We help IT Professionals succeed at work.

Domain time sync issues

Last Modified: 2012-05-05
My isa server computer is having problems from today onwards and giving the error when i try to logon to the domain

"The current time on computer and the current time on the network are different"

i tried to login as the local administrator and i checked the command "net time /querysntp" and i got this

"The current SNTP value is: \\adserver" where adserver is local domain controller and dns

but when i tried to run the command  "net time \\adserver /set /y" i got this error

"System error 1314 has occurred. A required privilege is not held by the client."

i have allowed everyone access to change time in the local policy of the domain but still i am getting this...how can i solve this
Watch Question

Use the Windows time service to set time.  I do not believe that command is fully supported on post Win9X clients.


what command should i type to use windows time services and sync the isa server to my domain controller???


@debuggerau: the articles have heaps of commands which of these should i use???can you make it clear???what should i exactly do
here are some simpler instructions, but I still think you need to fully understand about the constraints and variables depending on your circumstances..



well as i am new to w32time service i would love to have a detailed guide on what to do as i dont want to screw up my domain controller or isa server by doing something wrong
Top Expert 2012

Here you can import this reg file into your PDC which will put all the settings in for you.

and set your servers to US Navy time? Are you sure?


can somebody please make a clear post with an easy way to do this???cause as debuggerau said the registry will set the time to us navy time which has a 10 hour difference from my time and also my pdc doesnt have internet access
ok, but to give a more accurate implementation, I need to know more things.

What Domain do you have? 2000, 2003?
How many domain controllers? what are their Windows Versions?
Do you have an internet time service? or an internal time service? Or is a DC acting as such?

Although, on rereading you question, incorrect privileges may be because your not the domain administrator, or you have group policy applied to restrict the adjustment of time...

Do you want Domain Wide time sync, or just servers?
What have you got now, just a default install or is it modified with GP?

Hope that helps you sort the wheat from the chaff...


i have a win 2003 domain
only i domain controller at the time(had to domote the adc due to problems which are resolved now)
no i dont have internet time service the dc is acting

i would love to have a domain wide time sync as i have had this problem once before and was solved when i set the sntp to the domain controller(but in this case although the sntp is set to the domain controller i still have this error)
i have a modified gp installed
ok, well with a modified GP, ensure your ability to change time on the DC's is turned off, thus allowing for manual changes.

Ensure your in as a Domain Administrator.

Would you like to sync your server from an internet source or just remain local?
If just remaining local then this is your command on the DC:
w32tm /config /syncfromflags:domhier /update
and the clients need this:
w32tm /resync /rediscover


you wrote "modified GP, ensure your ability to change time on the DC's is turned off, thus allowing for manual changes"
- what setting do i have to check and what do you mean by this???
- in the default domain controller policy the change system time right is assigned to "Administartor, Server Operators, Local Service" do you want me to change that in some way??

"Ensure your in as a Domain Administrator."
- if you want me to login as a domain admin to the isaserver(the system getting this error) then its not possible as i cant login to the domain on that system

"Would you like to sync your server from an internet source or just remain local?"
- i want it to remain local

when i typed in "w32tm /resync /rediscover" on the isa server system it gave me this error
"Sending resync command to local computer...The following error occurred: Access is denied. (0x80070005)"
ok, well if GP is allowed for your login user, dont worry about modifying..

If the ISA server is not on the domain, you wont be able to sync time from the DC, you would need to use a NTP server somewhere else. Or add it to the domain..

To change the local system clock, on a machine that is not on the domain, you will still need local administrator status, use that account and it should be changeable.
If its not, you may need to check the local security policy on that machine itself. Its under Administrator Tools...

Yes, well you cant use the w32tm commands if your not allowed, review your account and sec policy...

I'd be looking at adding the ISA server to the domain firstly, if you want the added protection from it... Then the other things should fall into place..


no actually you do not fully understand the problem....the isa server system is on the domain but i am logging on to it locally(by selecting the computer name rather then the domain in the login screen) as when i login to the domain it gives me the error mentioned in the question

when i try to change the system time by logging in as the local administrator it just gives me the error that i dont have the required previliages

in the policy that is applied to the isaserver only Administartor, Local Services and Domain users have right to change time and it is none at the moment as i am loggin locally to the system

what should i do?
Top Expert 2012

Is your ISA server a DC?
Top Expert 2012

Thanks, its a good step by step of the suggestions already made above.

And after you so all these steps, you may still need to stop and start the time service..


never mind i sorted the problem out had to disconnect isaserver from domain and then rejoin it that solved the problem
Author:debuggerau Date:10.14.2008 at 05:05PM EST

"If the ISA server is not on the domain, you wont be able to sync time from the DC, you would need to use a NTP server somewhere else. Or add it to the domain.."

I object, as it was my advice......
This one is on us!
(Get your first solution completely free - no credit card required)
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.