We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Synchronize Windows Server 2008 Domain Controller to nist.time.gov

pbtech
pbtech asked
on
Medium Priority
7,177 Views
Last Modified: 2012-05-06
Synchronize Windows Server 2008 Domain Controller to nist.time.gov
Comment
Watch Question

Commented:
Please follow this solution: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_23499409.html
Be sure to run these from an elevated command prompt:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
net time /setsntp:time.windows.com
w32tm /config /syncfromflags:MANUAL /manualpeerlist:time.windows.com,0x8
net stop w32time

(At this stage, change time so it is 5 minutes out)

net start w32time
w32tm /resync /rediscover

Cheers, fm

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:

The above comment was copied and pasted from another solution I myself posted elsewhere on this site. It is more intended at fixing Windows Time sync issues when things are corrupted, and it won't sync up with time.nist.gov as you intend.

The commands below are the ones you'll need to run to get a sync with time.nist.gov. From an elevated command prompt, ('Start' button, type cmd, press Ctrl + Shift + Enter):

w32tm /config /syncfromflags:MANUAL /manualpeerlist:time.nist.gov,0x8 /update
w32tm /reliable:yes
w32tm /resync /rediscover

That should get you going using time.nist.gov as the NTP server. It also doesn't reset any other Windows Time configuration, like the above solution would do.

-Matt

Author

Commented:
Thank you,
Once I follow the task to synchronize the Servers with NIST,

How do you synchronize the clients (XP Pro) with the Servers?
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:

Since this is an Active Directory domain there is no additional configuration required on the workstations or the member servers. The DC will announce itself as a time source, and the other devices on the network will automatically detect this and use it to sync their time.

-Matt

Author

Commented:
How is the server published as a time server in AD?  Is it automatic because it is a DC, or do we have to specify the server as a time server?


tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:

It is usually automatic. There is nothing more you need to do other than have it as a DC for it to publish as a time server.

However, it is usually the server holding the PDC Emulator FSMO role which will be the most authoritative time server in a domain... and all servers and workstations will use that as their top-most time source.

-Matt

Author

Commented:
I ran the path:
w32tm /config /syncfromflags:MANUAL /manualpeerlist:time.nist.gov,0x8 /update

I got an error stating:

The following error occurred; Access is denied. <0x80070005>



tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
Since this is on a Windows Server 2008 machine, you need to run the command from an elevated command prompt. Press Start > type cmd in the Search box and then press Ctrl + Shift + Enter. Re-enter the command, and it should now run.

-Matt

Author

Commented:
I did what you proposed and I got the following error:
system cannot find the filw specified <0x80070002>
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
Your w32time service installation is therefore corrupted. At an elevated command prompt, you need to again execute the following:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time

Then run the w32tm commands you were attempting to run before.

-Matt

Author

Commented:
I followed your instrucions and now i am getting:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /config /syncfromflags:MANUAL /manualpeerlist:time.nist.gov,0x8 /update

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Thanks again for all your help

Author

Commented:
I went into services and I did not see a TIME or w32tm services or w32Time service
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
You need to re-register it. w32tm /register, then try again.

As I'm sure you can see, the time service can be a bit of a pain!

Author

Commented:
OK, It worked.

Thank you for sticking in there with me.

One more thing:

Do I need to do the following:

1) Start Regedit
2) HKEY_LOCAL_MACHINE\system\CURRENTCNTROLSET\SERVICES\w32tIME\TimeProviders\NtpClient
3) Enable - Modify
4) Edit DWORD Value - Type 0 - OK
5) Exit Regedit
From CMD
w32tm /config /reliable:YES
net stop w32time && netstart w32time
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
Excellent! Good to hear it's working.

The 'Enabled' should be set to a value of 1. If you set that value to Disabled, the server will not sync time with time.nist.gov.

On setting the value to 1, you'd then have to run w32tm /config /update for the change to take effect.

At the same time, running w32tm /config /reliable:YES is a *very* good idea as it helps ensure the server is announced as a reliable source of time.

-Matt

Author

Commented:
one more then.

we have other domains. should we run the following command on the other domain controlers
:
1) cmd
2) w32tm /config /syncfromflags:DOMHIER
3) w32tm  /config /reliable:YES
4) w32tm /config /update
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
Other domains, or other domain controllers?

If it's other Domain Controllers, then you can run the commands which you suggest. Those commands will ensure time is always updated from a source in the domain hierachy - i.e. the PDC Emulator, which syncs with the external source.

-Matt

Author

Commented:
Thank you very much Matt.

You are a huge help!
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
No problem. Feel free to close this one out as soon as you are ready!

Author

Commented:
Very good
I have been trying to get w32tm working with an NTP server for ages, I stunble over this tread and its fixed in two mins ! Many thanks:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
net time /setsntp:time.windows.com
w32tm /config /syncfromflags:MANUAL /manualpeerlist:time.windows.com,0x8
net stop w32time

(At this stage, change time so it is 5 minutes out)

net start w32time
w32tm /resync /rediscover

Worked a treat...
Regards
Dave
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.