Solved: Network connections dropping

Create Account

Windows Server 2003

Questions

Followers

Top Experts

rlah

Network connections dropping

2 PCs (out of several) are dropping intra-network connections and require rebooting.
I've looked at other threads on this here but can't seem to find a fit to our problem.

We have WinServer2003 running and several (~8 PCs) running in a small business office. Only 2 PCs are having this problem, including mine. We have a consultant I could call in but I thought to try Experts-Exchange first. I have some PC knowledge ...
The Event Viewer for System is showing several warnings like this:
Error      7/25/2008      7:05:25 AM      W32Time      None      29      N/A      CFI02
Warning      7/25/2008      7:05:25 AM      W32Time      None      14      N/A      CFI02
And this:
Warning      7/25/2008      11:46:26 AM      LsaSrv      SPNEGO (Negotiator)       40960      N/A      CFI02
And this:
Error      7/25/2008      8:03:42 PM      Netlogon      None      5719      N/A      CFI02

But figuring out why these happen and only on 2 of several connected PCs on our domain is a mystery. We bought about 5 new Lenovos about 8 months ago ... these 2 problem PCs are from this group. The other new ones and the old ones don't seem to have the problem.

I just updated our WinServer2003 to Service Pack 2 because I figured someone would say I should do this first... but it did not solve the problem -- I had to reboot my PC this morning as I do every morning (and evening).

This problem was sporadic for awhile ... seemed related to when MS-auto updates would happen. But now it's gone on long enough -- maybe 2 months straight. And the boss's PC is the other PC that has to reboot like mine -- bad luck. So I've got to get a solution going. Any clues to this problem?

rlah

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

giltjr🇺🇸

I would check/replace all patch cables related to the two computers connections.

Do you have managed switches? If so check the logs to see if they have any errors.

If you disable MS auto updates, do you still have the problem?

Do you have a personal firewall installed and enabled?

rlah

ASKER

I doubt that it's the patch cable since the older machines that were replaced did not have this problem. I'll try to check this sometime.
"Managed switch"... we have an HP Procurve switch 2124 a 24 port switch. I'm not sure if it's managed and I don't know how to check the logs for this.
We have a Cisco Pix 501 Firewall box hooked to our system... I don't know much about it.
I turned off Windows Firewall on my PC a few weeks ago so I could share an external USB HD... but this made no difference in this particular problem. I had to reboot regularly before and after this.
I'm running Windows Defender on my PC. I got tired of our corporate Norton AV causing too many bog-downs when it's scan wanted to run. The boss is running a stock WinXP Pro SP2 setup with his newer machine.

rlah

giltjr🇺🇸

Are you the tech person?

First, I have seen a few patch cables that worked fine until a new PC was installed or even when a PC was slightly moved physically. A small fault in the cable could be undetectable until the cable is bent in a specific position.

The 2124 is a unmanaged switch, so no logs, no checking of anything dealing with it. This is one reason I personally don't like unmanaged switches. Yes they are cheap, but if you think there is a problem with the switch, your only recourse is to replace it.

The PIX really should not come into play, unless all the traffic problems involve a host that is NOT on your network.

When the problem occurs have you tried ping'ing other hosts.

Better yet, exactly what do you mean by dropping connections? Do you mean you can no longer access network resource on your network?

The Netlogon 5719 seems to indicate that you do not have enough memory to allow for a secure login to your DC. Does the new PC have less RAM and/or a smaller swap file?

There also seems to be a known issue with e Patchclink (GravitixService) that eats up memory and causes the netlogon 5719. Are you using this?

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

rlah

ASKER

I'm the (mostly) tech person here ... but I did not do this server installation - our consultant did. The boss dabbles with the cabling on a limited basis.
We'll check into the cabling issue... good point. But it would seem odd that cabling would cause a repeatable intra-network connection drop 8-10 hours after a cold boot. The Internet is still available.

