Domain time sync issues
My isa server computer is having problems from today onwards and giving the error when i try to logon to the domain
"The current time on computer and the current time on the network are different"
i tried to login as the local administrator and i checked the command "net time /querysntp" and i got this
"The current SNTP value is: \\adserver" where adserver is local domain controller and dns
but when i tried to run the command "net time \\adserver /set /y" i got this error
"System error 1314 has occurred. A required privilege is not held by the client."
i have allowed everyone access to change time in the local policy of the domain but still i am getting this...how can i solve this
"The current time on computer and the current time on the network are different"
i tried to login as the local administrator and i checked the command "net time /querysntp" and i got this
"The current SNTP value is: \\adserver" where adserver is local domain controller and dns
but when i tried to run the command "net time \\adserver /set /y" i got this error
"System error 1314 has occurred. A required privilege is not held by the client."
i have allowed everyone access to change time in the local policy of the domain but still i am getting this...how can i solve this
dphantom
Use the Windows time service to set time. I do not believe that command is fully supported on post Win9X clients.
ASKER
what command should i type to use windows time services and sync the isa server to my domain controller???
w32tm will sync the time
http://technet.microsoft.com/en-us/library/cc773263.aspx
http://technet.microsoft.com/en-us/library/bb491016.aspx
and extensive discussion:
http://blogs.technet.com/industry_insiders/articles/w32_tm_service.aspx
Hope that helps.
http://technet.microsoft.com/en-us/library/cc773263.aspx
http://technet.microsoft.com/en-us/library/bb491016.aspx
and extensive discussion:
http://blogs.technet.com/industry_insiders/articles/w32_tm_service.aspx
Hope that helps.
ASKER
@debuggerau: the articles have heaps of commands which of these should i use???can you make it clear???what should i exactly do
here are some simpler instructions, but I still think you need to fully understand about the constraints and variables depending on your circumstances..
http://www.mmmug.co.uk/files/216/download.aspx
http://forums.techarena.in/small-business-server/777182.htm
http://www.mmmug.co.uk/files/216/download.aspx
http://forums.techarena.in/small-business-server/777182.htm
ASKER
well as i am new to w32time service i would love to have a detailed guide on what to do as i dont want to screw up my domain controller or isa server by doing something wrong
Here you can import this reg file into your PDC which will put all the settings in for you.
https://www.experts-exchange.com/questions/23630502/Authoritative-Time-Server.html
https://www.experts-exchange.com/questions/23630502/Authoritative-Time-Server.html
and set your servers to US Navy time? Are you sure?
ASKER
can somebody please make a clear post with an easy way to do this???cause as debuggerau said the registry will set the time to us navy time which has a 10 hour difference from my time and also my pdc doesnt have internet access
ok, but to give a more accurate implementation, I need to know more things.
What Domain do you have? 2000, 2003?
How many domain controllers? what are their Windows Versions?
Do you have an internet time service? or an internal time service? Or is a DC acting as such?
Although, on rereading you question, incorrect privileges may be because your not the domain administrator, or you have group policy applied to restrict the adjustment of time...
Do you want Domain Wide time sync, or just servers?
What have you got now, just a default install or is it modified with GP?
Hope that helps you sort the wheat from the chaff...
What Domain do you have? 2000, 2003?
How many domain controllers? what are their Windows Versions?
Do you have an internet time service? or an internal time service? Or is a DC acting as such?
Although, on rereading you question, incorrect privileges may be because your not the domain administrator, or you have group policy applied to restrict the adjustment of time...
Do you want Domain Wide time sync, or just servers?
What have you got now, just a default install or is it modified with GP?
Hope that helps you sort the wheat from the chaff...
ASKER
i have a win 2003 domain
only i domain controller at the time(had to domote the adc due to problems which are resolved now)
no i dont have internet time service the dc is acting
i would love to have a domain wide time sync as i have had this problem once before and was solved when i set the sntp to the domain controller(but in this case although the sntp is set to the domain controller i still have this error)
i have a modified gp installed
only i domain controller at the time(had to domote the adc due to problems which are resolved now)
no i dont have internet time service the dc is acting
i would love to have a domain wide time sync as i have had this problem once before and was solved when i set the sntp to the domain controller(but in this case although the sntp is set to the domain controller i still have this error)
i have a modified gp installed
ok, well with a modified GP, ensure your ability to change time on the DC's is turned off, thus allowing for manual changes.
Ensure your in as a Domain Administrator.
Would you like to sync your server from an internet source or just remain local?
