Windows 2003 Domain time incorrect

First, there may be a time zone update for the 2009 changes.  Check update.microsoft.com for any manual updates.

Next, I use a program called atomic clock sync (available from Download.com) - There are a few imitators, but the one I use has a gold ring as the icon once it is installed.  That keeps your server updated regardless of the other time zone settings.

If it were a time zone update we would be off by hours, not minutes....our servers are up to date though.

OUr domain controllers are set up to be able to sync with a NIST server, I would like to know why that is not working.

If you import this reg file it will automatically configure your PDC to use an external time source but make sure you import on the PDC emulator. Are any of these servers or computers running virtually?

https://www.experts-exchange.com/questions/23630502/Authoritative-Time-Server.html

What resync command would I use to verify that it fixed it?

Run w32tm /resync /rediscover/

Yeah, even after doing that we are off by 5 minutes....

Are there any errors in the event viewer about the inability to retrieve the info from the time servers?

Just saw this:

Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.  It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source.  Otherwise, this machine will  function as the authoritative time source in the domain hierarchy.  If an external  time source is not configured or used for this computer, you may choose to disable  the NtpClient.

There are some good tips on this forum: http://www.msfn.org/board/lofiversion/index.php/t67060.html

Where is the default domain controllers gpo?

Sorry-  that was a stupid question, I figured it out - will test & let you know.

How quickly should the change take place?

I now have w32time events saying:

The time provider NtpClient is currently receiving valid time data from tock.usno.navy.mil (ntp.m|0x1|10.1.1.50:123->192.5.41.41:123).

However, our time still is off by 4 minutes...

Did you import the reg file I posted within that post. This will configure all of your settings for you.

Okay - I hadn't restarted the Time service - now the PDC Emulator is pretty close to correct (about 30 second off according to Verizon & http://www.time.gov).  However, my PCs throughout the domain are still in-accurate.  Why aren't they udpating?  I did Run w32tm /resync /rediscover/ on my workstation

Looking at my w32time entries on my local machine it looks like I am syncing to several different domain controllers on the network or even non-domain controllers...what did I do wrong now?

You can set a GPO up that will make the clients point to the PDC for time. Restart the time service on the client.

http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Time-Service.html

It just started working on it's own...maybe a time delay (no pun intended)

Once you have changed the settings it takes a little bit to sync but once you run the command above it is suppose to sync right a way but I have seen it take a little while

Well - we are good to go!  Thanks!

Wait, maybe I spoke a little too soon!  The laptops that go home at night go back to the old time when they are off the network & then they seem to stay that way for a while.....

That is because they update. You can set the laptops profiles up so when they go home the logon witha different profile to allow them to sync to external time source. Or you can set them to directly get the external time from the same source the server is getting it from.

So it cannot just maintain its own time when they are off network & then update accordingly?

If it is part of the domain and it is using the domain profile to logon it will look for the domain to get it's time.

But once I take it off the network here, I lose the domain time & it goes back 4-5 minutes.....that will cause some issues with our log requirements etc.

If you don't have many laptops you go into there BIOS and change the time there to make sure it matches up with the domain. You can also set the laptops to get the time from the same source the PDC is getting it from.

http://support.microsoft.com/kb/314054

The way the time service works is your PDCe is the time provider for the domain by default. The PDCe has time synchronization flags to tell all the clients and other servers it is the time server. Those synchronization flags also have a phase offset that tell the clients how close to accurate time they are suppose to be. By default the phase offset is +/- 5 minutes. If you wish to change the phase offset you will have to create a GPO making your PDCe the ""Authoritative Time Server". The +/- 5 minutes keeps the clients within a tolerance to not slow your network down. Otherwise, the client can be up to but not exceeding +/- 5 minutes before the client resynchs with the PDCe. When creating this GPO, do not include the PDCe or it will override any default settings and the PDCe will synchronize with itself, (causing some time errors).


The PDCe will have to point to an outside server, as you already discovered. To make this easy, you can download a program called Symtime. That will synchronize your PDCe with an outside time source without having to go through all the hastle of registry edits, GPOs or anything else.

Symmetricom also offers another program that checks your domain for accuracy for you. So, you don't have to walk around and check the time synchronization. This program is called , (I think), LMcheck.

Both LMcheck and symmtime are free and painless to set up.

Please do not accredit me for this answer. You found the information you were looking for with the other experts. This is just additional information.