Solved

Net Time Command- Another servers name!

Posted on 2008-10-03
7
761 Views
Last Modified: 2012-06-22
Hello!
When I type "net time" on any of my servers, they ALL say:
The current time on Server01 is (actual time).
They all reference Server01, and not themselves with the basic "net time" command.

They all reference the same server, which is part of the domain, and an AD server, but is not the NTP server that is master for the domain. This would be the PDC emulator.

All servers know the reliable time source, and can be confirmed by typing: NET TIME /QUERYSNTP

Why are they referencing:
1. the same server
2. a server that is not themselves
3. the server that is not the PDC emulator?

Hope you can help!
Best- Rick

0
Comment
Question by:rickgiguere
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22639684
the PDC Emulator in the forest root domain  is considered the stratum 2 time source for the forest by default.  This is by design.  Because Kerberos needs time to be accurate, you want all systems in your forest to have time within 20 seconds of each other.  You point out that they are getting time from another DC though.
Other DC's in the forest and PDC Emulators in child domains use W32Time to poll the PDC Emulator in the forest root domain to keep their clocks  synchronized.  Workstations and member servers then poll domain controllers in their domains to synchronize their own clocks.
 
 
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22640077
GPOs also overwride the time service flag announcements for net time.
0
 

Author Comment

by:rickgiguere
ID: 22640670
These are great and accurate answers.
The PDC Emulator for the domain is called "Server03" (fictitious)
There are 3 DC's, and one of these 3 are across a VPN/WAN connection.
They all participate in the same domain, with no child domains.

When I type "NET TIME" on ANY of the servers, they all answer back with:
"The current time on SERVER 01 is XX:XX:XX" They all reference SERVER 01 instead of referencing their own time.
The server they are referencing is just a regular DC server, not anything special such PDC Emulator, RID, or Infrastructure Master.
Why are they all referencing this particular server, and not showing their own time when issueing the command "NET TIME" with out any additional parameters?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 8

Expert Comment

by:sstone55423
ID: 22640812
Well, here is the MS article on the topic.  http://support.microsoft.com/kb/816042
I was thinking, if all of the PC's are showing the same source, we should check for GPO's that set it that way.  Or, if there is no PDC Emulator, it may roll to that DC (Server01) for some reason.  (Why not any of the other DC's?)
 Can you use regedit and go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time key and export to a file -- on one of the other DC's, the server01 DC, and a workstation, and we can see how the registry settings are set.  (Either manually, by default, or by policy) to see what they are configured to do.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22642221
SStone55423 has a really good point. I am still sticking with my first hunch.

I think you may have a GPO that is telling your computers where to go for time and that is overriding the announcement flags. You could check RSOP to see if you have a policy that points your clients/servers to server01.

Truth is, Either of our answers could be right.
0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 22726646
"net time" is NT4 based and deprecated. You can still use it to set a time server on the PDC emulator, but that's about all it's good for in an AD domain.
"net time" will query the NetBIOS browser list for *any* DC; it knows exactly *nothing* about the time sync in an AD domain, and even less about AD sites. In other words: the output of "net time" means absolutely nothing.
In addition, "net time /setsntp:..." will do nothing useful on any domain member (except the PDC emulator), either; all domain member use the AD time sync hierarchy (DC sync with the PDC emulator, members with the authenticating DC) *by* *default* and will ignore a manually configured time server.
To find out which DC your machine is currently(!) syncing with, stop and restart the w32time service, then check the event log a bit later; there should be an event stating that the time sync was successful, and which server the machine synced with.
0
 

Author Closing Comment

by:rickgiguere
ID: 31502981
Thank you for all of your help!
The answer from oBdA was exactly the information I could not find anywhere. Many thanks once again!
Rick
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question