Domain Trust Relationship Implementation
Applies To: Windows Server 2008
The Windows Time service establishes a trust relationship with the domain. When a time server returns an authenticated Network Time Protocol (NTP) packet to a client that requests the time, the packet is signed by means of a Kerberos session key that is defined by an interdomain trust account. The interdomain trust account is created when a new Active Directory domain joins a forest, and the NetLogon service manages the session key. In this way, the domain controller that is configured as reliable in the forest root domain becomes the authenticated time source for all the domain controllers in both the parent and child domains - and indirectly for all computers in the domain tree.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-Time-Service |
The time provider NtpClient failed to establish a trust relationship between this computer and the %1 domain in order to securely synchronize time. NtpClient will try again in %3 minutes. The error was: %2 | |
Microsoft-Windows-Time-Service |
NtpClient was unable to set a domain peer to use as a time source because of failure in establishing a trust relationship between this computer and the '%3' domain in order to securely synchronize time. NtpClient will try again in %2 minutes and double the reattempt interval thereafter. The error was: %1 |