Showing posts with label WinDbg. Show all posts
Showing posts with label WinDbg. Show all posts

Friday, June 3, 2016

Windows 10 TH2 - date and time are frozen (continously revert to some date in the past)

I've noticed something strange with my Windows 10 TH2 labs running as guest on Hyper-V host Windows Server 2016 TP5. After some time of operating, labs enter some bad state:
  • Date and time is frozen at some time in the past.
  • Win10 VM utilizes 100% of one CPU core (by svchost.exe)
  • VM stops responding after some time of operating in this state.
I've also noticed that bug appears only when there is no Internet connection (LAN without routes to the Internet and without the proxy).

How to fix that issue

Just start a command prompt as an administrator:
reg.exe add "HKLM\System\CurrentControlSet\Services\W32Time\Config" /v "UtilizeSslTimeData" /t REG_DWORD /d 0 /f
net stop w32time
net start w32time
Or you can apply Group Policy setting:
\Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Global Configuration Settings     UtilizeSslTimeData=0
\Administrative Templates\System\Windows Time Service\Global Configuration\Settings\UtilizeSslTimeData=0
* If you do not have "UtilizeSslTimeData" setting in your Group Policy Editor, you can use custom ADMX file W32Time_custom.admx to make it available (copy ADMX and ADML to C:\Windows\PolicyDefinitions\ folder and "UtilizeSslTimeData" will be accessible under \Computer Configuration\Policies\Administrative Templates\System\Windows Time Service (Custom)\Global Configuration Settings)

What causes that issue


As I realised reading this article, there is a new feature in the time synchronization service: 'Secure Time'. When the Internet connection is available, Windows 10 host automatically synchronizes time with SSL server (what server? I have no idea. It can be server for windows telemetry, windows update server or maybe this could be any https server?). And there is a bug in this logic: when the computer have no Internet access for some time, this logic is activated and reverts time to the time in the past again and again, to the time when Internet connection was available last time.

How I investigated this issue


WinDbg helped me to find out who freezes the time and date


I've attached to Windows 10 x86 VM with WinDbg as kernel debugger (KDnet & Hyper-V are really useful for kernel mode debugging and are my friends!).

Then I installed breakpoint on KeSetSystemTime function:
CONTINUE READING »
Author: at
Labels: , , ,
Subscribe to: Posts (Atom)