Secure Time Seeding: Windows feature turns system clocks into random products

Secure Time Seeding: Windows feature turns system clocks into random products

The system time is important information for many programs and services – after all, it is used to determine the synchronization time or to check the validity of digital certificates. In order to improve the reliability of the system clock, Microsoft introduced the “Secure Time Seeding” (STS) feature in 2016, which uses locally stored certificates to generate the correct time even when there is no secure connection.

Windows 11: Microsoft tests new operating system repair function

Exactly this function is currently causing massive problems, as Ars Technica reports. Because instead of a reliable heuristic that is supposed to adjust the system time on the local servers, it sometimes simply generates random numbers. As a system administrator explains to the portal, about “20 out of 5,000 servers” are affected – and the trend is rising. This can lead to critical errors if correct and constant times cannot be specified.

“Given the heuristic nature of Secure Time Seeding and the variety of possible implementations that our customers use, we are keeping the option open to disable this feature,” Microsoft said in a statement to Ars Technica. Over time, it is realistic that adjustments to TLS v1.3 and further explanations may result in Secure Time Seeding becoming less effective.

A temporary solution can be used to circumvent the problem. To do this, the “UtilizeSslTimeData” key must be set to 0 in the registry editor in the “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config” directory on the affected machines in order to disable secure time seeding. For activation, the value of the REG_DWORD type is reset to 1.


Please enter your comment!
Please enter your name here