Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Net Time Command- Another servers name!

Posted on 2008-10-03
7
Medium Priority
?
766 Views
Last Modified: 2012-06-22
Hello!
When I type "net time" on any of my servers, they ALL say:
The current time on Server01 is (actual time).
They all reference Server01, and not themselves with the basic "net time" command.

They all reference the same server, which is part of the domain, and an AD server, but is not the NTP server that is master for the domain. This would be the PDC emulator.

All servers know the reliable time source, and can be confirmed by typing: NET TIME /QUERYSNTP

Why are they referencing:
1. the same server
2. a server that is not themselves
3. the server that is not the PDC emulator?

Hope you can help!
Best- Rick

0
Comment
Question by:rickgiguere
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22639684
the PDC Emulator in the forest root domain  is considered the stratum 2 time source for the forest by default.  This is by design.  Because Kerberos needs time to be accurate, you want all systems in your forest to have time within 20 seconds of each other.  You point out that they are getting time from another DC though.
Other DC's in the forest and PDC Emulators in child domains use W32Time to poll the PDC Emulator in the forest root domain to keep their clocks  synchronized.  Workstations and member servers then poll domain controllers in their domains to synchronize their own clocks.
 
 
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 22640077
GPOs also overwride the time service flag announcements for net time.
0
 

Author Comment

by:rickgiguere
ID: 22640670
These are great and accurate answers.
The PDC Emulator for the domain is called "Server03" (fictitious)
There are 3 DC's, and one of these 3 are across a VPN/WAN connection.
They all participate in the same domain, with no child domains.

When I type "NET TIME" on ANY of the servers, they all answer back with:
"The current time on SERVER 01 is XX:XX:XX" They all reference SERVER 01 instead of referencing their own time.
The server they are referencing is just a regular DC server, not anything special such PDC Emulator, RID, or Infrastructure Master.
Why are they all referencing this particular server, and not showing their own time when issueing the command "NET TIME" with out any additional parameters?
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 8

Expert Comment

by:sstone55423
ID: 22640812
Well, here is the MS article on the topic.  http://support.microsoft.com/kb/816042
I was thinking, if all of the PC's are showing the same source, we should check for GPO's that set it that way.  Or, if there is no PDC Emulator, it may roll to that DC (Server01) for some reason.  (Why not any of the other DC's?)
 Can you use regedit and go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time key and export to a file -- on one of the other DC's, the server01 DC, and a workstation, and we can see how the registry settings are set.  (Either manually, by default, or by policy) to see what they are configured to do.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 22642221
SStone55423 has a really good point. I am still sticking with my first hunch.

I think you may have a GPO that is telling your computers where to go for time and that is overriding the announcement flags. You could check RSOP to see if you have a policy that points your clients/servers to server01.

Truth is, Either of our answers could be right.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 1000 total points
ID: 22726646
"net time" is NT4 based and deprecated. You can still use it to set a time server on the PDC emulator, but that's about all it's good for in an AD domain.
"net time" will query the NetBIOS browser list for *any* DC; it knows exactly *nothing* about the time sync in an AD domain, and even less about AD sites. In other words: the output of "net time" means absolutely nothing.
In addition, "net time /setsntp:..." will do nothing useful on any domain member (except the PDC emulator), either; all domain member use the AD time sync hierarchy (DC sync with the PDC emulator, members with the authenticating DC) *by* *default* and will ignore a manually configured time server.
To find out which DC your machine is currently(!) syncing with, stop and restart the w32time service, then check the event log a bit later; there should be an event stating that the time sync was successful, and which server the machine synced with.
0
 

Author Closing Comment

by:rickgiguere
ID: 31502981
Thank you for all of your help!
The answer from oBdA was exactly the information I could not find anywhere. Many thanks once again!
Rick
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question