Update description and links in documentation

aditipatange · web-flow · commit d8d47e3b2132 · 2025-04-13T11:13:03.000-07:00
Fixed localization errors
diff --git a/support/windows-server/active-directory/sts-recommendations-for-windows-server.md b/support/windows-server/active-directory/sts-recommendations-for-windows-server.md
@@ -1,7 +1,7 @@
 ---
 title: Secure Time Seeding Recommendation for Windows Server
-description: Describes workarounds for an issue in which the computer clock resets to a past date and time.
-ms.date: 
+description: Recommendations for Secure Time Seeding feature on Windows Server along with general good time synchronization practices.
+ms.date: 04/14/2025
 manager: 
 audience: itpro
 ms.topic: troubleshooting
@@ -21,7 +21,7 @@ _Applies to:_ &nbsp;All editions of Windows Server 2025, Windows Server 2022, Wi
 
 **Brief Summary**
 
-Customers have reported timekeeping issues on Windows Server 2016 and newer Windows Server OS deployments linked to the [Secure Time Seeding (STS)](https://learn.microsoft.com/en-us/archive/blogs/w32time/secure-time-seeding-improving-time-keeping-in-windows) feature, due to its incompatibility with the affected deployments.
+Customers have reported timekeeping issues on Windows Server 2016 and newer Windows Server OS deployments linked to the [Secure Time Seeding (STS)](https://learn.microsoft.com/archive/blogs/w32time/secure-time-seeding-improving-time-keeping-in-windows) feature, due to its incompatibility with the affected deployments.
 
 Based on customer reports and the associated feedback, we recommend the Secure Time Seeding (STS) feature to be disabled on your Windows Server 2016 and newer Windows Server machines hosting time-sensitive workloads. This includes any ADDS Domain Controllers, VM Hosts, Servers that use time for critical functionality or providing connectivity or as part of data processing in your deployments.
 
@@ -47,7 +47,7 @@ This article gives high-level overview of:
 
 Secure Time Seeding (STS) is a heuristic based timekeeping mechanism on Windows OS that determines the approximate current time using time metadata from outbound SSL/TLS connections on a machine and uses that time information to detect and correct any large errors in the system clock on that machine.
 
-The approximate time determined by STS depends on the time metadata available to the feature. This time metadata originates from the SSL/TLS servers that a machine connects to. Please refer to this article (originally published in 2016) for more details on the STS feature: [Secure Time Seeding – improving time keeping in Windows \ Microsoft Learn](https://learn.microsoft.com/en-us/archive/blogs/w32time/secure-time-seeding-improving-time-keeping-in-windows)
+The approximate time determined by STS depends on the time metadata available to the feature. This time metadata originates from the SSL/TLS servers that a machine connects to. Please refer to this article (originally published in 2016) for more details on the STS feature: [Secure Time Seeding – improving time keeping in Windows \ Microsoft Learn](https://learn.microsoft.com/archive/blogs/w32time/secure-time-seeding-improving-time-keeping-in-windows)
 
 The primary goal of the STS feature is to correct system time when environmental factors such as hardware malfunctions or other sources introduce time errors large enough to prevent SSL/TLS from functioning as expected. The rate of incidence of such environment-induced time errors depends on the specific deployment environment.
 
@@ -99,7 +99,7 @@ Disabling (or enabling) STS requires administrators to modify settings either in
 
 | Group Policy Setting | Local Setting |
 |----------------------|---------------|
-| Path: Computer Configuration\Administrative Templates\System\Windows Time Service<br><br>Group Policy: Global Configuration Settings<br>Setting: UtilizeSslTimeData<br>Value:<br>0 = STS disabled<br>1 = STS enabled<br>(Reboot required)<br>[https://learn.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings?tabs=config#using-local-group-policy-editor](https://learn.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings?tabs=config#using-local-group-policy-editor) | Please back up existing settings before making any registry changes.<br><br>Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config<br>Value Name: UtilizeSslTimeData<br>Value Type: REG_DWORD<br>Value:<br>0 = STS disabled<br>1 = STS enabled<br>(Reboot required)<br>[https://learn.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings?tabs=config#windows-time-registry-reference](https://learn.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings?tabs=config#windows-time-registry-reference)<br><br>Command to disable STS Local setting in registry:<br>reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config" /v "UtilizeSslTimeData" /t REG_DWORD /d 0 /f |
+| Path: Computer Configuration\Administrative Templates\System\Windows Time Service<br><br>Group Policy: Global Configuration Settings<br>Setting: UtilizeSslTimeData<br>Value:<br>0 = STS disabled<br>1 = STS enabled<br>(Reboot required)<br>[https://learn.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings?tabs=config#using-local-group-policy-editor](https://learn.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings?tabs=config#using-local-group-policy-editor) | Please back up existing settings before making any registry changes.<br><br>Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config<br>Value Name: UtilizeSslTimeData<br>Value Type: REG_DWORD<br>Value:<br>0 = STS disabled<br>1 = STS enabled<br>(Reboot required)<br>[https://learn.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings?tabs=config#windows-time-registry-reference](https://learn.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings?tabs=config#windows-time-registry-reference)<br><br>Command to disable STS Local setting in registry:<br>reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config" /v "UtilizeSslTimeData" /t REG_DWORD /d 0 /f |
 
