Solved

Net Time Command- Another servers name!

Posted on 2008-10-03
7
763 Views
Last Modified: 2012-06-22
Hello!
When I type "net time" on any of my servers, they ALL say:
The current time on Server01 is (actual time).
They all reference Server01, and not themselves with the basic "net time" command.

They all reference the same server, which is part of the domain, and an AD server, but is not the NTP server that is master for the domain. This would be the PDC emulator.

All servers know the reliable time source, and can be confirmed by typing: NET TIME /QUERYSNTP

Why are they referencing:
1. the same server
2. a server that is not themselves
3. the server that is not the PDC emulator?

Hope you can help!
Best- Rick

0
Comment
Question by:rickgiguere
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22639684
the PDC Emulator in the forest root domain  is considered the stratum 2 time source for the forest by default.  This is by design.  Because Kerberos needs time to be accurate, you want all systems in your forest to have time within 20 seconds of each other.  You point out that they are getting time from another DC though.
Other DC's in the forest and PDC Emulators in child domains use W32Time to poll the PDC Emulator in the forest root domain to keep their clocks  synchronized.  Workstations and member servers then poll domain controllers in their domains to synchronize their own clocks.
 
 
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 22640077
GPOs also overwride the time service flag announcements for net time.
0
 

Author Comment

by:rickgiguere
ID: 22640670
These are great and accurate answers.
The PDC Emulator for the domain is called "Server03" (fictitious)
There are 3 DC's, and one of these 3 are across a VPN/WAN connection.
They all participate in the same domain, with no child domains.

When I type "NET TIME" on ANY of the servers, they all answer back with:
"The current time on SERVER 01 is XX:XX:XX" They all reference SERVER 01 instead of referencing their own time.
The server they are referencing is just a regular DC server, not anything special such PDC Emulator, RID, or Infrastructure Master.
Why are they all referencing this particular server, and not showing their own time when issueing the command "NET TIME" with out any additional parameters?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 8

Expert Comment

by:sstone55423
ID: 22640812
Well, here is the MS article on the topic.  http://support.microsoft.com/kb/816042
I was thinking, if all of the PC's are showing the same source, we should check for GPO's that set it that way.  Or, if there is no PDC Emulator, it may roll to that DC (Server01) for some reason.  (Why not any of the other DC's?)
 Can you use regedit and go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time key and export to a file -- on one of the other DC's, the server01 DC, and a workstation, and we can see how the registry settings are set.  (Either manually, by default, or by policy) to see what they are configured to do.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 22642221
SStone55423 has a really good point. I am still sticking with my first hunch.

I think you may have a GPO that is telling your computers where to go for time and that is overriding the announcement flags. You could check RSOP to see if you have a policy that points your clients/servers to server01.

Truth is, Either of our answers could be right.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 250 total points
ID: 22726646
"net time" is NT4 based and deprecated. You can still use it to set a time server on the PDC emulator, but that's about all it's good for in an AD domain.
"net time" will query the NetBIOS browser list for *any* DC; it knows exactly *nothing* about the time sync in an AD domain, and even less about AD sites. In other words: the output of "net time" means absolutely nothing.
In addition, "net time /setsntp:..." will do nothing useful on any domain member (except the PDC emulator), either; all domain member use the AD time sync hierarchy (DC sync with the PDC emulator, members with the authenticating DC) *by* *default* and will ignore a manually configured time server.
To find out which DC your machine is currently(!) syncing with, stop and restart the w32time service, then check the event log a bit later; there should be an event stating that the time sync was successful, and which server the machine synced with.
0
 

Author Closing Comment

by:rickgiguere
ID: 31502981
Thank you for all of your help!
The answer from oBdA was exactly the information I could not find anywhere. Many thanks once again!
Rick
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question