_controller_is_a_primary_domain_controller__The_domain_controller_must_synchronize_time_from_an_external_source.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>