Change time server to another (No internet connection)

Posted on 2006-04-21
Last Modified: 2010-04-18

I have an internal closed network with a DC (lets call this one 'PRIMSERV') acting as time server for a few linux servers. This network will never get a connection "to the outside world" and therefor I cannot use any of the known stratum 1 servers. To resolve this issue I recently added another Windows Server 2003 connected to a GPS unit. (We'll call this one 'SECSERV')

Question is: How do I change the time service to the new server?

I have tried to activate the time service on the new server through gpedit.msc, but PRIMSERV (which is also holds the AD) does not synchronize to SECSRV. Not even with 'net time /setsntp:PRIMSERV'  or 'net time PRIMSERV /set /y'

Any ideas?

Regards, Kim
Question by:kramaric
    LVL 4

    Expert Comment


    If your example is correct, you should be using 'net time /setsntp:SECSRV'  - the command you show above just sets it to itself.

    LVL 4

    Expert Comment

    Shouldn't you be using 'net time /setsntp:SECSRV' if you want to the time on PRIMSERV FROM SECSRV

    LVL 3

    Expert Comment

    You may have already checked this, but I ran into a similar issue when trying to synchronize my primary ADC to my primary router using NTP.  I ended up synching my router to a stratum 1 server on the Internet.  I configured my primary ADC to pull its time from the router and further configured it as the NTP server for the domain.

    All the other machines in the domain were configured to use NT5DS (domain heirarchy synchronization).  I had a lot of problems with time being significantly different on several machines in the domain.  I activated a GPO pointing all the machines to the primary ADC using NTP and have had no sync problems since then.

    Also, be aware that if you activate a GPO, you will not see the GPO settings when you type net time /querysntp from a command prompt.  You will get whatever is listed in the machine registry.  Remember that the GPO overrides registry settings on the local machine.  Make sure the GPO is successfully being written to the target machines.

    Author Comment

    Thanks for your input!

    ganongj & Nat c - You are both right. I inadvertently typed the wrong server. I did mean to write what you have suggested.

    isd503 - I do have it set as a GPO. Maybe you can provide answers to a few questions:
    1. How can I be sure that the 'PRIMSERV' is synchronizing against the 'SECSRV'?
    2. The servers are in a live environment and I would really really be Mr unpopular if they need to be rebooted in order to recieve the GPO's. Is reboot neccesary or is there a workaround?

    In the same setup I just noticed that my Red Hat Linux doesn't synch to the right server as well. With ntpq -p it lists both the timeserver and itself (LOCAL). The second line with LOCAL is marked with a *, which looks to me that its using itself as the primary time server.
    Also did a ntptrace which also shows that its using itself as the time server.

    Any clues?
    LVL 4

    Accepted Solution

    Hi Kramaric,

    1. the "net time" command returns the time at the time server and also returns the name of the time server.
    2. there are alot of options to do this type of thing - but check out this guy's gporefresh utility.  Also, check out his utilities to show the time that the last gpo was applied.  
    (3) for Redhat - edit the entry at /etc/ntp.conf to point to the time server of your choice.

    Good luck!


    Author Comment

    Hi Jim,

    Thanks for your input. I'll follow up on that link tomorrow.

    1. Good point. I missed missed that one.
    3.The ntp.conf has entries for both the PRIMSERV and itself as "fudge". No idea what fudge is, but it points to itself ( Someone also told me add the PRIMSERV ip into a ntp file in the ntpd subfolder (Not sure I can remember the correct name for subfolder without looking at it).

    Anyway, I'll be back with a comment when I've checked out the link.

    Best regards,
    LVL 3

    Assisted Solution

    I have a Windows 2003 AD domain so I am answering your question from that perspective.  One article which really helped me get things straight in my environment was this one:

    I would speculate you could perceive your GPS unit as an external time source and sync it with your primary ADC.  The primary ADC is the one which holds the PDC FSMO role:

    I would set the ADC with the PDC role up to sync with the GPS via NTP (if possible), and then sync the other servers to sync with the primary ADC via NTP or NT5DS, whichever one will work with your Linux servers.  I would try to Google syncing a Linux box with Windows 2003 and see what you come up with.

    Let me know if your domain is setup differently and I will try to help you further.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video discusses moving either the default database or any database to a new volume.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now