System time going AHEAD 100+ years

Good morning,

Any search on system time issues yields approx. 1,897,345,321 pages
detailing problems with the CMOS battery. This is not that kind of problem.

I support 200+ Windows XP SP2 systems, bought in batches over the years.
About 20% are 5+ years old, about 20% are 6 - 12 months old, the rest fall in
between.

Random machines around the campus are coming up with date January 20, 2145,
time about 7 hours ahead of correct time.

Most of these machines use a generic user, member of the Users group, that
cannot even *change* system time.

Running a-v with current defs, have run mbam, sas, spybot s&d and hijack
this, have not found any suspicious anything, other than the odd tracking
cookie.

Users of course cannot authenticate to secure sites, since certs are a
century out of date.

Windows time/date control panel won't even *allow* user to set date past 2099.

Any thoughts? *Besides* CMOS batteries, I mean, since that would result in
time going back to the 1990's or so, not ahead, and also would not be a
problem on a variety of brand new machines?

Thanks,
tony

awshaffer wrote on Tue, 16 Dec 2008 06:00:01 -0800:

Good morning,

Any search on system time issues yields approx. 1,897,345,321 pages
detailing problems with the CMOS battery. This is not that kind of
problem.

I support 200+ Windows XP SP2 systems, bought in batches over the
years.
About 20% are 5+ years old, about 20% are 6 - 12 months old, the rest
fall in between.

Random machines around the campus are coming up with date January 20,
2145, time about 7 hours ahead of correct time.

Most of these machines use a generic user, member of the Users group,
that cannot even *change* system time.

Running a-v with current defs, have run mbam, sas, spybot s&d and
hijack this, have not found any suspicious anything, other than the
odd tracking cookie.

Users of course cannot authenticate to secure sites, since certs are a
century out of date.

Windows time/date control panel won't even *allow* user to set date
past 2099.

Any thoughts? *Besides* CMOS batteries, I mean, since that would result
in time going back to the 1990's or so, not ahead, and also would not
be a problem on a variety of brand new machines?

Thanks, tony


Are these all on Windows Domains? If so, take a look at the Domain
Controllers as they may well be syncing time with them and one of those
controllers could have the wrong date and time set on them (or wrong date +
wrong regional setting, possibly GMT if your normal timezone is 7 hours
offset from GMT). The apparent "random" setting could be due to them
authenticating to different controllers each time they logon, and it only
occurring when they do so against the misconfigured controller.

--
Dan

Hey, Dan,

Nope, I run a NetWare network, and all the NW servers know what time it is....

Thanks, that was an excellent thought!


"Daniel Crichton" wrote:

awshaffer wrote on Tue, 16 Dec 2008 06:00:01 -0800:

Good morning,

Any search on system time issues yields approx. 1,897,345,321 pages
detailing problems with the CMOS battery. This is not that kind of
problem.

I support 200+ Windows XP SP2 systems, bought in batches over the
years.
About 20% are 5+ years old, about 20% are 6 - 12 months old, the rest
fall in between.

Random machines around the campus are coming up with date January 20,
2145, time about 7 hours ahead of correct time.

Most of these machines use a generic user, member of the Users group,
that cannot even *change* system time.

Running a-v with current defs, have run mbam, sas, spybot s&d and
hijack this, have not found any suspicious anything, other than the
odd tracking cookie.

Users of course cannot authenticate to secure sites, since certs are a
century out of date.

Windows time/date control panel won't even *allow* user to set date
past 2099.

Any thoughts? *Besides* CMOS batteries, I mean, since that would result
in time going back to the 1990's or so, not ahead, and also would not
be a problem on a variety of brand new machines?

Thanks, tony


Are these all on Windows Domains? If so, take a look at the Domain
Controllers as they may well be syncing time with them and one of those
controllers could have the wrong date and time set on them (or wrong date +
wrong regional setting, possibly GMT if your normal timezone is 7 hours
offset from GMT). The apparent "random" setting could be due to them
authenticating to different controllers each time they logon, and it only
occurring when they do so against the misconfigured controller.

--
Dan

Have these machines got the Windows time service updates running to update
automatically from the internet? Have you checked any of the machines that
were affected to see what their NTP settings are?

http://support.microsoft.com/kb/314054#EXTERNAL

I'd suggest running a packet sniffer on the network and watching out for NTP
broadcasts or requests. If the affected machines have the correct NTP
settings then there may be a rogue machine on your network broadcast NTP
time updates and that will be a pain to track down.

I haven't touched NetWare since 4.11 so I'm out of my depth there, but there
are NTP services for NetWare so I still wouldn't rule out a
buggy/misconfigured time server.

Dan

awshaffer wrote on Thu, 18 Dec 2008 10:06:00 -0800:

Hey, Dan,

Nope, I run a NetWare network, and all the NW servers know what time it
is....

Thanks, that was an excellent thought!


"Daniel Crichton" wrote:

awshaffer wrote on Tue, 16 Dec 2008 06:00:01 -0800:

Good morning,

Any search on system time issues yields approx. 1,897,345,321 pages
detailing problems with the CMOS battery. This is not that kind of
problem.

I support 200+ Windows XP SP2 systems, bought in batches over the
years.
About 20% are 5+ years old, about 20% are 6 - 12 months old, the
rest fall in between.

Random machines around the campus are coming up with date January
20, 2145, time about 7 hours ahead of correct time.

Most of these machines use a generic user, member of the Users
group, that cannot even *change* system time.

Running a-v with current defs, have run mbam, sas, spybot s&d and
hijack this, have not found any suspicious anything, other than the
odd tracking cookie.

Users of course cannot authenticate to secure sites, since certs are
a century out of date.

Windows time/date control panel won't even *allow* user to set date
past 2099.

Any thoughts? *Besides* CMOS batteries, I mean, since that would
result in time going back to the 1990's or so, not ahead, and also
would not be a problem on a variety of brand new machines?

Thanks, tony


Are these all on Windows Domains? If so, take a look at the Domain
Controllers as they may well be syncing time with them and one of
those controllers could have the wrong date and time set on them (or
wrong date +
wrong regional setting, possibly GMT if your normal timezone is 7
hours offset from GMT). The apparent "random" setting could be due
to them authenticating to different controllers each time they
logon, and it only occurring when they do so against the
misconfigured controller.

--
Dan