Timestamp comparison between Exchange and Active Directory exceeds 5 minutes

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2005-11-17

The Microsoft® Exchange Server Analyzer Tool queries the Win32_UTCTime Microsoft Windows® Management Instrumentation (WMI) class to determine the date and time on each Exchange server. The Exchange Server Analyzer also retrieves the current date and time on the default domain controller. If the Exchange Server Analyzer determines that there is a difference of five minutes or more between the two servers, an error is displayed.

Microsoft Windows 2000 Server and Windows Server™ 2003 use the Windows Time service to synchronize the date and time of computers that are running on a Windows-based network. Synchronized time is critical in Windows 2000 Server and Windows Server 2003 because the default authentication protocol uses workstation time as part of the authentication ticket generation process. MIT Kerberos version 5 is the default authentication protocol.

For all Windows-based servers in an Active Directory® directory service domain, the Windows Time service configures itself automatically by using the Windows Time service that is available on domain controllers. The Windows Time service configures a domain controller in its domain as a reliable time source and synchronizes itself periodically with this source.

To correct this error, synchronize the clock on the Exchange server with the directory server.

To synchronize the clock on a server in an Active Directory domain

  1. Open a command prompt.

  2. Type w32tm /resync, and then press ENTER.

If this error persists or if many computers in your organization are generating this error, review how the Windows Time service has been deployed and configured in your Active Directory forest. For more information about the Windows Time service, see "Windows Time Service Technical Reference" (https://go.microsoft.com/fwlink/?LinkId=40648).

When Exchange front-end servers are out of synchronization with the Active Directory time, clients may receive "HTTP 500 internal server" errors when they try to connect to Microsoft Office Outlook® Web Access. For more information about this situation, see Microsoft Knowledge Base article 841546, "Known issues that cause the 'HTTP 500 internal server error' error message in Exchange 2000 Outlook Web Access" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=841546).