Dropped connections: I reboot first thing each morning (~ 7:00am) because it practically does not respond to much that I try to do. The Internet connection isn't dead but Windows Explorer is mostly dead.... Then about 4:00 to 4:30 pm each day, my business app, where data resides on the server, starts getting sluggish but not dead (yet). Internet use is still fine. Other apps running locally are fine. At this point, I do another reboot before I leave for the day because I have evening automatic network backups running on my PC that are critical and I know they will not complete unless I reboot. I have watched the backup log files (Karenware Replicator) and can tell it takes about 8+ hours before the intra-network connection begins to have the problem. I used to run the backups in the wee hours but now I run them around from 7pm to 10pm.

I have tried pinging our own website address after the connection degrades and I recall it pinged OK.

My Lenovo PC has 2GB of ram - I would think plenty... the boss has 1GB. My Page File is set at 1.5GB - 3GB. I'll watch where the Page File usage is when the problem starts this afternoon.

Don't have Patchlink Gravitixservice running on my computer... I've been using Process Explorer to try to analyze what's running and don't see this.

giltjr🇺🇸

It sounds like its not all traffic, but traffic related to a specific server. Is that correct?

Just to make sure, everybody in the office uses this application/server, right?

What you may want to do is when you start having the problem is using something like wireshark (http://www.wireshark.org) to do a packet capture. If possible from both your PC and the server where the application is running.

rlah

ASKER

Specific server - yes -> our WinServer2003 server. I have another connection to an Apple graphic server that does not go down. I use it for graphic work... no problems.
Yes, all people here are using this same WinServer2003 server... the same business app. But only 2 of 5 are having this problem. Most are using the same newer model Lenovo PCs.

I'll get back on the wireshark packet capture... I'll have to see what's involved. Thx.

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

giltjr🇺🇸

O.K., if it is a specific server, then it has nothing to do with your network connection. The physical level has no clue about traffic.

My guess is that it has to do with the software that is used to access the application/server or possibly other applications/functions that are loaded on your and your boss' PC and may not be on the others.

What all functions are performed on the server? Can you use those functions without problems, say like file sharing?

What happens if you attempt to ping the server when you are having problems?

Do you notice the hard drive light flashing on your PC when this is occurring?

rlah

ASKER

It's 4:00pm today and the business app started to hesitate when I clicked on a menu item... so I decided to attempt "ping the server" as requested. I went to the server and looked up it's IP address, then went back to my PC. Here's the command prompt box output:
U:\>ping 172.30.1.6
Pinging 172.30.1.6 with 32 bytes of data:
Reply from 172.30.1.6: bytes=32 time<1ms TTL=128
Reply from 172.30.1.6: bytes=32 time<1ms TTL=128
Reply from 172.30.1.6: bytes=32 time<1ms TTL=128
Reply from 172.30.1.6: bytes=32 time<1ms TTL=128
Ping statistics for 172.30.1.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
- - - - - -
So pinging appears to be working... BTW, my current IP is 172.30.1.248.
Hope this adds a clue to this puzzle... I'm going to reboot my PC as usual.
I have attached a screen shot of my current Event Viewer with today's Events.
--Event-Viewer-01.GIF

giltjr🇺🇸

O.K there are no events in the event log that occurred during the same time period as your problem.

You may want to look at the other logs and see if they have any. You may also want to look at the server's events logs to see if it is showing anything. If the application has its own logs, you should check it out.

The ping times show that it is not a network connectivity issue. This leads me to an application issue, either with the server side or the client side. Depending on your level of technical knowledge you may want to try and get a packet capture of the traffic between your computer and the server. See if the last packet is from you to the server or from the server to you.

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

rlah

ASKER

Maybe this confirms your assessment but I tried pinging the server IP this morning before I rebooted and got the following Command Prompt results:
- - - - - - - - -
U:\>ping 172.30.1.6
The current directory is invalid.
U:\>c:
C:\>ping 172.30.1.6
Pinging 172.30.1.6 with 32 bytes of data:
Reply from 172.30.1.6: bytes=32 time<1ms TTL=128
Reply from 172.30.1.6: bytes=32 time<1ms TTL=128
Reply from 172.30.1.6: bytes=32 time<1ms TTL=128
Reply from 172.30.1.6: bytes=32 time<1ms TTL=128
Ping statistics for 172.30.1.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
- - - - - - - - - -
Is your assessment still the same -- that it's an application issue?

giltjr🇺🇸

In both instances you sent 4 pings and got 4 requests all in less that 1 ms. If it was a network issue, normally, you would either see longer response times or missing responses. You saw the same exact results in both situations.

