Solved

Domain time sync issues

Posted on 2008-10-12
21
786 Views
Last Modified: 2012-05-05
My isa server computer is having problems from today onwards and giving the error when i try to logon to the domain

"The current time on computer and the current time on the network are different"

i tried to login as the local administrator and i checked the command "net time /querysntp" and i got this

"The current SNTP value is: \\adserver" where adserver is local domain controller and dns

but when i tried to run the command  "net time \\adserver /set /y" i got this error

"System error 1314 has occurred. A required privilege is not held by the client."

i have allowed everyone access to change time in the local policy of the domain but still i am getting this...how can i solve this
0
Comment
Question by:samipk
  • 9
  • 8
  • 3
  • +1
21 Comments
 
LVL 7

Expert Comment

by:dphantom
ID: 22700156
Use the Windows time service to set time.  I do not believe that command is fully supported on post Win9X clients.
0
 
LVL 6

Author Comment

by:samipk
ID: 22700211
what command should i type to use windows time services and sync the isa server to my domain controller???
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 22700215
0
 
LVL 6

Author Comment

by:samipk
ID: 22700258
@debuggerau: the articles have heaps of commands which of these should i use???can you make it clear???what should i exactly do
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 22700294
here are some simpler instructions, but I still think you need to fully understand about the constraints and variables depending on your circumstances..

http://www.mmmug.co.uk/files/216/download.aspx
http://forums.techarena.in/small-business-server/777182.htm
0
 
LVL 6

Author Comment

by:samipk
ID: 22700302
well as i am new to w32time service i would love to have a detailed guide on what to do as i dont want to screw up my domain controller or isa server by doing something wrong
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22701979
Here you can import this reg file into your PDC which will put all the settings in for you.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23630502.html
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 22707415
and set your servers to US Navy time? Are you sure?
0
 
LVL 6

Author Comment

by:samipk
ID: 22708382
can somebody please make a clear post with an easy way to do this???cause as debuggerau said the registry will set the time to us navy time which has a 10 hour difference from my time and also my pdc doesnt have internet access
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 22708480
ok, but to give a more accurate implementation, I need to know more things.

What Domain do you have? 2000, 2003?
How many domain controllers? what are their Windows Versions?
Do you have an internet time service? or an internal time service? Or is a DC acting as such?

Although, on rereading you question, incorrect privileges may be because your not the domain administrator, or you have group policy applied to restrict the adjustment of time...

Do you want Domain Wide time sync, or just servers?
What have you got now, just a default install or is it modified with GP?

Hope that helps you sort the wheat from the chaff...
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 6

Author Comment

by:samipk
ID: 22708552
i have a win 2003 domain
only i domain controller at the time(had to domote the adc due to problems which are resolved now)
no i dont have internet time service the dc is acting

i would love to have a domain wide time sync as i have had this problem once before and was solved when i set the sntp to the domain controller(but in this case although the sntp is set to the domain controller i still have this error)
i have a modified gp installed
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 22708609
ok, well with a modified GP, ensure your ability to change time on the DC's is turned off, thus allowing for manual changes.

Ensure your in as a Domain Administrator.

Would you like to sync your server from an internet source or just remain local?
If just remaining local then this is your command on the DC:
w32tm /config /syncfromflags:domhier /update
and the clients need this:
w32tm /resync /rediscover


0
 
LVL 6

Author Comment

by:samipk
ID: 22708749
you wrote "modified GP, ensure your ability to change time on the DC's is turned off, thus allowing for manual changes"
- what setting do i have to check and what do you mean by this???
- in the default domain controller policy the change system time right is assigned to "Administartor, Server Operators, Local Service" do you want me to change that in some way??

"Ensure your in as a Domain Administrator."
- if you want me to login as a domain admin to the isaserver(the system getting this error) then its not possible as i cant login to the domain on that system

"Would you like to sync your server from an internet source or just remain local?"
- i want it to remain local

when i typed in "w32tm /resync /rediscover" on the isa server system it gave me this error
"Sending resync command to local computer...The following error occurred: Access is denied. (0x80070005)"
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 22708905
ok, well if GP is allowed for your login user, dont worry about modifying..

If the ISA server is not on the domain, you wont be able to sync time from the DC, you would need to use a NTP server somewhere else. Or add it to the domain..

To change the local system clock, on a machine that is not on the domain, you will still need local administrator status, use that account and it should be changeable.
If its not, you may need to check the local security policy on that machine itself. Its under Administrator Tools...

Yes, well you cant use the w32tm commands if your not allowed, review your account and sec policy...

I'd be looking at adding the ISA server to the domain firstly, if you want the added protection from it... Then the other things should fall into place..



0
 
LVL 6

Author Comment

by:samipk
ID: 22709272
no actually you do not fully understand the problem....the isa server system is on the domain but i am logging on to it locally(by selecting the computer name rather then the domain in the login screen) as when i login to the domain it gives me the error mentioned in the question

when i try to change the system time by logging in as the local administrator it just gives me the error that i dont have the required previliages

in the policy that is applied to the isaserver only Administartor, Local Services and Domain users have right to change time and it is none at the moment as i am loggin locally to the system

what should i do?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22711177
Is your ISA server a DC?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22711203
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 22716982
Thanks, its a good step by step of the suggestions already made above.

And after you so all these steps, you may still need to stop and start the time service..
0
 
LVL 6

Author Comment

by:samipk
ID: 22717852
never mind i sorted the problem out had to disconnect isaserver from domain and then rejoin it that solved the problem
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 22717936
Author:debuggerau Date:10.14.2008 at 05:05PM EST

"If the ISA server is not on the domain, you wont be able to sync time from the DC, you would need to use a NTP server somewhere else. Or add it to the domain.."

I object, as it was my advice......
0
 
LVL 6

Accepted Solution

by:
samipk earned 0 total points
ID: 22718117
when you wrote the above comment....i immediately wrote after that

"no actually you do not fully understand the problem....the isa server system is on the domain but i am logging on to it locally(by selecting the computer name rather then the domain in the login screen) as when i login to the domain it gives me the error mentioned in the question"

and you never gave the idea or disconnecting the computer from the domain and rejoining it you just gave the idea to join the computer although it was already a part of domain as mentioned in my question"and giving the error when i try to logon to the domain"

which also emphasizes that you didnt fully understand the question ...so sorry but i cant accept your answer as a solution
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now