[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 655
  • Last Modified:

Setting time source in Windows 2000

I am trying to set every Windows 2000 machine on our network to sync it's time with our default gateway. The timing has to be acurate and the PC must be able to update while the user has no privaledge to change the time. This is on a non-Active Directory domain. In XP, I can just go into the date and time settings and specify the gateway's IP. But that facility doesn't exist in 2000. Can someone please tell me how to do this in 2000?
0
Styphon
Asked:
Styphon
1 Solution
 
KCTSCommented:
In a windows domain all clients take their time from the DC running the PDC emulator - this in turn can be sync'ed to an external time source see http://support.microsoft.com/kb/216734/EN-US/
0
 
StyphonAuthor Commented:
Yea, I've seen that article. I want to find a way to sync each and every individual PC to the external source though.
0
 
Pete LongConsultantCommented:
Configuring Domain Time

Problem Events - On the PDC Emulator

Event ID 12 (W32 Time Time Provider NtpClient: This machine is configured to use {text omitted}, but it is the PDC emulator...).
Event ID 29 (The time provider NtpClient is configured to acquire time from one or more time sources...).
Event ID 36 (The time service has not synchronized the system time for 86400 seconds...).
Event ID 38 (The time provider NtpClient cannot reach or is currently receiving invalid time data from...).
Event ID 47 (Time Provider NtpClient: No valid response has been received from  manually configured peer...).

Problem Events - On Domain Members

Event ID 50 (The time service detected a time difference of greater than 5000 milliseconds  for 900 seconds...).
Event ID 22 (The time provider NtpServer encountered an error while digitally signing the  NTP response for peer...).


Step 1 Locate the PDC Emulator.

1. On a domain controller, Click Start > Run > dsa.msc{Enter}
2. Expand AD Users and computers
3. Right click the domain > Operations Masters > PDC Tab
4. Take note of the PDC emulators name.

Step 2 Firewall config

1. Ensure UDP Port 123 is open outbound from the PDC Emulator.


Step 3 Configure the PDC Emulator to collect Reliable Time

1. On the PDC emulator Click Start > Run > cmd {Enter}
2. At command line type the following command,

w32tm /config /manualpeerlist:ntp2d.mcc.ac.uk /syncfromflags:manual /reliable:yes /update

Note: UK NTP Servers http://www.timetools.co.uk/info/ntp-servers-public/ntp-server-uk-stratum-2.htm

3. It should say "The command completed successfully."
4. Execute the following commands

net stop "windows time"
net start "windows time"
W32TM /resync

5. It should say "The command completed successfully."
6. Look in the servers Event log > System Log for Event ID 37

---------------------------------------------------------------
Event Type:      Information
Event Source:      W32Time
Event Category:      None
Event ID:      37
Date:            xx/xx/xxxx
Time:            xx:xx:xx
User:            N/A
Computer:      {servername}
Description:
The time provider NtpClient is currently receiving valid time data from ntp2d.mcc.ac.uk (ntp.m|0x0|10.0.0.1:123->130.88.203.64:123).

For more  
information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
---------------------------------------------------------------

7. You may also see Event ID 35

---------------------------------------------------------------
Event Type:      Information
Event Source:      W32Time
Event Category:      None
Event ID:      35
Date:            xx/xx/xxxx
Time:            xx:xx:xx
User:            N/A
Computer:      {servername}
Description:
The time service is now synchronizing the system time with the time source ntp2d.mcc.ac.uk (ntp.m|0x0|10.0.0.1:123->130.88.203.64:123).

For more  
information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
---------------------------------------------------------------


Step 4 Check the domain clients.

1. Click Start > Run > cmd {enter}
2. Execute the following command

w32tm /monitor

3. You will see the time on all the domain controllers this client can see..


C:\Documents and Settings\Administrator.yourdomain>w32tm /monitor
server-dc.yourdomain.co.uk [192.168.1.1]:
    ICMP: 0ms delay.
    NTP: +363.2032725s offset from server-pdc.yourdomain.co.uk
        RefID: server-pdc.pearsons.co.uk [192.168.69.6]
site2-dc.yourdomain.co.uk [192.168.2.1]:
    ICMP: 70ms delay.
    NTP: +0.0470237s offset from server-pdc.yourdomain.co.uk
        RefID: tees-exchange.pearsons.co.uk [192.168.69.4]
serverdc2.yourdomain.co.uk [192.168.1.4]:
    ICMP: 0ms delay.
    NTP: +0.0000553s offset from server-pdc.yourdomain.co.uk
        RefID: server-pdc.pearsons.co.uk [192.168.1.6]
server-pdc.yourdomain.co.uk *** PDC *** [192.168.1.6]:
    ICMP: 0ms delay.
    NTP: +0.0000000s offset from server-pdc.yourdomain.co.uk
        RefID: scarp.mc.man.ac.uk [130.88.203.64]

(In the case above the time on server-dc is way out address that first - it was a 2000 server and net time \\server-pdc {enter} fixed it).

4. Once all the domain controllers have a time thats accurate (Like the last three in the example above), then proceed.
5. Execute the following commands

net stop "windows time"
net start "windows time"
w32tm /resync

6. The Machines event log should log the following successful events

Event ID 37 (The time provider NtpClient is currently receiving valid time data from..).
Event ID 38 (The time provider NtpClient is currently receiving valid time data from..).






Problems

Error The computer did not resync because no time data was available.
If the server cannot resolve the name or UDP 123 is NOT open outbound you will see this error.
Also see http://www.msfn.org/board/lofiversion/index.php/t67060.html
0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 
KCTSCommented:
On a domain all workstation must sync with the PDC emulator  - thats the way a domain is designed to work, if machines fall outside the tollerance limits of Active Directory, (5mins) then authentication issues will occur.

What is the problem with syncing the PDC emulator with an external source and then having the clients sync with it?
0
 
StyphonAuthor Commented:
1. The is not an AD domain.
2. I have 3 machines all labled as PDC doing different jobs (we're in a transitional phase and it's all a little messy atm, which is why I tried to get them all to sync individually)
3. I have the original box, labled ntserver. It is the Primary Domain Controller of the network, but does authentication only.
4. I have a 2003 machine labled 2003svr. It runs the DHCP and DNS but does no authentication.
5. I have a VM sitting on the 2003svr, labled ntsvr. It does authentication only.
I am unsure which machine would control the time. If it is, as I fear it is, the ntserver, then that artical is not relevant on how to set it up and I would need to know how to set it up on a nt4 server. I thought it would just be easier to get each pc to individualy update from the default gateway.
0
 
KCTSCommented:
OK I misunderstood - see http://support.microsoft.com/kb/216734
0
 
StyphonAuthor Commented:
That's the same article you posted before, and it's for Windows 2000. I have NT4 servers. The clients are 2000.
0
 
oBdACommented:
w32tm in Windows 2000 doesn't have as much configuration possibilities as the XP/W2k3 version.
In Windows 2000, just open a command prompt on the client and enter
net time /setsntp:<Gateway-IP>
net stop w32time & net start w32time

How to synchronize the time on a Windows 2000-based computer in a Windows NT 4.0 domain
http://support.microsoft.com/?kbid=258059
0
 
StyphonAuthor Commented:
We tried the net time command, but users cannot run this command as they don't have the privaledge. However the article you posted mentioned about removing a reg key. From that I was able to determine that inputing a reg key (which the users may be able to do) works just as well. Thanks.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now