So, yes, right now I am still thinking it is related to the application or something else that is unique to your and your boss' PC's. Such as anti-virus scanning running at 4PM instead of 4AM, or the clock on your PC's are off by 12 hours and when your PC thinks it is 4AM it is really 4PM.

When you have the problems is the hard drive light on your PC flashing a lot? If you bring up task manager, is anything using a lot of CPU?

rlah

ASKER

Nothing is moving - hard drive is silent, PF usage is minimal. AV isn't running... But it is *very* sluggish... even bringing up Notepad took maybe 45 seconds to startup this morning. This is similar to when Norton AV used to take over with it's scan... but it's not running now, neither is Windows Defender. Again, no AV is running. But Windows Explorer is almost dead... you saw above the U: network drive was gone - "current directory is invalid". My network drives are gone...
It's interesting to me that I can ping the server but my network drives Q:, S:, and U: that are located on on the server WinServer2003 are gone. I think this is the source of my problem... but I don't see how applications other than a pesky AV or virus/malware/etc could be causing the network drive loss... That's where I hoped Process Explorer might give me a clue.
Should I still be looking at wireshark packet analysis ... or elsewhere?

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

giltjr🇺🇸

Since your PC seems to be generally slow, I would doubt that it is a network issue. However, if you have a network drive in your listed in your path before some of your local system directories and you can get to the network drives it will slow your PC down. Notepad is in c:\windows (by default the windows system directory name), if you have:

PATH=Q:\;S:\;U:\;C:\Windows

and you could not get to Q, S, or U, then notepad would open up slowly. However if you had what should be the norm:

PATH=C:\Windows;Q:\;S:\;U:\

Then notepad would open up right away if you had network only issues. So if you have a path statement like the second one and notepad is taking a long time to open, then most likely you have a non-network issue with your PC.

You may want to issue the command "net use" to see the status of all mapped network resources.

They may show disconnected, which is not necessarly a bad thing.

If they show disconnected, I would startup wireshark and start a packet capture. Then do a dir against one of your mapped drives. Then stop the trace.

Now generically what you should see is some netbios type packets going between your PC and the server.

rlah

ASKER

Here's the Command Prompt outputs:
- - - - - - - - - begin clip
U:\>path
PATH=C:\PVSW\BIN;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Prog
ram Files\QuickTime\QTSystem\
U:\>net use
New connections will be remembered.
Status Local Remote Network
-------------------------------------------------------------------------------
OK Q: \\cfserver01\Applications Microsoft Windows Network
OK S: \\cfserver01\share Microsoft Windows Network
OK U: \\cfserver01\users\ron Microsoft Windows Network
Disconnected W: \\Gary-gobles-com\CFI backup 2
Microsoft Windows Network
Disconnected LPT3 \\four\print Microsoft Windows Network
The command completed successfully.
- - - - - - - - - - - - end clip
The W: drive is the mapped drive to an Apple Mac drive for graphics storage... no problems with it.

Since the WinServer2003 mapped drives show "OK", should I still do the wireshark thing?

giltjr🇺🇸

Wireshark still may be a good tool to use.

What you will want to do is run a trace from your computer when the application is running fine. Then run a trace when it is having problems.

You only need to do a few transactions in each case.

What you want to look at is normal flow vs. performance issue flow. Things like the time between your computer sending out a request and getting back a response. If during the performance issue time you see your computer making a request and it taking a long time to come back, then it is a issue on the server most likely. However if you see responses come back fast, then it may be a performance issue on your local computer.

If possible you may want to have Wireshark positioned on your desktop so you can see it as it records the packets it captures. This way you can see if it is a long time between you pushing the button to perform a transaction and when wireshark says the packet went out.

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

ChiefIT🇺🇸

All of these errors could mean your clients and DC are out of time synchronization. Definately your time errors.

Compare your DC's time with the client's time. When out of synchronization (of time), they may show all of these issues.

