Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

TimeSync issues between Windows 2008 and Windows 2003R2 domain controllers

Posted on 2009-05-15
3
Medium Priority
?
463 Views
Last Modified: 2012-05-07
Hi,

We are upgrading our domain controllers in our Active Directory Domain.  We have 7 domain controllers : 5 Windows 2003R2 and 2 new Windows 2008 domain controllers.  One of the 2 2008 machines is now our PDC Emulator.  If I run  "w32tm /Monitor" on one of the servers, I get the following results:

C:\Documents and Settings\Administrator.AD>w32tm /monitor
ldapcde.ad.ua.ac.be [143.169.245.24]:
    ICMP: 0ms delay.
    NTP: +72.1835039s offset from LDAP1.ad.ua.ac.be
        RefID: cde254254.cde.ua.ac.be [143.169.254.254]
ldapcst.ad.ua.ac.be [146.175.245.24]:
    ICMP: 1ms delay.
    NTP: +72.1301043s offset from LDAP1.ad.ua.ac.be
        RefID: cde254254.cde.ua.ac.be [143.169.254.254]
xmail01.ad.ua.ac.be [143.169.244.30]:
    ICMP: 0ms delay.
    NTP: +72.1231895s offset from LDAP1.ad.ua.ac.be
        RefID: cde254254.cde.ua.ac.be [143.169.254.254]
xmail02.ad.ua.ac.be [143.169.244.31]:
    ICMP: 0ms delay.
    NTP: +72.1507059s offset from LDAP1.ad.ua.ac.be
        RefID: cde254254.cde.ua.ac.be [143.169.254.254]
xmail05.ad.ua.ac.be [143.169.244.34]:
    ICMP: 0ms delay.
    NTP: +72.1304011s offset from LDAP1.ad.ua.ac.be
        RefID: cde254254.cde.ua.ac.be [143.169.254.254]
LDAP1.ad.ua.ac.be *** PDC *** [143.169.245.67]:
    ICMP: 0ms delay.
    NTP: +0.0000000s offset from LDAP1.ad.ua.ac.be
        RefID: 'LOCL' [76.79.67.76]
LDAP2.ad.ua.ac.be [143.169.245.68]:
    ICMP: 1ms delay.
    NTP: -0.0125596s offset from LDAP1.ad.ua.ac.be
        RefID: LDAP1.ad.ua.ac.be [143.169.245.67]

The 2 new 2008 machines (ldap1 and ldap2) are synchronized and on a 0 second offset.  The 5 older 2003R2 machines (LDAPCDE, LDAPCST, XMAIL01, XMAIL02 and XMAIL05) are synchronized to eachother, but are all on an 72 second offset to the reference server (=one of the new 2008 machines).

At this moment I don't experience any problem in our domain, but it just doesn't feel right (A few years ago we had a similar problem with a Novell eDirectory network, and this resulted in a lot of trouble after a few days...).  I tried to issue a "w32tm /resync"-command on one of the 2003R2-servers, and it completes with the messages "The command completed succesfully.", but the server still remains at the same 72 second offset.

Is there something else needed to sync 2003R2 domain controllers to 2008 domain controllers?

Bertin Peeters
0
Comment
Question by:SysUA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 22

Accepted Solution

by:
Paka earned 1000 total points
ID: 24393470
Do you have any manually configured SNTP settings?  Try this on each server:

Open a command prompt and type:
net stop w32time
w32tm /unregister (if you get a permission error - repeat this command)
w32tm /register
net start w32time

On the PDCe, you will have to reconfigure your NTP server.  To do so, use the previous command and follow it up with:
net time /setsntp:YourNTPServer

Try another net stop/start w32time to see if it synced.
0
 
LVL 22

Expert Comment

by:Paka
ID: 24393478
P.S.  With a 72 second offset, you should be seeing authentication and Kerberos errors unless you changed your Kerberos time tolerance.
0
 

Author Closing Comment

by:SysUA
ID: 31581838
Thanks!  Our 5 W2003R machines were synchronizing with an ntp-server 143.169.254.254, while the W2008 were synchronizing locally.  I now changed the whole configuration: the PDC is now synchronizing with the ntp-server, and the other DC's are synchronizing with the PDC.  All time-offsets are now at 0.x seconds.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question