{"id":2611,"date":"2023-08-28T16:00:52","date_gmt":"2023-08-28T20:00:52","guid":{"rendered":"https:\/\/increasec.com\/?p=2611"},"modified":"2025-06-26T13:57:22","modified_gmt":"2025-06-26T17:57:22","slug":"domain-controller-sts-time-guessing-off","status":"publish","type":"post","link":"https:\/\/increasec.com\/?p=2611","title":{"rendered":"Domain Controller STS time guessing OFF"},"content":{"rendered":"\n<p>Domain Controllers may use the time field in SSL connections to guess at the time when other time sources are unavailable.  OpenSSL puts random values in this field.<\/p>\n\n\n\n<p>Steve Gibson from SecurityNow podcast talks about this <a href=\"https:\/\/twit.tv\/shows\/security-now\/episodes\/936?autostart=false\" data-type=\"link\" data-id=\"https:\/\/twit.tv\/shows\/security-now\/episodes\/936?autostart=false\">here<\/a> at time marker 2 hours<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Windows Registry Editor Version 5.00<\/p>\n\n\n\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Config]<br>&#8220;UtilizeSslTimeData&#8221;=dword:00000000<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>I&#8217;ll put this here for reference<\/p>\n\n\n\n<p>netdom \/query fsmo<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>w32tm \/query \/configuration<br>w32tm \/query \/configuration > w32tm-query-configuration.log<\/p>\n\n\n\n<p>net  stop w32time <\/p>\n\n\n\n<p>w32tm \/config \/syncfromflags:manual \/manualpeerlist:&#8221;0.ca.pool.ntp.org, 1.ca.pool.ntp.org, 2.ca.pool.ntp.org&#8221;<\/p>\n\n\n\n<p>w32tm \/config \/reliable:yes<\/p>\n\n\n\n<p>net start w32time<\/p>\n\n\n\n<p>w32tm \/query \/status<br>w32tm \/query \/status > w32tm-query-status.log<\/p>\n\n\n\n<p>w32tm \/query \/configuration<\/p>\n\n\n\n<p>w32tm \/resync<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Domain Controllers may use the time field in SSL connections to guess at the time when other time sources are unavailable. OpenSSL puts random values in this field. Steve Gibson&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[51,21],"class_list":["post-2611","post","type-post","status-publish","format-standard","hentry","category-uncategorised","tag-domain","tag-windows"],"_links":{"self":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/2611","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2611"}],"version-history":[{"count":8,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/2611\/revisions"}],"predecessor-version":[{"id":3771,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/2611\/revisions\/3771"}],"wp:attachment":[{"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}