At the command prompt of the problem child computers, type W32time /resync

rlah

ASKER

ChiefIT... I did this immediately because I wonder that it is a time sync issue. Here's the output:
- - - - - - - - - - - - begin clip
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
U:\>W32time /resync
'W32time' is not recognized as an internal or external command,
operable program or batch file.
U:\>c:
C:\>W32time /resync
'W32time' is not recognized as an internal or external command,
operable program or batch file.
- - - - - - - - - - - end clip

Not sure how how to get W32time working... I notice a w32time.dll file in the Windows\system32 folder...

ChiefIT🇺🇸

Oops, I had the syntax wrong. My memory isn't what it use to be. (Think I have oldtimers)
It is actually w32tm /resync
http://support.microsoft.com/kb/875424

This is the way I set up domain time. I use an authoritative time server.
https://www.experts-exchange.com/questions/22799695/How-do-I-synchronize-two-servers.html

I hope this helps.

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

rlah

ASKER

ChiefIT: Here's the output from this corrected command:
- - - - - - - - start clip
C:\>w32tm /resync
Sending resync command to local computer...
The computer did not resync because no time data was available.
C:\>
- - - - - - - - end clip
I'm not sure what this message means. This is kind of what I thought I'd find... a glitch in the time sync thing... I just checked both our WinServer2003 and my PC and they seem within about 1 minute of each other but about 10 minutes off of "atomic" time. So I should look into the other thread on "authoritative time server", right?

ChiefIT🇺🇸

You are using atomic time. So, I believe that syncs to an outside server. You might make sure the flags are up. That is found on the second link for an authoritative time server.

giltjr🇺🇸

IIRC this means that your computer could not find a time server on the network. Either a NETBIOS time server or a SNTP server if you have one configured.

What do you get if you enter the command:

net time
net time /querysntp

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

rlah

ASKER

giltjr: Here's the command output
- -- - - - - - - start clip
C:\>net time
Current time at \\CFSERVER01 is 8/4/2008 11:37 AM
The command completed successfully.
C:\>net time /querysntp
The current SNTP value is: time.windows.com,0x1
The command completed successfully.
- - - - - - - - - end clip

giltjr🇺🇸

ChiefIT might be on to something with the time difference.

I am not 100% sure how Windows does its time sync as I have never taken the time to read up on it. We do not code a SNTP server, we use NETBIOS time service from our AD Domain Controllers.

So you could have a time issue because the computer might be trying to set it time from both the NETBIOS time servers and the SNTP server. Although your DC' s might be in sync, they are 10 minutes off from the SNTP server. This will could a 10 minute time difference between the DC's and your computer if your computer uses the SNTP server.

IIRC Windows allows up to a 5 minute time difference, if there is more than 5 minutes, weird things start to happen.

ChiefIT🇺🇸

OK, so you can set your PDCe using Atomic Clock Sync (Instead of Symmtime), then pass that down to your clients using the authoritative time server function.

http://www.worldtimeserver.com/atomic-clock/

Setting up an authoritative time server by setting the serers time flags:
https://www.experts-exchange.com/questions/22799695/How-do-I-synchronize-two-servers.html

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

rlah

ASKER

ChiefIT: I've looked at most of your references... and downloaded the free Atomic Clock Sync utility.
But it seems to me that I need to have our network IT consultant come in and review this. The KB 816042 article is rather involved and I don't feel comfortable enough to fiddle with our server that deep. (unless I can be shown otherwise...)
Hopefully I can get him in here in the next week... I feel this possible solution is likely the one we're looking for.

ChiefIT🇺🇸

Synching with an outside server is done with atomic clock synch. So, all you will have to do on that "convoluted" mess of a KB article is raise the flags as a time server.

In other words. Once Atomic clock Sync, synchronizes your PDC master's clock, then all you have to do is this from that KB article:

To configure the PDC master without using an external time source, change the announce flag on the PDC master. The PDC master is the server that holds the forest root PDC master role for the domain. This configuration forces the PDC master to announce itself as a reliable time source and uses the built-in complementary metal oxide semiconductor (CMOS) clock. To configure the PDC master by using an internal hardware clock, follow these steps:1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
3. In the right pane, right-click AnnounceFlags, and then click Modify.
4. In Edit DWORD Value, type A in the Value data box, and then click OK.
5. Quit Registry Editor.
6. At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
net stop w32time && net start w32time

rlah

ASKER

1) So I copy the atomic.exe utility to the WinServer2003 machine, run the program manually on it to "synchronize the PDC master's clock". Correct?
Question: do I run this periodically manually or should I try to get some automatic way to do it on the server?

