Technical FAQs

Ask a Question

Time on Power Monitoring Expert Server Changes to a Future Date in a Redundant System

The time on the PME server changes to 2084 or a similar year in the future.

Product Line
Power Monitoring Expert 8.1 (could apply to any version)
everRun from Stratus Technologies (Marathon)

PME installed on a redundant system running on Marathon

A series of these events are in Windows Security Log:

Log Name:      Security
Source:          Microsoft-Windows-Security-Auditing
Date:              7/30/2084 1:10:54 PM
Event ID:        4616
Task Category: Security State Change
Level:              Information
Keywords:       Audit Success
User:              N/A
Computer:      WIN-L9J7NRS9HL1
Description:   The system time was changed.

    Security ID:               SYSTEM
    Account Name:          WIN-L9J7NRS9HL1$
    Account Domain:        WORKGROUP
    Logon ID:                   0x3e7

Process Information:
    Process ID:    0xa34
    Name:        C:\Program Files (x86)\Citrix\XenTools\XenGuestAgent.exe

Previous Time:        ‎2084‎-‎07‎-‎30T18:10:54.628000000Z
New Time:              ‎2084‎-‎07‎-‎30T18:10:54.626000000Z

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.

As described above, the XenGuestAgent process is using System privilege to change the time.  A workarount would be to remove this priviledge:

1. From Administrative Tools open Local Security Policy
2. Navigate to Local Policies > User Rights Assignment


3. In 'Change the system time' remove the SYSTEM group
- open 'Change the system time' property window (double click on it)
- select SYSTEM group
- click on Remove
Was this helpful?
What can we do to improve the information ?