FW: Windows Update site
From: Josiah DeWitt (jdewitt_at_VENDARIA.COM)
Date: Tue, 13 May 2003 08:55:06 -0700 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> Another interesting note on the time issue, is that Windows Time
> Service generally will not set the clock if off by more than 12 hours.
> This could explain why WinXp can have the problem with time. Check
> the system log for W32time error events. If found, manually set the
> clock, restart the time service and run Windows Update.
The 12 hour "no-set" zone is actually about 16:40 hours deviation from actual time. This is a general implementation guideline for the network time protocol daemon as specified in RFC1305. Your clock must be within 1000 seconds from the ntp server response or the daemon should exit reporting error.
Excerpt from RFC1305:
The basic NTP robustness model is that a host has no other means to
verify time other than NTP itself. In some equipment a battery-backed
clock/calendar is available for a sanity check. If such a device is
available, it should be used only to confirm sanity of the timekeeping
system, not as the source of system time. In the common assumption (not
always justified) that the clock/calendar is more reliable, but less
accurate, than the NTP synchronization subnet, the recommended approach
at initialization is to set the Clock register as determined from the
clock/calendar and the other registers, counters and flags as described
above. On subsequent updates if the time offset is greater than a
configuration parameter (e.g., 1000 seconds), then the update should be
discarded and an error condition reported. Some implementations
periodically record the contents of the Skew-Compensation register in
stable storage such as a system file or NVRAM and retrieve this value at
initialization. This can significantly reduce the time to converge to
the nominal stability and accuracy regime.
Delivery co-sponsored by TruSecure
FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service
TruSecure's new IntelliShield(tm) web-based threat and vulnerability
service isn't your typical alert service. Supported by TruSecure's vast
intelligence resources - including the ICSA Labs - IntelliShield's early
warning, analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your FREE, NO OBLIGATION 14-day trial today!