2) "The PDC master is the server that holds the forest root PDC master role for the domain. " So this would be our one and only server... correct? (we don't have a forest or multiple Windows servers.)

3) And so steps 1. thru 6. are done on the server... correct?

4) And therefore, nothing is done on the clients machines like my PC... correct?

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

giltjr🇺🇸

When you issued the net time command, was that from your server, or a desktop?

If from a desktop, then I would suggest you change the desktop configuration and remove the sntp definition on it. Just issue the command:

net time /querysntp

rlah

ASKER

giltjr:
All the commands you requested me to run were from my (client) PC.
I notice you had me issue that same command previously. So perhaps you are saying to issue this command again *after* I do the work ChiefIT outlined on the server?

ChiefIT🇺🇸

1) I am not familiar with Atomic Clock, but Symmtime goes to a list of public or gov time servers and synchronizes your PDCe clock with an outside server automatically. Configuration is very easy, just right click on the clock and select from a list of time servers, then click synchronize now. Do this once and you are set.

2) "The PDC master is the server that holds the forest root PDC master role for the domain. "
Sorry that was a slip> Traditionally we had a PDC and a BDC. Now we have a PDCe (emulator) and other DCs. The difference between the emulator and other DCs is the emulator holds the FSMO roles. In this case, your one and only server. When you see someone talking about PDC and BDC, they either don't have knowledge that they are all now Domain Controllers, or they are old-school network administrators who just can't break the habbit.

3) And so steps 1. thru 6. are done on the server... correct?
Yes, steps 1-6 on the domain server. The flags are to tell all nodes on your network that it is the time server for your network.

4) And therefore, nothing is done on the clients machines like my PC... correct?
Yes, flag raising is only for the domain server.

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

giltjr🇺🇸

Opps,

I meant you need to enter:

net time /setsntp

this will remove the sntp server setting from your PC and so you will not attempt to set your time from an outside time source, you will only attempt to set it with your domain controller.

rlah

ASKER

ChiefIT:
Before I start this procedure (steps 1-6), is it reversible? Do I make notes of the server's registry settings and just reverse them if I want to?

ChiefIT🇺🇸

Sure:

But, I doubt you will want to go back. There really is nothing better than to have your PDCe synchronize your whole network.

If you want to reverse the process, you could uninstall symmtime (if you elected to install it), and just reverse this reg key back to the original setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
3. In the right pane, right-click AnnounceFlags, and then click Modify.
4. In Edit DWORD Value, type A in the Value data box, and then click OK.

If you would feel more comfortable, I can show you a list of people that used this method and really liked it.

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

ChiefIT🇺🇸

In fact, here are just a few:

Symmtime was created by Symetricom. They are a time server manufacturer of atomic clocks and GPS time servers, of which I have two of them. I use Symtime to synch my PDCe with my time server. Then, my PDCe is my authoritative time server. What I did is adjusted the phase to be within 5 seconds of my PDCe. The reason I need such accuracy is because we have sensors that spit out serial data. The data is processed as a complete unit based upon a time stamp. So, time is very, very important to my application.

For your domain to work right, I think you need to be within 5 minutes of the Server at all times. And, of course, it helps if your server is synchronized with the outside world.

Here are a few folks that have found Symmtime useful.

This person used Atomic Clock at one time:
https://www.experts-exchange.com/questions/23022137/Setting-domain-to-sync-with-internet-time.html

Here is another post that enjoyed Symmtime:
https://www.experts-exchange.com/questions/23176154/Time-synchronization.html

I think you have seen this article:
https://www.experts-exchange.com/questions/22799695/How-do-I-synchronize-two-servers.html

ChiefIT🇺🇸

Rlah:

I haven't heard from you in a few days. How did we make out?

rlah

ASKER

I'm trying to see if I have time this weekend to do this procedure... thx for the followup.

