eggster34
asked on
Domain Time Synch Problem
Hello
I have a domain with 10 windows 2003 servers and 20 XP Pro clients.
I have created a GPO that would time sync the servers and the clients to an external time source (north-america.pool.ntp.or
please help.
I have a domain with 10 windows 2003 servers and 20 XP Pro clients.
I have created a GPO that would time sync the servers and the clients to an external time source (north-america.pool.ntp.or
please help.
Mazaraat
I would configure only you DC to pull the time, active directory will sync up the other servers and clients. Then if the computers aren't synced create a group policy that points to the DC...though you shouldn't have to.....
Hi Eggster, One thing i would check (I know that this is causing us problems) is that the servers are allowed to out onto the internet on the NTP port (123 by default). If you have a firewall in place, it may be blocking requests to the time source. A lot of places will only allow access out from specific devices (Such as proxy Servers) and usuallu only on specific ports.
One way to test this could be to try and telnet to north-america.pool.ntp.org
C:\>telnet 216.194.70.2 123
When you do this on our network you get :
C:\>telnet 216.194.70.2 123
Connecting To 216.194.70.2...Could not open connection to the host, on port 123: Connect failed
Because port 123 is not allowed out of our firewall.
Give this a try and see what happens....
P.S I think that IP address is right, I just resolved the domain name you provided in your question.
One way to test this could be to try and telnet to north-america.pool.ntp.org
C:\>telnet 216.194.70.2 123
When you do this on our network you get :
C:\>telnet 216.194.70.2 123
Connecting To 216.194.70.2...Could not open connection to the host, on port 123: Connect failed
Because port 123 is not allowed out of our firewall.
Give this a try and see what happens....
P.S I think that IP address is right, I just resolved the domain name you provided in your question.
Well, there's a few things that spring to mind....
Have you got port 123 (UDP) open on your firewall? See http://support.microsoft.com/?kbid=832017 for ports that are used for services etc. (really useful document in any case)
Are there any errors in your event logs?
What happens when you run the command "net time /set"?
If you run "gpresult /v", does it show the GPO being applied?
Have you got port 123 (UDP) open on your firewall? See http://support.microsoft.com/?kbid=832017 for ports that are used for services etc. (really useful document in any case)
Are there any errors in your event logs?
What happens when you run the command "net time /set"?
If you run "gpresult /v", does it show the GPO being applied?
ASKER
I think it's a server problem.
I cannot telnet to port 123 on these servers from anywhere.. even from machines that don't have any firewalls..
would you suggest another ntp server that I can use in this casE?
when I do gpresult /v , I see that the gpo is applied to my machine.
when I do net time /set it asks me if I want to set my time to that of my domain controller and when I say it does.. but I shouldn't have to do this manually on every computer..
I cannot telnet to port 123 on these servers from anywhere.. even from machines that don't have any firewalls..
would you suggest another ntp server that I can use in this casE?
when I do gpresult /v , I see that the gpo is applied to my machine.
when I do net time /set it asks me if I want to set my time to that of my domain controller and when I say it does.. but I shouldn't have to do this manually on every computer..
ASKER
hello?!?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
when I type net time /set
it says could not find a time server.
it says could not find a time server.
net time \\yourDCservername /set
ASKER
Mazaraat, even that didn't work.. there was another policy that was preventing me from updating from my DC. which was the primary reason everything was failing. thanks a lot.