Event ID 18 — Domain Trust Relationship Implementation
Applies To: Windows Server 2008 R2
.jpg)
The Windows Time service establishes a trust relationship with the domain. When a time server returns an authenticated Network Time Protocol (NTP) packet to a client that requests the time, the packet is signed by means of a Kerberos session key that is defined by an interdomain trust account. The interdomain trust account is created when a new Active Directory domain joins a forest, and the NetLogon service manages the session key. In this way, the domain controller that is configured as reliable in the forest root domain becomes the authenticated time source for all the domain controllers in both the parent and child domains - and indirectly for all computers in the domain tree.
Event Details
| Product: | Windows Operating System |
| ID: | 18 |
| Source: | Microsoft-Windows-Time-Service |
| Version: | 6.0 |
| Symbolic Name: | MSG_RID_LOOKUP_FAILED |
| Message: | The time provider NtpClient failed to establish a trust relationship between this computer and the %1 domain in order to securely synchronize time. NtpClient will try again in %3 minutes. The error was: %2 |
Resolve
Investigate the local security configuration
The event description in Event Viewer should provide additional information. This may be the result of a domain configuration error.
Check Event Viewer on a domain controller for events that indicate a domain configuration error, and then resolve those events accordingly.
Verify
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To verify that the Windows Time service is synchronizing correctly:
Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
At the command prompt, type W32TM /resync, and then press ENTER.
At the command prompt, type W32TM /query /status, and then press ENTER.
This command displays the status of the Windows Time service synchronization. The Last Successful Sync Time line of the output displays the date and time that you ran the W32TM /resync command in the previous step.
To verify that the Windows Time service synchronized successfully with its time source when you ran the W32TM /resync command, confirm that Event ID 35 appears in Event Viewer.
For more information about the Windows Time service, see Windows Time Service Technical Reference (https://go.microsoft.com/fwlink/?LinkID=25393).