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

rlah

ASKER

I came in over the weekend... and am frustrated.
1) Neither LMCheck (Symmtime) nor Atomic Clock seemed to do what I thought they were supposed to do:
a) Symmtime only downloaded LMCheck.exe which only scans all clients for the time differences. I did not see any features to do what you say "Symmtime" was supposed to do. Unless I am supposed to purchase some other software from them but I thought you said this was free download.
b) Atomic Clock just showed me a screen of what my server's time was and a little more information... I did not see a feature to synchronize with an external clock source. I could set the Synchronization Interval... There was a "Repair Service" tab so I did the 5 steps to "repair" things but got an error message.

So... I thought to manually adjust the server's clock to within 1 minute of the correct world time... it was maybe 10 minutes fast.

Then... I thought to go thru the 6 steps on the server. The DWORD was already set to "a", but not "A" and did not change it. Should I change it to "A"?

I don't understand why synchronizing the server's clock seems so complicated... I recall seeing the ability in Windows to synchronize your PC's clock with a choice of several outside time services but I don't see that feature anymore. I suppose it's part of the "dumb down" for users. Anyway, I would appreciate a clear path to get this synchronation to work.

giltjr🇺🇸

What I would suggest, and I think I did this once, is:

1) Remove the SNTP setting on all desktop PC's.
2) Setup your DC to point to a SNTP server.
3) Let your desktops use NETBIOS to sync their time with your DC.

The important step is #1. Even if your DC does not sync its time with a SNTP server, you don't want your desktops sync'ing with an outside clock. All desktops should sync with your DC's. Even if your DC's have the wrong time, you want everybody to have the "same wrong time".

rlah

ASKER

giltjr:
Can you give the step-by-step in simple detailed instructions... you're beyond my understanding. I don't know how to do what you say... Thx for the early feedback and I'll consider doing this. But I would like to see ChiefIT's response to my troubles before I proceed with yours.

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

giltjr🇺🇸

To remove the SNTP server from your desktops issue the command:

net time /setsntp

This will remove the sntp server from the desktop. Then on your DC issue the command:

net time /setsntp:x.x.x.x

where x.x.x.x is either the IP address or host name of the sntp server you wish to sync your time with.

That should be it.

ASKER CERTIFIED SOLUTION

ChiefIT🇺🇸

membership

Signing up is free and takes 30 seconds. No credit card required.

Create Account

rlah

ASKER

ChiefIT:
Thx for the better info on SymmTime. The link you gave this time worked and I've downloaded what appears to be the proper program now.
One question still unanswered is the registry edit question -- "a" vs. "A" for the DWORD - see my Sunday post... the DWORD was already set to "a". Should it be changed to "A"?
When I get this answered, I'll start again to get this going.

rlah

ASKER

ChiefIT:
I did the SymmTime thing and have it running on the server now. It's now running in the system tray and I set it to sync with time server every 60 minutes.

==>> But I still want your response on the DWORD question above before I change it.

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

ChiefIT🇺🇸

LOL, I thought I replied to that question. I must not have hit submit. I am getting see-nile in my older age, I guess.

I think I would change it to big "A". Really, I don't think it matters much. But, I like following what works.

ChiefIT🇺🇸

once done,

Montior it with Domain time monitor. (you know the other utility you downloaded). I was going to recommend that to you. So, it's good you downloaded it.

Remember, in the article, it talks about phase differencial. The phase settings tell how far a client will be out of synch prior to synching up to the server. You can adjust that to anything you like. For me, it is withing 5 seconds.

The reason I set mine so closely is because I have computers that collect data off of weather sensors and transducers. They put a time stamp on the serial data that I have. Then, that data is shared and has to be spot on, or the data set will not match up right. I also synch up to gps time using symmtime, just like you are. So, I rely heavily upon Symmtime and symmetricom's time servers.

For you, It is recommended that your clients synchronize so they NEVER are 10 minutes either way of the server. "Or is that five for client/server interaction"?

rlah

ASKER

ChiefIT:
The 6 steps are now completed. I'm anxious to see if it solves my problem and so I don't have to reboot my PC this afternoon or about 9 hours after I rebooted early this morning. I'll also do the LMCheck thing to monitor how the clients are doing.
I'm not sure why the clients would be even more than a few seconds off the WinServer's time if they are *automatically* synchronized with the server... (?)

