Solved

Command Prompt reports link to time.windows.com, but still receive error messages

Posted on 2007-04-07
10
1,247 Views
Last Modified: 2012-05-05
SBS 2003 R2 with Windows XP Pros for workstations. Following error and command prompt info:

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 960 minutes. NtpClient has no source of accurate time.

When I run the command: net Time /querysntip, I get back the following:

"The current SNTP value is : time.windows.com 0x1

The Windows Time server is started and is set to automatic.

Do I need UDP-123 port open?

Also, just FYI: Work stations report:

The current SNTP value is: time.nist.gov,0x1 time.windows.com,0x1
0
Comment
Question by:Bert2005
  • 5
  • 4
10 Comments
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 18871238
If you are running ISA you need to open UDP-123.
Also make sure your router is open for that port.
General info here:  http://support.microsoft.com/kb/816042/
If this is a new server, give it a bit of time.
Olaf
0
 
LVL 9

Expert Comment

by:DanKoster
ID: 18871548
FYI - NTP.org has several pool's of servers that you can use.  I always use north-america.pool.ntp.org for my client's servers.  (It automatically rotates between the available public servers in North America.)

It's also recommended that the workstations sync with the sbs server, and let the sbs box sync with a public source.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 18872991
--> olafdc  I followed the knowledgebase article exactly. I was confused on step 4c where it talks about adding the ,0x1 to the end of each DNS name. How do I do that? Also had problems with the MaxPosPhase Correction and MaxNeg in 6a and 6e. I had already set the SpecialPollInterval to 3600 seconds (one hour), so I wasn't sure what these two were for unless they were saying to only change if off by a certain amount of seconds.

Damn, I hope I don't have to open port UDP -123. As seen from other posts, I'm clueless as to Command Lines and PDM port openings. I would have a better chance of opening a Naval Port in Oklahoma then 80 or 443.

--> Dan Should I put the amaerica.pool.ntp.org where the article recommends Peer? Why does one have to make so many registry changes to set SBS to check for time. Shouldn't that be a simple process?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:Bert2005
ID: 18873935
OK, I figured out both issues. But, what confuses me is that the error message would infer that the NTP Client was already configured to look for a time source and probably could not due to Port 123 not being open. So, if the client is already looking, then why do all of those registry changes have to be made?
0
 
LVL 9

Accepted Solution

by:
DanKoster earned 500 total points
ID: 18874410
I actually didn't look at the KB when I first read the post, I just assumed it was relevent and gave you the FYI for server name.  Now that I looked at it, I can see your confusion.  Here's another link that has information more relevant to an SBS server.  It really isn't that hard in a typical setup:

http://isainsbs.blogspot.com/2005/01/amys-article-on-time.html

Of course, this assumes you are using ISA.  If you are using some other form of Firewall, it still shouldn't be that complex to change your ntp server in the registry (should be just a single setting) and make sure outbound 123 UDP is allowed.  You shouldn't need inbound allowed unless you want to make your SBS a public NTP server (which I don't recommend).  
0
 
LVL 1

Author Comment

by:Bert2005
ID: 18876960
What is ISA? I know we don't use the SBS firewall. We use the Cisco PIX 501 firewall.
0
 
LVL 9

Expert Comment

by:DanKoster
ID: 18877300
Microsoft Internet Security and Acceleration (ISA) comes with SBS Premium edition and is basically a firewall/router.  
0
 
LVL 1

Author Comment

by:Bert2005
ID: 18877475
Oh, this is SBS Standar edition, and we don't have a firewall on.
0
 
LVL 9

Expert Comment

by:DanKoster
ID: 18915738
So did you get everything figured out?  Even the link I gave you was TMI (too much info) for a standard SBS.  
0
 
LVL 1

Author Comment

by:Bert2005
ID: 18917781
Dan,

Still working on it. I kee thinking I have to undo the changes from the Kb I used before. Plus I still need to open port 123. All of the PCs are pointing toward the server, but the server isn't getting times, so I guess we will be off by microseconds for awhile.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS 2008 Standard Replacement Options! 16 63
SBS 2008 DNS server suddenly stops working.... any ideas? 9 63
RAID Configuration 18 50
Migrating from SBS - cont 17 80
Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question