 Determine STS setting used by W32time service:
 - Using Services Events (_not available on all editions and releases_):
@@ -146,15 +146,15 @@ Timekeeping and time synchronization are complex topics that are subjects of sev
 - Timekeeping on a machine can be influenced by software such as the OS itself, inbox services like W32time service, admin tools, 3rd party applications with sufficient privileges or by the underlying timekeeping firmware/hardware, backup CMOS clock/battery, runtime conditions on the CPU/Memory or even environmental conditions. Various timekeeping and time synchronization features in Windows aim to bring order to this seemingly chaotic process of timekeeping and attempt to keep a machine’s time within acceptable limits for a given use case.
 - Commodity computing equipment typically needs time corrections, and this applies to devices running various Windows OS SKUs also. In-market Windows OS SKUs (Server 2016, Server 2019, Server 2022, Server 2025, Windows 10, Windows 11, Windows 10 IoT, Windows 11 IoT, inclusive of multiple intermediate releases and various other Windows OS SKUs) each have a default W32Time Service configuration to maintain and synchronize time on a generic device.
   - As part of this, STS is enabled by default on Windows Server 2016, Windows Server 2019, Windows Server 2022 and intermediate releases and is disabled by default on various editions of Windows Server 2025, based on customer feedback.
-- Familiarize yourself with the W32time service registry settings documented here: [Windows Time service tools and settings \ Microsoft Learn](https://learn.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings?tabs=config).
+- Familiarize yourself with the W32time service registry settings documented here: [Windows Time service tools and settings \ Microsoft Learn](https://learn.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings?tabs=config).
 - Many customers modify the default W32Time settings to better suit their deployment and timekeeping requirements. Modifying the STS setting should be considered in a similar vein.
 - Capturing the System Event Logs (among other event logs) on Windows systems in a deployment can be helpful in triaging various issues in the deployment.
   - Setting the system time in Windows OS results in Kernel-General Event #1 being logged in the System Event Log. The message text in this event has been bolstered over OS releases and all versions should log / identify the PID of the process setting the time and a way to compute the time change.
   - All events in the System Event Log include current Local System Time in the metadata.
   - Some Windows OS SKUs by default write the System event logs into this file: _%SystemRoot%\System32\Winevt\Logs\System.evtx_, and these logs can be typically viewed in the EventViewer application.
   - Several aspects of event logging are configurable by the Administrator.
   - Windows OS SKUs without the default event logging component can capture this event log using event listeners.
-  - This article and linked video explain various aspects of Windows Event logging: [https://techcommunity.microsoft.com/t5/itops-talk-blog/understanding-the-windows-event-log-and-event-log-policies/ba-p/4065107](https://techcommunity.microsoft.com/t5/itops-talk-blog/understanding-the-windows-event-log-and-event-log-policies/ba-p/4065107). Further details are available in this Windows training module: [https://learn.microsoft.com/en-us/training/modules/manage-monitor-event-logs/](https://learn.microsoft.com/en-us/training/modules/manage-monitor-event-logs/).
+  - This article and linked video explain various aspects of Windows Event logging: [https://techcommunity.microsoft.com/t5/itops-talk-blog/understanding-the-windows-event-log-and-event-log-policies/ba-p/4065107](https://techcommunity.microsoft.com/t5/itops-talk-blog/understanding-the-windows-event-log-and-event-log-policies/ba-p/4065107). Further details are available in this Windows training module: [https://learn.microsoft.com/training/modules/manage-monitor-event-logs/](https://learn.microsoft.com/en-us/training/modules/manage-monitor-event-logs/).
   - Several monitoring solutions available in the market (created by 3rd parties, as well as Microsoft) capture event logs as part of their functionality. This document does not recommend any specific solution.
 - Time-sensitive workloads are applications and services that require a machine’s time to be accurate within a certain margin of error. Hosting time-sensitive workloads in a deployment is an important factor in deciding on further customization of time synchronization and distribution topology described below.
 - Managing timekeeping on any deployment makes it necessary to monitor the time on each device in that deployment and have an action plan when the monitoring indicates errors.
