When you inspect the System event log on a Windows Server 2003 domain controller that was upgraded to SP1 (Service Pack 1), you see:

Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Description: The Windows Time service terminated with the following error:
Not all privileges referenced are assigned to the caller.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

When Setup installs SP1, it configures the Windows Time service to run in the LocalService account syntax. Prior to SP1, the Windows Time service ran in the LocalSystem account context. If the LocalService account has NOT been granted the Change the system time right, you will experience this error.

To workaround this problem, use either of the following:

Change the logon account of the Windows Time service:

1. Open a CMD.EXE prompt on the Windows Server 2003.

2. Type the following commands, pressing enter after each line:

sc config W32TIME obj= "LOCALSYSTEM"
sc QC W32TIME
sc start W32TIME

Grant the LocalService account the 'Change the system time' right:

1. Start / Administrative Tools / Domain Controller Security Policy.

2. Double-click Local Policies.

3. Select User Rights Assignment.

4. Double-click Change the system time.

5. Press Add User or Group.

6. Type LOCAL SERVICE.

7. Press OK.

8. Open a CMD.EXE window.

9. Type net start W32TIME and press Enter.