[Webinar] Streamline your web hosting managementRegister Today


My exchange servers and domain controllers are not keeping time

Posted on 2008-02-10
Medium Priority
Last Modified: 2008-02-20
The GPO with the net time \\PDC /y for the clients is work perfectly.  However my other controllers and exchange servers are not keeping time.  Should I code in the registry for each non PDC controller and exchange server for NTP server to my PDC.  My PDC pulls from an Symetricon Hardware clock.  What registry codes should I make?  I wasn't sure if it is automatically pulls from the PDC - or to be safe should I hard code the registry to pull from the PDC w32time server, paramaters...ntp server...
Question by:susantincher
  • 5
  • 2
LVL 19

Expert Comment

ID: 20864444
Have a look at this article: http://blogs.bdnet.co.uk/steve/archive/2008/01/06/The-Windows-Time-Service.aspx.

You need to configure the Windows Time Service on the root domain's PDC-emulator FSMO role-holder, usually the first DC in the domain.

AD will then sync time with all other servers and clients.

Let me know if you need more help.
LVL 20

Expert Comment

by:Mal Osborne
ID: 20864452
Windwos Time service running on  the PDC?
LVL 19

Expert Comment

ID: 20864464
Sorry, should have read further.

If your domain is correctly configured, you shouldn't need NET TIME ... at all.

The root domain needs to be configured as authoritative, then all other domains will stay in sync.  However, if they are already more than five minutes out from each other you may need to reset them manually, as Kerberos authentication may fail.

See http://technet2.microsoft.com/windowsserver/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true.

You can use the command:

w32tm /config /reliable:yes

to set the PDC as reliable.

If you've already configured other PDCs to sync time from other sources, you should change them back using:

w32tm /config /syncfromflags:DOMHIER
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.


Author Comment

ID: 20864540
We are seperated by unreliable wan links and seperate adminstration groups.  Can I keep my domain time off of the domain PDC and not the Forest root domain PDC?

If I understand you, I turn off net time on my controllers and exchange?  
LVL 19

Expert Comment

ID: 20864575

You can set up separate time synchronisation sources, but if the times on servers differ by more than 5 minutes, Kerberos will start failing, so you need to watch for this.  When Kerberos fails, so will replication and logons, so it is pretty important :)

To setup multiple sources, you need to configure each PDC in each domain as connecting to NTP servers, much the same way as you would for the forest root domain.

All servers and clients should have the Windows Time Service running.  Unless you are using NT4 or Windows 95/98/Me, you do not need the NET TIME command in your scripts, but the Windows Time Service must be running.

If you use the command:

w32tm /config /syncfromflags:MANUAL /manualpeerlist:ntp1.time.com

on your subordinate PDCs, then they'll sync from the Internet NTP servers.

My blog entry describes the /manualpeerlist option more fully.

Also, if your Internet connection is also unreliable then you may be best ignoring the issues around your WAN link and just use normal domain synchronisation.

Author Comment

ID: 20864619
SteveH UK:  

One more and I think I got it, PDC configurations make sense,  make registry entries on controllers/ervers or just the command you listed.  How can I get access to your blog?   Thanks for you assistance
LVL 19

Accepted Solution

SteveH_UK earned 2000 total points
ID: 20864769
If you go to http://blogs.bdnet.co.uk/steve you should be able to see all my posts and there's a link for an RSS feed.

Glad to help.
LVL 19

Expert Comment

ID: 20868366
Thanks for the points :)

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question