• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 21947
  • Last Modified:

Time Server Errors - WHY!!!

I just setup win2000 active directory, my problem is the Time Service.

When I bootup I get error "The NTP server  didn't respond"  Event ID:11

Things I did so far:

I opened UDP port 123 on my firewall
Set the following registry keys in  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

LocalNTP: 1 - always start the SNTP server
ntpserver: to the ones listed below, one at a time
period: SpecialSkew

ntp2.usno.navy.mil
tock.usno.navy.mil
tick.usno.navy.mil
132.163.4.102 (an IP I grabbed out of my 3rd party software that I use at home, still no luck)


If I go to the CMD prompt and type:

net stop w32time
w32tm -once -v

I get this responce:

W32Time: BEGIN:InitAdjIncr
W32Time:    Adj 156250 , Incr 156250  fAdjust 0
W32Time: END:Line 2503
W32Time: BEGIN:TsUpTheThread
W32Time: END  Line 1407
W32Time: TimeMMInit()
W32Time: Kernel timer : using default maximum resolution
W32Time:                MaximumTime = 156250
W32Time:                CurrentTime = 156250
W32Time: Timer calibrated, looped 1 times
W32Time: BEGIN:InitTmCfg
W32Time: END:Line 807
W32Time: BEGIN:InitTmCli
W32Time: END:Line 2596
W32Time: BEGIN:InitTmData
W32Time: END:Line 2618
W32Time: AvoidTimeSyncOnWan 0
W32Time: ntpserver - 132.163.4.102
W32Time: BEGIN:CMOSSynchSet
W32Time:    Setting adjustment 156250 - Bool  0
W32Time:    BEGIN:SetTSTimeRes
W32Time:    END:Line 1295
W32Time: END:Line 864
W32Time: BEGIN:InitializeDC
W32Time:    BEGIN:GetRole
W32Time:       Role is 'PDC'
W32Time:    END  Line 672
W32Time:    BEGIN:FetchParentDomainName
W32Time:       NetLogonGetTimeServiceParentDomain() returned 54b with ptr 0
W32Time:    END:Line 782
W32Time: END:Line 704
W32Time: Server: Binding to 1 NIC.
W32Time: Advertising that I'm a Time Service Provider
W32Time: BEGIN:TsUpTheThread
W32Time: timeBeginPeriod: setting resolution 9
W32Time: END  Line 1407
W32Time: BEGIN:TimeSync
W32Time: NTP(S): waiting for datagram...
W32Time:    BEGIN:FGetType
W32Time:    END  Line 254
W32Time:    BEGIN:FDoTimeNTPType
W32Time:       BEGIN:ChooseNTPServer
W32Time:       END  Line 2178
W32Time:       BEGIN:GetSocketForSynch
W32Time:          NTP: ntpptrs[0] - 132.163.4.102
W32Time:          Port Pinging to - 123
W32Time:          NTP: connect failed
W32Time:       END:Line 1170
W32Time:       BEGIN:GetDefaultRid
W32Time:       END  Line 2359
W32Time:       BEGIN:ComputeDelay
W32Time:          BEGIN:NTPTry -- init
W32Time:          END  Line 1683
W32Time:          BEGIN:NTPTry -- try
W32Time:             BEGIN:ComputeInterval
W32Time:             END  Line 2479
W32Time:             Sending to server  48 bytes...
W32Time:             NTP: send failed! - 10057
W32Time:             Logging event 0x8000000B. 15 min until this event is allowe
d again.
W32Time:             0x8000000B reported to System Log in Event Viewer
W32Time:          END  Line 1951
W32Time:          Time source failed to produce usable timestamp.
W32Time:          BEGIN:NTPTry -- fail
W32Time:          END  Line 1683
W32Time:          Time Out occured in sockets
W32Time:          BEGIN:NTPTry -- try
W32Time:             BEGIN:ComputeInterval
W32Time:             END  Line 2479
W32Time:             Sending to server  48 bytes...
W32Time:             NTP: send failed! - 10057
W32Time:             Rejecting logging event 0x8000000B. 899 sec until this even
t is allowed.
W32Time:          END  Line 1951
W32Time:          Time source failed to produce usable timestamp.
W32Time:          BEGIN:NTPTry -- fail
W32Time:          END  Line 1683
W32Time:          Time Out occured in sockets
W32Time:          BEGIN:NTPTry -- try
W32Time:             BEGIN:ComputeInterval
W32Time:             END  Line 2479
W32Time:             Sending to server  48 bytes...
W32Time:             NTP: send failed! - 10057
W32Time:             Rejecting logging event 0x8000000B. 899 sec until this even
t is allowed.
W32Time:          END  Line 1949
W32Time:          Time source failed to produce usable timestamp.
W32Time:          BEGIN:NTPTry -- fail
W32Time:          END  Line 1683
W32Time:       END  Line 1496
W32Time:    END  Line 368
W32Time:    BEGIN:ComputePostTimeData
W32Time:       BEGIN:ComputeInterval
W32Time:       END  Line 2479
W32Time:       BEGIN:ComputeSleepStuff
W32Time:          Computed stagger is 0ms, bias is 0ms
W32Time:          Time until next sync - 2699.960s
W32Time:       END:Line 816
W32Time:    END:Line 221
W32Time: END:Line 196
W32Time: BEGIN:TermTime
W32Time:    NTP(S): received shutdown notification.
W32Time:    TimeMMCleanup()
W32Time:    BEGIN:FinishCleanup
W32Time:       BEGIN:TsUpTheThread
W32Time:       END  Line 1407
W32Time:       Inform NetLogon That you are not a TS Provider
W32Time:       BEGIN:UnInitializeDC
W32Time:          Ptrs 0 - 0
W32Time:       END:Line 727
W32Time:       Time service stopped.
W32Time:    END:Line 407