If just remaining local then this is your command on the DC:
w32tm /config /syncfromflags:domhier /update
and the clients need this:
w32tm /resync /rediscover
Ensure your in as a Domain Administrator.
Would you like to sync your server from an internet source or just remain local?
If just remaining local then this is your command on the DC:
w32tm /config /syncfromflags:domhier /update
and the clients need this:
w32tm /resync /rediscover
ASKER
you wrote "modified GP, ensure your ability to change time on the DC's is turned off, thus allowing for manual changes"
- what setting do i have to check and what do you mean by this???
- in the default domain controller policy the change system time right is assigned to "Administartor, Server Operators, Local Service" do you want me to change that in some way??
"Ensure your in as a Domain Administrator."
- if you want me to login as a domain admin to the isaserver(the system getting this error) then its not possible as i cant login to the domain on that system
"Would you like to sync your server from an internet source or just remain local?"
- i want it to remain local
when i typed in "w32tm /resync /rediscover" on the isa server system it gave me this error
"Sending resync command to local computer...The following error occurred: Access is denied. (0x80070005)"
- what setting do i have to check and what do you mean by this???
- in the default domain controller policy the change system time right is assigned to "Administartor, Server Operators, Local Service" do you want me to change that in some way??
"Ensure your in as a Domain Administrator."
- if you want me to login as a domain admin to the isaserver(the system getting this error) then its not possible as i cant login to the domain on that system
"Would you like to sync your server from an internet source or just remain local?"
- i want it to remain local
when i typed in "w32tm /resync /rediscover" on the isa server system it gave me this error
"Sending resync command to local computer...The following error occurred: Access is denied. (0x80070005)"
ok, well if GP is allowed for your login user, dont worry about modifying..
If the ISA server is not on the domain, you wont be able to sync time from the DC, you would need to use a NTP server somewhere else. Or add it to the domain..
To change the local system clock, on a machine that is not on the domain, you will still need local administrator status, use that account and it should be changeable.
If its not, you may need to check the local security policy on that machine itself. Its under Administrator Tools...
Yes, well you cant use the w32tm commands if your not allowed, review your account and sec policy...
I'd be looking at adding the ISA server to the domain firstly, if you want the added protection from it... Then the other things should fall into place..
If the ISA server is not on the domain, you wont be able to sync time from the DC, you would need to use a NTP server somewhere else. Or add it to the domain..
To change the local system clock, on a machine that is not on the domain, you will still need local administrator status, use that account and it should be changeable.
If its not, you may need to check the local security policy on that machine itself. Its under Administrator Tools...
Yes, well you cant use the w32tm commands if your not allowed, review your account and sec policy...
I'd be looking at adding the ISA server to the domain firstly, if you want the added protection from it... Then the other things should fall into place..
ASKER
no actually you do not fully understand the problem....the isa server system is on the domain but i am logging on to it locally(by selecting the computer name rather then the domain in the login screen) as when i login to the domain it gives me the error mentioned in the question
when i try to change the system time by logging in as the local administrator it just gives me the error that i dont have the required previliages
in the policy that is applied to the isaserver only Administartor, Local Services and Domain users have right to change time and it is none at the moment as i am loggin locally to the system
what should i do?
when i try to change the system time by logging in as the local administrator it just gives me the error that i dont have the required previliages
in the policy that is applied to the isaserver only Administartor, Local Services and Domain users have right to change time and it is none at the moment as i am loggin locally to the system
what should i do?
Is your ISA server a DC?
Walk through these steps which is for you Domain GPO?
http://windowsitpro.com/article/articleid/94615/when-you-run-the-w32tm-resync-command-on-a-windows-server-2003-computer-you-receive-the-computer-did-not-resync-because-no-time-data-was-available.html
http://windowsitpro.com/article/articleid/94615/when-you-run-the-w32tm-resync-command-on-a-windows-server-2003-computer-you-receive-the-computer-did-not-resync-because-no-time-data-was-available.html
Thanks, its a good step by step of the suggestions already made above.
And after you so all these steps, you may still need to stop and start the time service..
And after you so all these steps, you may still need to stop and start the time service..
ASKER
never mind i sorted the problem out had to disconnect isaserver from domain and then rejoin it that solved the problem
Author:debuggerau Date:10.14.2008 at 05:05PM EST
"If the ISA server is not on the domain, you wont be able to sync time from the DC, you would need to use a NTP server somewhere else. Or add it to the domain.."
I object, as it was my advice......
"If the ISA server is not on the domain, you wont be able to sync time from the DC, you would need to use a NTP server somewhere else. Or add it to the domain.."
I object, as it was my advice......
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.