Windows Time Problems

I'm having a frustrating time getting Windows XP client PC's to synch time with a Windows 2003 server.  The server is a domain controller and is the only server and is the only domain controller in the network

The server was configured as follows:
1. use it's hardware clock as the time source (Microsft article 816042)
    hkey_local_machine\system\currentcontrolset\services\w32time\config\announceflags=a
2. clear any reference to time.windows.com
    net time /setsntp    (no server name given)
3. Advertise itself as a time source
    w32tm /config /reliable:yes
4. Restart the w32time service on the server
5. Ran dcdiag on the server without error


The XP Pro client is configured as follows:
1. net time /setsntp    (no server name given)
2. net stop w32time
3. w32tm /unregister  (to clear any old settings)
4. w32tm /register
5. net start w32time
6. w32tm /config /update /syncfromflags:domhier
7. w32tm /resync /rediscover

The resync command returns an error saying that the computer did not resync because no time data was available

I changed the client to manually configure the time source using the following:
   w32tm /config /update /manualpeerlistLmy server name) /syncfromflags:manual
but still can not w32tm /resync (same error - no time data available)

If I enter w32tm /monitor on the client PC, it returns my fully qualified server name,  ***PDC *** and my server address followed by some time offsets.  This implies (to me) that w32tm knows where to try and find the time source

If I use:
    net time /domain:(my domain name) /set
then the xp client is able to determine where to find the right time and everything works fine.

So I can’t figure out why w32tm can’t find a time source to sync with.
   
RockjodoAsked:
Who is Participating?
 
Joseph NyaemaConnect With a Mentor IT ConsultantCommented:
The following link could explain why you are not able to use w32tm to set the time.
http://support.microsoft.com/kb/243574/EN-US/

But I think you need to set the server a reliable time server as per
http://support.microsoft.com/kb/816042/

Then try the commands
net stop w32time && net start w32time
w32tm /resync /rediscover
0
 
Joseph NyaemaIT ConsultantCommented:
Rockjodo...

Try this...

Confirm that the preferred dns server ip is your internal dns server ip
confirm that resource records for your domain server are being created in dns.
Turn off the Windows Firewall

Run the following command
w32tm /config /update /syncfromflags:domhier

What happens?
0
 
RockjodoAuthor Commented:
The preferred dns is setup ok on the XP client and nslookup resolves the server forward and backward
The Windows firewall is turned off on the XP client (forgot to mention this)
Running W32tm /config /update /syncfromflags:domhier runs successfully, but w32tm /resync  (with or without /rediscover) does not work

0
[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

 
Pete LongTechnical ConsultantCommented:
Setting Domain Time

There a number of time service refinements in Server 2003 but the following will work on 2K as well. For continuity make the PDC Emulator the time server (in a 2003 domain it’s the time server by default)

First arm yourself with the names of TWO external time servers see the lists below

A List of the Simple Network Time Protocol Time Servers That Are Available on the Internet
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262680
or
Public NTP Primary (stratum 1) Time Servers
http://www.eecis.udel.edu/~mills/ntp/clock1a.html

Now you have two server names you need to find out two things

Is the server up?
What’s its IP address?

I’m in the UK so I use ntp1.pipex.net and ntp2a.mss.ac.uk

To answer the two questions above simply tracert to the server names (obviously you need DNS to be working first)

For example
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
tracert ntp2a.mcc.ac.uk

Tracing route to maverick.mcc.ac.uk [130.88.202.49]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  172.16.1.1

<loads of hops deleted>

29    24 ms    25 ms    22 ms  maverick.mcc.ac.uk [130.88.202.49]

Trace complete.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Using this method I now know the two IP addresses for those two time servers
Are 130.88.202.49 and 158.43.128.66

You need to know that information to allow your “Time Server” out to those IP addresses on your firewall NOTE you need to allow UDP Port 123 to those IP addresses for SNTP to work.

On the server issue the following command.

net time /setsntp:"ntp1.pipex.net ntp2a.mcc.ac.uk"

to ensure the command was successful issue the following

net time /querysntp

NOTE
If you have a large complex network you can create local time servers in different locations (to cut down traffic etc) by editing the following registry key:
In HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\W32 Time\Parameters, find the REG_DWORD subkey called LocalNTP. Change the subkey value from 0 to 1. After you restart Windows Time Service, your Win2K system will function as an SNTP server.


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Your clients in a 2K and XP environment should slowly start getting the correct time (if they struggle you can issue the following command on them)

net time /setsntp:<IP address of your time server>

********If all that's too much Hassle*********

Set your server to atomic time using third party software

Freeware

http://www.philex.net/clock/
http://www.rocketsoftware.com/rockettime/screenshot.asp
http://www.lmhsoft.com/timesync/
0
 
RockjodoAuthor Commented:
I prefer not to use an external (internet) time source, so I tried to configure the one and only server to use it's hardware clock as the time source using Microsft article 816042. ( hkey_local_machine\system\currentcontrolset\services\w32time\config\announceflags=a)

Net time works ok (net time /domain:(my domain name) /set /y), but I am trying to get this to work with w32tm

Note that I had no better luck with this when using 'net time /setsntp:time.windows.com' on the server

Thanks
0
 
Leandro IaconoSenior Premier Field EngineerCommented:
I don't think the switches are being used correctly also with w32tm ...

"For the Windows Time service to use the changed made with W32tm, it must be notified of the changes. To notify Windows Time, at the command prompt, type w32tm /config /update. "

Perhaps something like this should be what you should insert in client PC ...

w32tm /config /update /register /resync[{ :ComputerName] [ /nowait] | [ /rediscover}] /syncfromflags DOMHIER

"Adjusts the time settings on the local or target computer. Time synchronization peers can be set with the /manualpeerlist switch. Changes to configuration are not used by Windows Time unless the service is restarted or the /update switch is used. /syncfromflags can be used to set the types of sources used for synchronization, and can be set to either MANUAL to use the manual peer list or DOMHIER to synchronize from a domain controller."

Or at least something like that .... jejeje .. depending on which paramaeter should go first and which last, unless the order doesn't matter ...

You can also find more info on w32tm here:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/de98cbdd-7d89-4896-9446-0df8f731b038.mspx
0
 
Joseph NyaemaIT ConsultantCommented:
TheLearnedONe :0)

There has been no update from Rockjodo on this.

All the same I believe I provided all the information required to solve this problem.

0
 
Leandro IaconoSenior Premier Field EngineerCommented:
I believe we all gave him valid solutions, but Nyaema did answer first.

Since we don't know which one worked ...
0
 
Wesn10Commented:
HA-ZAA - life is good again.  This is the first time I posted a question and I am totally amazed at the speed and support I received.  Many thanks to all of you.  What an OUTSTANDING team effort!  The solution which worked was the one that worked for Rockjodo posted on 4/6/2005 at 6:05 PM.  This was an excerise in entering command line commands but it worked.  I just cold booted the PC and logged in a second time.

This one issue just paid for my yearly subscription!  Thanks again.

Wes Newman
0
 
sivark14Commented:
Port 123 should be blocked in the machine that is why system could not able to sync with PDC. Use portquery to check the port 123 connectivity to PDC and also check is there any ipsec rule configured to block 123 port.
This should be port connectivity issue only.
0
All Courses

From novice to tech pro — start learning today.