• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6817
  • Last Modified:

Synchronize Windows Server 2008 Domain Controller to nist.time.gov

Synchronize Windows Server 2008 Domain Controller to nist.time.gov
0
pbtech
Asked:
pbtech
1 Solution
 
_etoptasCommented:
Please follow this solution: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_23499409.html
Be sure to run these from an elevated command prompt:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
net time /setsntp:time.windows.com
w32tm /config /syncfromflags:MANUAL /manualpeerlist:time.windows.com,0x8
net stop w32time

(At this stage, change time so it is 5 minutes out)

net start w32time
w32tm /resync /rediscover

Cheers, fm
0
 
tigermattCommented:

The above comment was copied and pasted from another solution I myself posted elsewhere on this site. It is more intended at fixing Windows Time sync issues when things are corrupted, and it won't sync up with time.nist.gov as you intend.

The commands below are the ones you'll need to run to get a sync with time.nist.gov. From an elevated command prompt, ('Start' button, type cmd, press Ctrl + Shift + Enter):

w32tm /config /syncfromflags:MANUAL /manualpeerlist:time.nist.gov,0x8 /update
w32tm /reliable:yes
w32tm /resync /rediscover

That should get you going using time.nist.gov as the NTP server. It also doesn't reset any other Windows Time configuration, like the above solution would do.

-Matt
0
 
pbtechAuthor Commented:
Thank you,
Once I follow the task to synchronize the Servers with NIST,

How do you synchronize the clients (XP Pro) with the Servers?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
tigermattCommented:

Since this is an Active Directory domain there is no additional configuration required on the workstations or the member servers. The DC will announce itself as a time source, and the other devices on the network will automatically detect this and use it to sync their time.

-Matt
0
 
pbtechAuthor Commented:
How is the server published as a time server in AD?  Is it automatic because it is a DC, or do we have to specify the server as a time server?


0
 
tigermattCommented:

It is usually automatic. There is nothing more you need to do other than have it as a DC for it to publish as a time server.

However, it is usually the server holding the PDC Emulator FSMO role which will be the most authoritative time server in a domain... and all servers and workstations will use that as their top-most time source.

-Matt
0
 
pbtechAuthor Commented:
I ran the path:
w32tm /config /syncfromflags:MANUAL /manualpeerlist:time.nist.gov,0x8 /update

I got an error stating:

The following error occurred; Access is denied. <0x80070005>



0
 
tigermattCommented:
Since this is on a Windows Server 2008 machine, you need to run the command from an elevated command prompt. Press Start > type cmd in the Search box and then press Ctrl + Shift + Enter. Re-enter the command, and it should now run.

-Matt
0
 
pbtechAuthor Commented:
I did what you proposed and I got the following error:
system cannot find the filw specified <0x80070002>
0
 
tigermattCommented:
Your w32time service installation is therefore corrupted. At an elevated command prompt, you need to again execute the following:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time

Then run the w32tm commands you were attempting to run before.

-Matt
0
 
pbtechAuthor Commented:
I followed your instrucions and now i am getting:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /config /syncfromflags:MANUAL /manualpeerlist:time.nist.gov,0x8 /update

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Thanks again for all your help
0
 
pbtechAuthor Commented:
I went into services and I did not see a TIME or w32tm services or w32Time service
0
 
tigermattCommented:
You need to re-register it. w32tm /register, then try again.

As I'm sure you can see, the time service can be a bit of a pain!
0
 
pbtechAuthor Commented:
OK, It worked.

Thank you for sticking in there with me.

One more thing:

Do I need to do the following:

1) Start Regedit
2) HKEY_LOCAL_MACHINE\system\CURRENTCNTROLSET\SERVICES\w32tIME\TimeProviders\NtpClient
3) Enable - Modify
4) Edit DWORD Value - Type 0 - OK
5) Exit Regedit
From CMD
w32tm /config /reliable:YES
net stop w32time && netstart w32time
0
 
tigermattCommented:
Excellent! Good to hear it's working.

The 'Enabled' should be set to a value of 1. If you set that value to Disabled, the server will not sync time with time.nist.gov.

On setting the value to 1, you'd then have to run w32tm /config /update for the change to take effect.

At the same time, running w32tm /config /reliable:YES is a *very* good idea as it helps ensure the server is announced as a reliable source of time.

-Matt
0
 
pbtechAuthor Commented:
one more then.

we have other domains. should we run the following command on the other domain controlers
:
1) cmd
2) w32tm /config /syncfromflags:DOMHIER
3) w32tm  /config /reliable:YES
4) w32tm /config /update
0
 
tigermattCommented:
Other domains, or other domain controllers?

If it's other Domain Controllers, then you can run the commands which you suggest. Those commands will ensure time is always updated from a source in the domain hierachy - i.e. the PDC Emulator, which syncs with the external source.

-Matt
0
 
pbtechAuthor Commented:
Thank you very much Matt.

You are a huge help!
0
 
tigermattCommented:
No problem. Feel free to close this one out as soon as you are ready!
0
 
pbtechAuthor Commented:
Very good
0
 
daveford123Commented:
I have been trying to get w32tm working with an NTP server for ages, I stunble over this tread and its fixed in two mins ! Many thanks:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
net time /setsntp:time.windows.com
w32tm /config /syncfromflags:MANUAL /manualpeerlist:time.windows.com,0x8
net stop w32time

(At this stage, change time so it is 5 minutes out)

net start w32time
w32tm /resync /rediscover

Worked a treat...
Regards
Dave
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now