My exchange servers and domain controllers are not keeping time

The GPO with the net time \\PDC /y for the clients is work perfectly.  However my other controllers and exchange servers are not keeping time.  Should I code in the registry for each non PDC controller and exchange server for NTP server to my PDC.  My PDC pulls from an Symetricon Hardware clock.  What registry codes should I make?  I wasn't sure if it is automatically pulls from the PDC - or to be safe should I hard code the registry to pull from the PDC w32time server, paramaters...ntp server...
susantincherAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SteveH_UKCommented:
Have a look at this article: http://blogs.bdnet.co.uk/steve/archive/2008/01/06/The-Windows-Time-Service.aspx.

You need to configure the Windows Time Service on the root domain's PDC-emulator FSMO role-holder, usually the first DC in the domain.

AD will then sync time with all other servers and clients.

Let me know if you need more help.
0
Mal OsborneAlpha GeekCommented:
Windwos Time service running on  the PDC?
0
SteveH_UKCommented:
Sorry, should have read further.

If your domain is correctly configured, you shouldn't need NET TIME ... at all.

The root domain needs to be configured as authoritative, then all other domains will stay in sync.  However, if they are already more than five minutes out from each other you may need to reset them manually, as Kerberos authentication may fail.

See http://technet2.microsoft.com/windowsserver/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true.

You can use the command:

w32tm /config /reliable:yes

to set the PDC as reliable.

If you've already configured other PDCs to sync time from other sources, you should change them back using:

w32tm /config /syncfromflags:DOMHIER
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

susantincherAuthor Commented:
We are seperated by unreliable wan links and seperate adminstration groups.  Can I keep my domain time off of the domain PDC and not the Forest root domain PDC?

If I understand you, I turn off net time on my controllers and exchange?  
0
SteveH_UKCommented:
Ok.

You can set up separate time synchronisation sources, but if the times on servers differ by more than 5 minutes, Kerberos will start failing, so you need to watch for this.  When Kerberos fails, so will replication and logons, so it is pretty important :)

To setup multiple sources, you need to configure each PDC in each domain as connecting to NTP servers, much the same way as you would for the forest root domain.

All servers and clients should have the Windows Time Service running.  Unless you are using NT4 or Windows 95/98/Me, you do not need the NET TIME command in your scripts, but the Windows Time Service must be running.

If you use the command:

w32tm /config /syncfromflags:MANUAL /manualpeerlist:ntp1.time.com

on your subordinate PDCs, then they'll sync from the Internet NTP servers.

My blog entry describes the /manualpeerlist option more fully.

Also, if your Internet connection is also unreliable then you may be best ignoring the issues around your WAN link and just use normal domain synchronisation.
0
susantincherAuthor Commented:
SteveH UK:  

One more and I think I got it, PDC configurations make sense,  make registry entries on controllers/ervers or just the command you listed.  How can I get access to your blog?   Thanks for you assistance
0
SteveH_UKCommented:
If you go to http://blogs.bdnet.co.uk/steve you should be able to see all my posts and there's a link for an RSS feed.

Glad to help.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SteveH_UKCommented:
Thanks for the points :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.