Microsoft offers Windows Server year 2000 rollback fix

Microsoft has posted a fix for an issue that saw Windows Domains travel back in time to the year 2000.

The issue causes Active Directory replication errors, Kerberos authentication failure and issues for other time-sensitive operations and data such as DHCP leases, DNS records, object life cycles and date-driven password changes on computer accounts.

The most impacted Windows Domain forests contain Windows Server 2003 Domain Controllers, Microsoft said.

To sort out the problem, Microsoft is warning users not to reboot servers immediately, but to follow a complex multi-step recovery process in the right order.

"Taking shortcuts can actually make things worse so stay on the path," the firm advised.

"If you are unsure about any of the recovery steps, contact CTS [Commercial Technical Support] and we can help you through this. 'Don’t be a hero'."

The problem started on November 19 as the network time protocol (NTP) server at the United States Naval Observatory or USNO was upgraded.

For 51 minutes between 21:07:32 to 21:58:56 universal time, the server gave out the year 2000 instead of 2012. The error has since then been rectified, but USNO recommends that anyone using NTP should get their times from three different sources at minimum.

This lets time keeping software use redundant data to identify and ignore incorrect time sources.

Microsoft also advises to use several time sources, but also to configure Windows Time Service to protect it against large offsets.

This can be done by editing Registry entries and deployed by using the Global Policy Object Editor.