W32time but for second DC?

I just raised my domain fuinction level to windows 2003 native. I have two DC's and I assume DC1 is still the fsmo owner and possibly the PDCE. I ran the command on DC 1 to sync with microsofts time but what should I do about DC2? I am getting the folliwng error messages on DC2:

Time Provider NtpClient: No valid response has been received from domain controller dc1.domain.local after 8 attempts to contact it. This domain controller will be discarded as a time source and NtpClient will attempt to discover a  new domain controller from which to synchronize.

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

The time provider NtpClient cannot reach or is currently receiving invalid time data from dc1.domain.local (ntp.d|>

The time service detected a time difference of greater than 5000 milliseconds  for 900 seconds. The time difference might be caused by synchronization with  low-accuracy time sources or by suboptimal network conditions. The time service is no longer synchronized and cannot provide the time to other clients or update  the system clock. When a valid time stamp is received from a time service  provider, the time service will correct itself.  

Should DC2 sync with DC1 or should DC2 also sync to an external time source? Thanks.
Who is Participating?
JamesDSConnect With a Mentor Commented:

Run DUMPFSMOS and ascertain which DC is holding the PDCEmulator role:

This is the server that should be syncing to the outside world - no others.

Fixing timesync is different according to the machine type...

If it's a Member Server, standard Domain Controller (not a PDCEmulator) or standard workstation then behave as if its a member server (below)
If it's a PDCEmulator then make sure you allow port 123TCP/UDP outbound on your firewall and configure the external microsoft time service by entering this at the command line
NET TIME /SETSNTP:time.windows.com

If it's a workstation, member server or a standard Domain Controller:

Members of the Active Directory sync with their local DC (local as in local AD site). The DCs then sync with the PDCEmulator, so the PDCE is the root of all time - as it were!

Diagnosis of timesync errors is difficult, but do not be tempted to use NET TIME /SETSNTP: on all machines in the domain (as suggested to many questions like this one, unless it's a PDCE), as it specifically overrides the natural internal operation of the time service within Active Directory.

These commands are written for Windows 2003 and Windows XP. There are some equivalents for windows 2000, use W32tm /? or W32Time /? from the command line to look for alternatives on older OSs.

to clear any entry and return to the default settings

to synch NOW with your authenticating DC and begin the diagnosis:

Start by verifying your domain is synching AD by using REPLMON.EXE in the support tools pack on the Windows installation CD.

If this is OK then run this from the command line:
W32TM /monitor

to ensure that each member server/workstation is actually pointing to a DC.

If this is OK then run this from the command line:
W32TM /resync /rediscover

followed by:
W32TM /resync /nowait

and check the system eventlog for W32TIME errors. This process does a full reset and recheck of the time system as it relates to one member machine on your AD.

Post any errors here

Explantion of why it doesn't always instantly set the right time:
Timesync works as follows:

If the local clock time of the time client is behind the current time received from the time server, W32Time will change the local clock time immediately.
If the local clock time of the time client is more than three minutes ahead of the time on the time server, W32Time will change the local clock time immediately.
If the local clock time of the time client is less than three minutes ahead of the time on the server, W32Time will quarter or halve the clock frequency for long enough to bring the clocks into sync. If the client is less that 15 seconds ahead, it will halve the frequency; otherwise, it will quarter the frequency. The amount of time the clock spends running at an unusual frequency depends on the size of the offset that is being corrected.

W32Time will periodically check its local time with the current time by connecting to the time source. This process starts as soon as the service turns on during system start-up. W32Time attempts synchronization every 45 minutes until the clocks have successfully synchronized three times. When the clocks are correctly synchronized, W32Time then synchronizes at eight-hour intervals, unless there is a failure to obtain a timestamp, or a validation failure. If there is a failure, the process starts over from the beginning.

Set it by hand (or with the command NET TIME /SET /YES) as close as you can and then simply leave it to sort itself out.


When I try to run the W32TM /resync /rediscover and W32TM /resync /nowait commands, I get the following error:  "The following error occurred:  Access is denied (0x80070005)."  I'm running this command on our PDC Emulator (Windows 2003 Server).  The W32TM /monitor command runs fine.  Any help with this error would be appreciated.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.