I don't want to pit 2 experts against each other but could you comment on giltjr's procedure (ID: 22249099 above) about the SNTP server stuff net time /setsntp commands? I would expect to do them if your procedure does not solve my problem.

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

ChiefIT🇺🇸

SNTP is an older protocol used by 2000 server and prior. 2003 server no uses NTP (Network Time Protocol). NTP is compatible with SNTP clients. However, SNTP is not forwords compatible with NTP. So, if you have a server that is set to provide SNTP, your clients may/may not synchronize. Disabling SNTP defaults the server to NTP (its default configuration). I believe this is what qiltjr is trying to do for you. So,

I do agree with what qiltjr is trying to do. But, I don't think it is necessary because a 2003 server defaults to NTP and I don't beleive you configured it any differently. It doesn't matter if the clients are NTP or SNTP, they will still synchronize up as long as the server is NTP.

Now here is an article that explains SNTP, NTP, the anouncement flags we just set, and how the time service works.

http://www.mmmug.co.uk/files/216/download.aspx

See, this has always been my understanding of the process. I may be incorrect. I would like to here qiltjr's thoughts on this.

BTW, two experts often have differences of opinions. It is par for the course. There are soooo many ways to configure things to your liking that you often find different ways to do things that you may/may not have ever considered. So, differences of opinions often makes me a better administrator, and I always look forward to them.

SOLUTION

giltjr🇺🇸

membership

Signing up is free and takes 30 seconds. No credit card required.

Create Account

ChiefIT🇺🇸

OHHH,

In that case, I definately agree with resetting the SNTP connection, you don't want the client going about doing its own business and getting time from an outside source instead of the server. The flags only do so much. If the client machine is hard coded to an outside server, then "things are not the same throughout the domain".

rlah

ASKER

Ok... I had to reboot at 3:15pm today - same problem as before.
However, 15 minutes after rebooting, I looked at the Event Viewer --> Event ID 35: "The time service is now synchronizing the system time with the time source CFSERVER01.customforms.com (ntp.d|172.30.1.248:123->172.30.1.5:123)." I notice my PC clock is < 1 sec of "atomic time".
I don't know if this is a positive sign... I'll wait until later tonight or in the morning to see what's going on and then probably do the "net time" commands on my client PC - I think I'll need to logon as an admin in order to be able to do these commands.

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

giltjr🇺🇸

Did you remove the sntp timer from your desktop?

net time /querysntp

Although your server and your desktop are now both getting their time externally, you really want your desktops to sync with your DC's.

rlah

ASKER

For the first time in a long time, I did not have to reboot my computer in the morning - yehh!. So something made the main problem go away. It must have been the DWORD change from "a" to "A" on the server or the combination of this and SymmTime. Whatever the reason, the main problem (network connections failing) that caused me to start this thread and join Experts-Exhange) seems to be solved.

I have not yet done the "net time" commands. And the current SNTP value on my PC is: time.windows.com,0x1
But I ran across another article that suggests this command is not necessary (oBdA's last response):
https://www.experts-exchange.com/questions/23243107/Chaning-Time-server-to-sync-domain-memeber-PC-with-domain-controller.html

Even so, I plan to issue the "net time /setsntp" command soon but I ran across an article that describes perhaps another way to do this client time sync process...
http://technet.microsoft.com/en-us/library/cc758905.aspx
(command line: "w32tm /config /syncfromflags:domhier /update")

Any comments at this point?

ChiefIT🇺🇸

That's excellent news:

I like that command line...never used it myself. Usually setting the flags makes life nice, but your clients were told to go to an outside time source. I don't often see that when troubleshooting other's domain time problems.

So, I am thinking that qiltjr had some good advice. Keep in mind his query to determine what time source these clients are going to that will be a handy tool if your clients get too far out of wack. Also use that utility that monitors the entire domain, called "time synchronization check"

Monitor this for a couple days and let us know how things go. I will be flying today, so will not be able to respond.

