Video Screencast Help

SIM Console events with 8 hour timing delay

Created: 07 May 2008 • Updated: 21 May 2010 | 4 comments

Encountered a really strange issue. Within the office, there are 5 or 6 workstations that are installed with the SIM console (4.5.2.22 with Hotfix 8 version). All the other workstations do not exhibit this issue, except for 1 particular workstation running Win XP professional with SP2, regardless of the SSIM user logged in (e.g. device administrator, SSIM administrator etc).

The issue is that all events seen under the Published Queries (created to show last 5 min events from a particular device) are 8 hours behind! For example, if the current time is 11am, the events coming in will show 3am.

We have determined that that particular workstation's time is synched to NTP, region settings are correct. Uninstalled and reinstalled the SSIM console many times, combed through the Windows registry to see if anything could throw off the workstation's time, tried to set timezone for the javavm installed by the SSIM console installation manually (not successful).

Has anyone else encountered this before and if not, what should I do to try and resolve the issue (short of reinstalling the whole OS)?

Tks!

Comments 4 CommentsJump to latest comment

Laurent_c's picture

If you are opening the same event on 2 different machines they do not show the same time?

Can you specifiy what variable name you using to look at the event or to compare? Event date creation, Original event date etc..

Is it coming from events of a specific collector or product?



chowski's picture

@ Laurent

Sorry, just saw your reply. Forgot to set an email follow-up

The other machines are all ok, i.e. the events are correct timing (logged at), except for one workstation where all events are -8 hours. We have checked time synchronization on the workstation as well as quite a few other timing related settings and it seems to be identical to the other workstations.

Tks!

Laurent_c's picture

Maybe enable the debug on this machine for the collector, and have a look at the raw event message. Check the event_dt variable if it is correct.

What timezone and what product oyu collecting from ?

chowski's picture

Well, we have kinda given up on trying to resolve. Symantec's suggestion is that we check with Microsoft. The workaround we have implemented is to install Virtual PC with a clean OS and run the SSIM console from there.

Tks!