Local and Domain NTP Overridden by Secure Time Service

Starting with Windows 10 1511, Microsoft introduced a new feature called Secure Time Seeding, part of the Secure Time Service (STS), as an upgrade to the W32TIME service. The STS uses information from SSL connections to validate NTP data. Information from this feature supersedes all other time sources, including locally configured NTP, domain controllers, and Hyper-V time synchronization.

I first noticed the feature when several of my Hyper-V virtual machines began shifting their system clocks backwards and forwards several times a minute. At first the time changes spanned a few hours, but as the machine uptime climbed, so did the time jumps. Eventually, the time was bouncing backwards and forwards by weeks, several times a minute. The Hyper-V time synchronization service was fighting with the new Secure Time Service and this wrecked havoc on authentication and any other services running on the systems.

Continue reading

BitLocker XTS-AES with Storage Spaces on Windows 1511 causes Data Corruption

I built a new computer over the weekend and wanted to take advantage of Storage Spaces to group some drives together. Little did I know that adding BitLocker to the volume would quickly corrupt and obliterate the data on it.

BitLocker Corruption

The issue only appears relevant on the Windows 10 1511 Novenber Build (TH2, 10586) when the OS drive is also encrypted by BitLocker and when the new XTS-AES 128 format is used. Shortly after encryption begins, files and directories will begin to vanish from the volume. After a reboot the volume is entirely unmountable and the above error displays stating that “the disk structure is corrupted and unreadable.”

Continue reading