What am I doing wrong here?  Am I using the wrong servers or what?  I would prefer to get this working instead of resolving to a 3rd party software.  500 points for the expert that gets me syncing.
0
madasczik
Asked:
madasczik
3 Solutions
 
akourafasCommented:

what I do on win2k & xp
net time /setsntp (to return to the original configuration)
net time /setsntp:clock.redhat.com
net stop w32time
net start w32time
net time /querysntp

maybe go make sure she auto starts on 2k.

firewall:
you opened port 123 for UDP
does the firewall restrict access to applications? I have to add a line to my checkpoint allowing services ie; www,ntp
Dont forget windows will incriment the time slowly if it was way off. stop start service
0
 
mlynch24Commented:
You can configure the Time service on the PDC operations master at the root of the forest to recognize an external Simple Network Time Protocol (SNTP) time server as authoritative by using the following net time command, where server_list is the server list:
net time /setsntp:time.windows.com

After you set the SNTP time server as authoritative, run either of the following commands on a computer other than the domain controller to reset the local computer's time against the authoritative time server:
net time /your domain name /set
Type the following commands, pressing ENTER after each command:
net stop w32time
w32tm –once
net start w32time

0
 
MarkDozierCommented:
First question.
Is there a need to go to a time server outside of your netwrok? Is it a business requirement?

You can configure you DC as a time server for your network and aviod the NTP problems and close up your firewall. There is a artcilce in Technet online covering how to do this.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
madasczikAuthor Commented:
Turns out my time SNTP settings are fine, figured out that DNS isn't working properly.  I have the Domain controller pointing to itself as the primary dns, the secondary dns server didn't have a forwarder setup.  Problem solved, splitting points for your help.
0
 
gayagaya2Commented:
how do i configure my dc to be a time server for the network?
0
 
madasczikAuthor Commented:
Edit or create these registry keys:

Start > Run > regedit.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

DWORD Value: ReliableTimeSource = 1
DWORD Value: LocalNTP = 1
String Value: ntpserver = clock.redhat.com
String Value: Period = SpecialSkew
DWORD Value: ReliableTimeSource = 1
String Value: Type = NTP

If there's other keys in there, leave them as is, after its up an running, the time service will automattically use the Adj key to adjust for line latency.

Here's the full set of registry values for more details: http://support.microsoft.com/kb/q223184/

Now all you do on the workstations is set the ntpserver value to the IP address of your time server and make sure the type is NTP, remove any microsoft preset ntpserver key entries and replace it with the new values.

If you have a firewall, be sure to open UDP port 123 in and out to the chosen time server, i used redhat's server above, I find it very reliable.  Do a goodle for NTP servers if you want to try others.

Need any other help, let me know.
0
 
gayagaya2Commented:
thanks madasczik. i am however interested with what you did with your situation before, where you were pointing the domain controller to itself as the primary dns. because i've added my dc ip address in my list of dns servers because i  was getting a netlogon error (event id 5774) before which was a result of not having the dc ip address on the list of dns servers. now i am getting the w32time error. do you think the w32time was a result of the correction i made for  event id 5774? if so, how do i fix the problem? could i use the clock.redhat.com even if i am on windows 2000?

thanks again.

0
 
madasczikAuthor Commented:
Where are you getting the error, at the domain controller or on the workstations?  Is the DNS on the same box as the domain controller?

Yes you can use clock.redhat.com or the IP address 66.187.233.4, NTP is pretty much universal and not OS restrictive.

One of the biggest problems I had to get rid of all the domain related errors was usually DNS related.  Here's what I figured out.  All workstations and servers that have been joined to the domain need to point their primary DNS TCP/IP entry to the active directory box.  Its best to do this prior to joining it to the domain.  As a fault-tolerance the workstations and servers secondary DNS TCP/IP entry needs to point to another internal DNS server or your ISP's DNS servers, so if the AD box goes down, the other boxes can still get out on the net.

I have DNS integrated with active directory on the same box.  That said, the domain controller points to itself as the primary DNS in TCP/IP settings and nothing else in the secondary.  Another thing I have done is add host records for each workstation and server on the domain controller so a name will resolve to an IP address and vice versa.

In my situation, I also have two other DNS severs that I use for hosting so I removed the root server hints on the Active Directory box and I set up two forwarders from the active directory box to my other DNS servers.  So for the active directory box to resolve an outside internet address, i send those requests to my other dns servers which have the root hint servers, then it can get out on the internet DNS servers to resolve a hostname like clock.redhat.com.  

So the progression of a DNS request goes like this for me.  The workstations point to Active Directory for DNS, Active Direcory using its own DNS to resolve internal pc names and ip address, any DNS requests that the AD can't  answer gets forwarded on to my hosting dns servers, these servers have the root server hints so they know where to send the DNS request out on the internet.

That out of the way, your active directory box needs to be able to get out to the internet in some way. Do a ping clock.redhat.com and see if the get an IP address return, you won't get any real packets back since they block ping to that box.  Please provide some more info.
0
 
gayagaya2Commented:
i am getting the error on the domain controller. the dns is in the same box as the domain controller. i also have an active directory integrated dns. i've also set up host address for each workstation in the network. but unlike you, i only have one box. on my dns server list i have three entries:  first, the ip address of my server, second and third, the dns servers of my isp. all of my workstations' primary dns in the tcp/ip settings point to my server's ip address. now i am concerned because i have two persistent errors:

1) Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1000
Date:            12/21/2004
Time:            2:23:57 PM
User:            NT AUTHORITY\SYSTEM
Computer:      MYSERVER
Description:
Windows cannot determine the user or computer name. Return value (1326).


2)Event Type:      Warning
Event Source:      w32time
Event Category:      None
Event ID:      11
Date:            12/21/2004
Time:            7:23:22 AM
User:            N/A
Computer:      MYSERVER
Description:
The NTP server  didn't respond
Data:
0000: 00 00 00 00               ....    

and i just found another one

Event Type:      Warning
Event Source:      MRxSmb
Event Category:      None
Event ID:      3019
Date:            12/21/2004
Time:            10:05:24 AM
User:            N/A
Computer:      MYSERVER
Description:
The redirector failed to determine the connection type.
Data:
0000: 00 00 00 00 04 00 4e 00   ......N.
0008: 00 00 00 00 cb 0b 00 80   ....Ë..€
0010: 00 00 00 00 84 01 00 c0   ....„..À
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
 
do you think these errors are related?

thanks again for your help

gayagaya2
0
 
madasczikAuthor Commented:
Try doing a manual sync first to see if the computer can connect to the time server. type the following in a command prompt:

net stop w32time
w32tm -once -v

If it can connect ok, you should get a result like this:

W32Time: BEGIN:InitAdjIncr
W32Time:    Adj 156250 , Incr 156250  fAdjust 0
W32Time: END:Line 2503
W32Time: BEGIN:TsUpTheThread
W32Time: END  Line 1407
W32Time: TimeMMInit()
W32Time: Kernel timer : using default maximum resolution
W32Time:                MaximumTime = 156250
W32Time:                CurrentTime = 156250
W32Time: Timer calibrated, looped 1 times
W32Time: BEGIN:InitTmCfg
W32Time: END:Line 807
W32Time: BEGIN:InitTmCli
W32Time: END:Line 2596
W32Time: BEGIN:InitTmData
W32Time: END:Line 2618
W32Time: AvoidTimeSyncOnWan 0
W32Time: ntpserver - clock.redhat.com
W32Time: BEGIN:CMOSSynchSet
W32Time:    Setting adjustment 156250 - Bool  0
W32Time:    BEGIN:SetTSTimeRes
W32Time:    END:Line 1295
W32Time: END:Line 864
W32Time: BEGIN:InitializeDC
W32Time:    BEGIN:GetRole
W32Time:       Role is 'PDC'
W32Time:    END  Line 672
W32Time:    BEGIN:FetchParentDomainName
W32Time:       NetLogonGetTimeServiceParentDomain() returned 54b with ptr 0
W32Time:    END:Line 782
W32Time: END:Line 704
W32Time: Server: Binding to 1 NIC.
W32Time: Advertising that I'm a Time Service Provider
W32Time: BEGIN:TsUpTheThread
W32Time: timeBeginPeriod: setting resolution 9
W32Time: END  Line 1407
W32Time: BEGIN:TimeSync
W32Time: NTP(S): waiting for datagram...
W32Time:    BEGIN:FGetType
W32Time:    END  Line 254
W32Time:    BEGIN:FDoTimeNTPType
W32Time:       BEGIN:ChooseNTPServer
W32Time:       END  Line 2178
W32Time:       BEGIN:GetSocketForSynch
W32Time:          NTP: ntpptrs[0] - CLOCK.REDHAT.COM
W32Time:          rgbNTPServer CLOCK.REDHAT.COM
W32Time:          Port Pinging to - 123
W32Time:          Connecting to "CLOCK.REDHAT.COM" (66.187.224.4)
W32Time:       END:Line 1170
W32Time:       BEGIN:GetDefaultRid
W32Time:       END  Line 2359
W32Time:       BEGIN:ComputeDelay
W32Time:          BEGIN:NTPTry -- init
W32Time:          END  Line 1683
W32Time:          BEGIN:NTPTry -- try
W32Time:             BEGIN:ComputeInterval
W32Time:             END  Line 2479
W32Time:             Sending to server  48 bytes...
W32Time:             Recv'ed from server  48 Bytes...
W32Time:          END  Line 1885
W32Time:          BEGIN:NTPTry -- delay
W32Time:          END  Line 2012
W32Time:          Round trip was 45ms
W32Time:          BEGIN:NTPTry -- try
W32Time:             BEGIN:ComputeInterval
W32Time:             END  Line 2479
W32Time:             Sending to server  48 bytes...
W32Time:             Recv'ed from server  48 Bytes...