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

rlah

ASKER

Hmmm... I may have spoken too quick. I had to reboot my PC just before noon since the network drive was starting to go flakey ... again. But this was the first time I had to reboot in about 20 hours. Usually I had to reboot within 10 hours before.

So I rebooted the computer, logged in as admin, issued the command "net time /setsntp". So this PC is no longer going to some other time source now.

I'll report back in a day or so to see what happens. And in hte mean time I'll try to watch the time synchronization check on the server.

rlah

ASKER

Trouble...
My Event Viewer is showing more problems this afternoon after I rebooted:
1) 1:35:56 PM, Warning: W32Time, Event ID: 14: "The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 120 minutes."
2) 1:35:56 PM, Error: W32Time, Event ID: 29; "The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 239 minutes. NtpClient has no source of accurate time. "

Something is not working.

giltjr: Maybe I should do your suggested command on the server (ID 22249099):
net time /setsntp:x.x.x.x
where x.x.x.x is either the IP address or host name of the sntp server you wish to sync your time with.

ChiefIT: the utility to check time synchronization on the server showed my PC with something like 140 milliseconds difference... rather close. So my PC appears to be in time sync.

Although my computer's network drives are still functional, I doubt they will last. Why these Event messages?

giltjr🇺🇸

Which computer are you seeing the events on? The DC or your PC?

If your domain controllers are running sntp or ntp services, then you could issue the command on your computer and point to your DC.

If you were planning to issue the net time /setsntp:x.x.x.x command on your DC, don't. This is in effect doing what the utility ChiefIT gave you does. You really don't want two things on the DC attempting to sync time at the same time.

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

rlah

ASKER

The Events described are on my client PC... the one that is having the problem of dropped network drive connections.

I won't do the "net time /setsntp:x.x.x.x" on the server... it makes sense that it might conflict with the SymmTime utility. I'll have to track down the exact IP for the server so I might issue the command on my client PC.

rlah

ASKER

More trouble... in the AM.
My PC needed to be rebooted, then I couldn't logon even as Administrator. OK, go to the server... hmmm the AD is giving the following error message:
"Naming information cannot be located for the following reason: The server is not operational."

Ouch. OK, reboot the server. Everything went OK on the reboot and the AD is now operational again. But this is the first time in over 4 years this has happened on the server.

Any idea why this would happen? (I'm thinking to call in our IT consultant who setup our server...)

ChiefIT🇺🇸

This is beginning to sound like an intermittent networking issue.

Are time errors the only errors you see?

Are these servers multihomed? Multihomed is defined as a server with multiple IP addresses. This could mean dual nics or on nic with multiple IPs.

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

rlah

ASKER

Our IT consultant is coming Monday PM... this one is too serious to let it go any longer. In the mean time, he said to turn off all of our clients, then reboot the server and then let the clients boot-up so the network and have a fresh start.

BTW, what I thought was an improved time sync situation turned out to be false... I am still getting the same W32Time errors in the event log as reported earlier... also the Netlogon errors are still showing up. And my client's mapped network drives are still dropping causing me to have to reboot periodically.
:-(
(I'll report back after Monday's meeting)

rlah

ASKER

giltjr:
My IT consultant found my client wasn't going to the server for the DNS thing but to an outside address, actually our ISP's address. It is a mystery how it could be working except that there is some ghost DNS server inside here. He set my client to force it to go to our server's IP address and now my client seems to be running better. It booted up much faster than before. I'll know more after 8-10 hours from now.

So I think giltjr was right in his judgment that there was an "intermittent networking issue". I'll report more results within a day.

rlah

ASKER

So far my client PC is running *much* better after the visit from my IT consultant. Although it appears my main problem was an inexplicably errant IP address for the DNS (to outside ISP instead of to our inside server) instead of a time synchronization issue, yet I think the time sync process was useful for the long run. I have it running and, now that my network connection is healthy, it appears to be synchronized quite well.

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

giltjr🇺🇸

In some instances Windows will use NETBIOS name lookup broadcasts and/or WINS instead of (or in addition to ) normal IP DSN. My guess is that for some function it was using one of these two methods.

Windows Server 2003

Questions

Followers

Top Experts

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).