Microsoft KB Archive/932462

From BetaArchive Wiki
Knowledge Base


After you upgrade a domain controller to Windows Server 2003 SP1, the Windows Time Synchronization service does not start, and event ID 46 is logged

Article ID: 932462

Article Last Modified on 2/21/2007


APPLIES TO

  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)


SYMPTOMS

After you upgrade a Microsoft Windows Server 2003-based domain controller to Windows Server 2003 Service Pack 1 (SP1), the Windows Time Synchronization service (W32Time) does not start as expected. Additionally, the following event is logged in the System log:

Type: Error
Date: DATE
Time: TIME
Event ID: 46
Source: W32Time
User: N/A
Computer: ComputerName
Description:
An attempt was made to logon, but the network logon service was not started. The error was: 0x80070700


In this situation, the Netlogon service still starts successfully.

Notes

  • This issue occurs on computers that are upgraded to Windows Server 2003 from an earlier version of Windows.
  • This issue also occurs if you use National Security Agency (NSA) templates or if you use templates that are included in the Windows Server 2003 Security Guide.


CAUSE

This issue occurs if incorrect permissions are applied to the Net Logon service in Group Policy.

Windows Server 2003 SP1 changes the startup configuration of the Windows Time service from the LOCAL SYSTEM account to the LOCAL SERVICE account.

RESOLUTION

To resolve this issue, assign the "Full control" permission over the Netlogon service to the LOCAL SERVICE account. To do this, follow these steps:

  1. Click Start, click Run, type rsop.msc in the Open box, and then click OK.
  2. Expand Computer Configuration, expand Windows Settings, expand Security Settings, and then click System Services.
  3. In the right pane, locate the Group Policy setting that is applied to the Net Logon service.


Note Typically, this setting is the default domain policy that is applied to this service.

  1. Use the Active Directory Users and Computers MMC snap-in or the Group Policy MMC snap-in to edit the Group Policy setting that you noted in step 3.
  2. Expand Computer Configuration, expand Windows Settings, expand Security Settings, and then click System Services.
  3. In the Service Name column, double-click Net Logon.
  4. Click Edit Security.
  5. View the list of accounts, and then add the LOCAL SERVICE account to the list of accounts.
  6. Assign the "Full control" permission to the LOCAL SERVICE account.


REFERENCES

For more information about a similar issue that occurs in Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:

892501 The Windows Time service may generate event ID 7023 after you upgrade to Windows Server 2003 Service Pack 1


Keywords: kbtshoot kbexpertiseadvanced kbprb KB932462



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/932462&oldid=227838
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki