Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


W32time but for second DC?

Posted on 2004-09-01
Medium Priority
Last Modified: 2010-05-18

I just raised my domain fuinction level to windows 2003 native. I have two DC's and I assume DC1 is still the fsmo owner and possibly the PDCE. I ran the command on DC 1 to sync with microsofts time but what should I do about DC2? I am getting the folliwng error messages on DC2:

Time Provider NtpClient: No valid response has been received from domain controller dc1.domain.local after 8 attempts to contact it. This domain controller will be discarded as a time source and NtpClient will attempt to discover a  new domain controller from which to synchronize.

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

The time provider NtpClient cannot reach or is currently receiving invalid time data from dc1.domain.local (ntp.d|>

The time service detected a time difference of greater than 5000 milliseconds  for 900 seconds. The time difference might be caused by synchronization with  low-accuracy time sources or by suboptimal network conditions. The time service is no longer synchronized and cannot provide the time to other clients or update  the system clock. When a valid time stamp is received from a time service  provider, the time service will correct itself.  

Should DC2 sync with DC1 or should DC2 also sync to an external time source? Thanks.
Question by:SANG501
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 16

Accepted Solution

JamesDS earned 2000 total points
ID: 11959107

Run DUMPFSMOS and ascertain which DC is holding the PDCEmulator role:

This is the server that should be syncing to the outside world - no others.

Fixing timesync is different according to the machine type...

If it's a Member Server, standard Domain Controller (not a PDCEmulator) or standard workstation then behave as if its a member server (below)
If it's a PDCEmulator then make sure you allow port 123TCP/UDP outbound on your firewall and configure the external microsoft time service by entering this at the command line
NET TIME /SETSNTP:time.windows.com

If it's a workstation, member server or a standard Domain Controller:

Members of the Active Directory sync with their local DC (local as in local AD site). The DCs then sync with the PDCEmulator, so the PDCE is the root of all time - as it were!

Diagnosis of timesync errors is difficult, but do not be tempted to use NET TIME /SETSNTP: on all machines in the domain (as suggested to many questions like this one, unless it's a PDCE), as it specifically overrides the natural internal operation of the time service within Active Directory.

These commands are written for Windows 2003 and Windows XP. There are some equivalents for windows 2000, use W32tm /? or W32Time /? from the command line to look for alternatives on older OSs.

to clear any entry and return to the default settings

to synch NOW with your authenticating DC and begin the diagnosis:

Start by verifying your domain is synching AD by using REPLMON.EXE in the support tools pack on the Windows installation CD.

If this is OK then run this from the command line:
W32TM /monitor

to ensure that each member server/workstation is actually pointing to a DC.

If this is OK then run this from the command line:
W32TM /resync /rediscover

followed by:
W32TM /resync /nowait

and check the system eventlog for W32TIME errors. This process does a full reset and recheck of the time system as it relates to one member machine on your AD.

Post any errors here

Explantion of why it doesn't always instantly set the right time:
Timesync works as follows:

If the local clock time of the time client is behind the current time received from the time server, W32Time will change the local clock time immediately.
If the local clock time of the time client is more than three minutes ahead of the time on the time server, W32Time will change the local clock time immediately.
If the local clock time of the time client is less than three minutes ahead of the time on the server, W32Time will quarter or halve the clock frequency for long enough to bring the clocks into sync. If the client is less that 15 seconds ahead, it will halve the frequency; otherwise, it will quarter the frequency. The amount of time the clock spends running at an unusual frequency depends on the size of the offset that is being corrected.

W32Time will periodically check its local time with the current time by connecting to the time source. This process starts as soon as the service turns on during system start-up. W32Time attempts synchronization every 45 minutes until the clocks have successfully synchronized three times. When the clocks are correctly synchronized, W32Time then synchronizes at eight-hour intervals, unless there is a failure to obtain a timestamp, or a validation failure. If there is a failure, the process starts over from the beginning.

Set it by hand (or with the command NET TIME /SET /YES) as close as you can and then simply leave it to sort itself out.



Expert Comment

ID: 12927024
When I try to run the W32TM /resync /rediscover and W32TM /resync /nowait commands, I get the following error:  "The following error occurred:  Access is denied (0x80070005)."  I'm running this command on our PDC Emulator (Windows 2003 Server).  The W32TM /monitor command runs fine.  Any help with this error would be appreciated.

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question