W32Time:          END  Line 1885
W32Time:          BEGIN:NTPTry -- delay
W32Time:          END  Line 2012
W32Time:          Round trip was 62ms
W32Time:          BEGIN:NTPTry -- try
W32Time:             BEGIN:ComputeInterval
W32Time:             END  Line 2479
W32Time:             Sending to server  48 bytes...
W32Time:             Recv'ed from server  48 Bytes...
W32Time:          END  Line 1885
W32Time:          BEGIN:NTPTry -- delay
W32Time:          END  Line 2012
W32Time:          Round trip was 46ms
W32Time:          BEGIN:NTPTry -- try
W32Time:             BEGIN:ComputeInterval
W32Time:             END  Line 2479
W32Time:             Sending to server  48 bytes...
W32Time:             Recv'ed from server  48 Bytes...
W32Time:          END  Line 1885
W32Time:          BEGIN:NTPTry -- delay
W32Time:          END  Line 2012
W32Time:          Round trip was 46ms
W32Time:          BEGIN:NTPTry -- gettime
W32Time:             BEGIN:Fgmtimetonttime
W32Time:             END  Line 2563
W32Time:          END  Line 1998
W32Time:          one-way delay is 23ms
W32Time:       END  Line 1645
W32Time:    END  Line 368
W32Time:    BEGIN:TimeDiff
W32Time:       ClockError -0
W32Time:    END  Line 2542
W32Time:    BEGIN:FCheckTimeSanity
W32Time:       Adjusting time by 0 ms. No eventlog messages since time difference is 0 <1 minute
W32Time:    END  Line 570
W32Time:    BEGIN:SetTimeNow
W32Time:    END  Line 1280
W32Time:    Time was 49min 22.662s
W32Time:    Time is  49min 22.662s
W32Time:    Error 0ms
W32Time:    BEGIN:CheckLeapFlag
W32Time:    END:Line 606
W32Time:    BEGIN:ComputePostTimeData
W32Time:       BEGIN:ComputeInterval
W32Time:       END  Line 2479
W32Time:       BEGIN:ComputeSleepStuff
W32Time:          Computed stagger is 0ms, bias is 0ms
W32Time:          Time until next sync - 2699.960s
W32Time:       END:Line 816
W32Time:    END:Line 221
W32Time: END:Line 196
W32Time: BEGIN:TermTime
W32Time:    NTP(S): received shutdown notification.
W32Time:    TimeMMCleanup()
W32Time:    BEGIN:FinishCleanup
W32Time:       BEGIN:TsUpTheThread
W32Time:       END  Line 1407
W32Time:       Inform NetLogon That you are not a TS Provider
W32Time:       BEGIN:UnInitializeDC
W32Time:          Ptrs 0 - 0
W32Time:       END:Line 727
W32Time:       Time service stopped.
W32Time:    END:Line 407

In this instance, no time adjustment was needed since it does it several times a day, if you look at my original post, you will see a failed result, particularly the line W32Time: Time source failed to produce usable timestamp.

I think you are having the same problem I had where the domain controller wasn't able to send DNS requests externally.  A dead give away is if you can't even get to a webpage like yahoo.  I think when you point a domain controller to itself as primary DNS in TCP/IP, the secondaries are ignored for some reason.  Not 100% sure why it does this but enabling a forwarder will resolve it.

Let's try this:

1. In TCP/IP settings there's only 1 DNS entry, the AD box itself, no ISP DNS entries.
2. Now go to the DNS console where you added the hosts.  In the left pane, right click on the domain controller name and hit properties.  Then on the Forwarders tab add your 2 ISP DNS IPs.
3. Then try the manual sync again.

net stop w32time
w32tm -once -v
net start w32time (after its successful)

I'll have to look into those other 2 errors, open a new question up for that.  Let me know how you make out.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now