obSupport
asked on
Win2k PDC Won't sync with external Time Source
We have a PDC that we're trying to sync to an external time source.
1. It has been setup with: w32tm /config /manualpeerlist:"time-b.ni
2. The server is behind a firewall; however, running the following command: "w32tm /stripchart /computer:time-b.nist.gov /samples:5/dataonly" consistently returns time difference statements similar to: "09:12:43 d:+00.2187338s o:+127.5151578s [ . . . ]", which I take to mean that our PDC IS able to see the external time server, to query it, and to successfully receive time information from it.
3. If the following command is run: " w32tm /resync /rediscover", it will time out with a reply that "The computer did not resync because no time date was available".
4. The Event Log shows the following event each time the w32tm service is restarted:
Event Type: Warning
Event Source: W32Time
Event ID: 12
Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient."
---
What to do so this PDC will actually sync to the external time source? Thanks!
1. It has been setup with: w32tm /config /manualpeerlist:"time-b.ni
2. The server is behind a firewall; however, running the following command: "w32tm /stripchart /computer:time-b.nist.gov /samples:5/dataonly" consistently returns time difference statements similar to: "09:12:43 d:+00.2187338s o:+127.5151578s [ . . . ]", which I take to mean that our PDC IS able to see the external time server, to query it, and to successfully receive time information from it.
3. If the following command is run: " w32tm /resync /rediscover", it will time out with a reply that "The computer did not resync because no time date was available".
4. The Event Log shows the following event each time the w32tm service is restarted:
Event Type: Warning
Event Source: W32Time
Event ID: 12
Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient."
---
What to do so this PDC will actually sync to the external time source? Thanks!
LauraEHunterMVP
Since this is the PDCe for your root domain, you should modify the Registry to point this DC to an external time source, as described here: http://support.microsoft.com/kb/216734
ASKER
I have tried this KB Article; however, we're using Windows 2003 Server, and the article says Windows 2000. In any case, changing the entries doesn't make any visible difference in the outcome. W32tm /stripchart, when run on the pdc, still reliably shows the time difference between the pdc and the external time source, but w32tm /resync /rediscover still responds "The computer did not resync because no time data was available." ?
The subject of your message indicates Win2k, which is Windows 2000. The appropriate Registry entries for 2003 are here: http://support.microsoft.com/kb/816042
ASKER
My apologies for the lack of clarity in the Subject Line - It is a win2003 PDC. I've tried the 2nd article and nothing has changed, i.e.
1. Made Changes per kb-816042
2. Did net stop & start for w32time (Event Log still records a NTP Time Provider Client error upon w32time service restart)
3. Ran w32tm /stripchart and received time differences without error
4. Ran w32 /resync /rediscover & received "... no time data was available" message
1. Made Changes per kb-816042
2. Did net stop & start for w32time (Event Log still records a NTP Time Provider Client error upon w32time service restart)
3. Ran w32tm /stripchart and received time differences without error
4. Ran w32 /resync /rediscover & received "... no time data was available" message
Are you saying that you made the changes in KB 816042 and you are still receiving Event 12 in the application log? I would double-check the values that you entered in the registry keys referenced in the KB, particularly the format of the external time server - it needs to read server.domain.dom,0x1 or else the changes will not take effect.
ASKER
I've checked ALL entries agains Microsoft Tech Site instructions. Below is the actual registry entry for Parameters setting in the Registry for the NtpServer Key, as cut/pasted is:
time-b.nist.gov,0x1 time.nist.gov,0x1
Other computers in the domain are correctly sync'ing to this PDC, but all that I've done so far has made no difference in having this PDC synchronize to the external time server(s) specified above.
>> w32tm /stripchart works flawlessly
>> w32tm /resync always responds with "The computer did not resync because no time data was available".
My assumption is that if the stripchart option works, then a manual w32tm /resync should also work, but it doesn't.
time-b.nist.gov,0x1 time.nist.gov,0x1
Other computers in the domain are correctly sync'ing to this PDC, but all that I've done so far has made no difference in having this PDC synchronize to the external time server(s) specified above.
>> w32tm /stripchart works flawlessly
>> w32tm /resync always responds with "The computer did not resync because no time data was available".
My assumption is that if the stripchart option works, then a manual w32tm /resync should also work, but it doesn't.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help here. I've checked the Group Policies and all 3 of them (per the article at jsifaq.com) were already set at "not configured". Do you know if only one port needs to be opened on the firewall (aka: Port 123) or are there others?
All you need is UDP 123, no other ports. At this point I'd be firing up Network Monitor on your 2003 server and behind/in front of your firewall to show you whether the traffic is being blocked before it enters/leaves your internal network.
ASKER
I'll take a closer look at that - I have enabled Time Service Logging and the logfile is created, but even with a setting of 300 no entries are being made except timestamps when the Time Service is started or stopped; perhaps, that's a clue.
ASKER
I've checked using Net Monitor and here's what is known:
1. Running the command "w32tm /resync /rediscover" does NOT result in any NTP (123) packets being sent or returned and the command eventually times out with: "The computer did not resync because no time data was available.".
2. Running the command "w32tm /stripchart /computer:time-b.nist.gov /period:5 /dataonly /samples:5" command DOES result in 5 packets being sent to time-b.nist.gov and 5 packets (with time data) returned to the local PDC to Port 123, there is no problem sending or receiving Port 123 packet data from/to that PDC.
3. It's apparant that no time synchronization is being initiated by this server's NTP Client to the External Time Source; though, I can compare clock time differences using #2 above.
- I'm letting Netmon run indefinitely to see if any automatic syncs will actually try to send NTP packets out from the PDC, but have my doubts that things are every getting that far.
1. Running the command "w32tm /resync /rediscover" does NOT result in any NTP (123) packets being sent or returned and the command eventually times out with: "The computer did not resync because no time data was available.".
2. Running the command "w32tm /stripchart /computer:time-b.nist.gov /period:5 /dataonly /samples:5" command DOES result in 5 packets being sent to time-b.nist.gov and 5 packets (with time data) returned to the local PDC to Port 123, there is no problem sending or receiving Port 123 packet data from/to that PDC.
3. It's apparant that no time synchronization is being initiated by this server's NTP Client to the External Time Source; though, I can compare clock time differences using #2 above.
- I'm letting Netmon run indefinitely to see if any automatic syncs will actually try to send NTP packets out from the PDC, but have my doubts that things are every getting that far.
ASKER
Hurrah! Problem Fixed. It turned out to be a GPO issue as you pointed to Laura. A higher level GP was overriding the Local one.
Thanks!
Thanks!