Event ID 130 — Domain Trust Relationship Implementation

Applies To: Windows Server 2008 R2

The Windows Time service establishes a trust relationship with the domain. When a time server returns an authenticated Network Time Protocol (NTP) packet to a client that requests the time, the packet is signed by means of a Kerberos session key that is defined by an interdomain trust account. The interdomain trust account is created when a new Active Directory domain joins a forest, and the NetLogon service manages the session key. In this way, the domain controller that is configured as reliable in the forest root domain becomes the authenticated time source for all the domain controllers in both the parent and child domains - and indirectly for all computers in the domain tree.

Event Details

Product: Windows Operating System
ID: 130
Source: Microsoft-Windows-Time-Service
Version: 6.0
Symbolic Name: MSG_DOMAIN_PEER_AUTHENTICATION_ERROR
Message: NtpClient was unable to set a domain peer to use as a time source because of failure in establishing a trust relationship between this computer and the '%3' domain in order to securely synchronize time. NtpClient will try again in %2 minutes and double the reattempt interval thereafter. The error was: %1

Resolve

Investigate the domain security configuration

The event description in Event Viewer should provide additional information. This may be the result of a domain configuration error.

Check Event Viewer on a domain controller for events that indicate a domain configuration error, and then resolve those events accordingly.

Verify

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To verify that the Windows Time service is synchronizing correctly:

  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  2. At the command prompt, type W32TM /resync, and then press ENTER.

  3. At the command prompt, type W32TM /query /status, and then press ENTER.

    This command displays the status of the Windows Time service synchronization. The Last Successful Sync Time line of the output displays the date and time that you ran the W32TM /resync command in the previous step.

To verify that the Windows Time service synchronized successfully with its time source when you ran the W32TM /resync command, confirm that Event ID 35 appears in Event Viewer.

For more information about the Windows Time service, see Windows Time Service Technical Reference (https://go.microsoft.com/fwlink/?LinkID=25393).

Domain Trust Relationship Implementation

Active Directory