Link to home
Start Free TrialLog in
Avatar of Rory Clerkin
Rory ClerkinFlag for Ireland

asked on

NTP problem on Windows Server 2003 domain

Hi,

I'm having an issue with NTP on our domain controllers. As I understand it, within a windows 2003 domain all hosts will make an NTP client request up the chain of the domain hierarchy util the primary domain controller is reached.
Currently we have;

10.65.50.16 - PDC (in house)
10.65.50.17 - DC (in house)
10.65.2.3 - DC (remote location)
10.65.50.0 - Hosts (in house)

Everything is running fine as far as NTP is concerned until the domain controllers in the 10.65.50.0 subnet are reached.
Using wireshark I can see that the PDC is requesting an NTP update from the DC 10.65.50.17 when I run;

w32tm /resync /rediscover

Also with wireshark I can see that nothing happens on the 10.65.50.17 DC when I use the same command.
The 10.65.50.17 DC show this in the w32time.log file;

149164 17:32:16.0156250s - Starting Providers.
149164 17:32:16.0156250s - Starting 'NtpClient', dll:'C:\WINDOWS\system32\w32time.dll'
149164 17:32:16.0156250s - NtpTimeProvOpen("NtpClient") called.
149164 17:32:16.0156250s - sysPrecision=-6, systmeClockResolution=156250
149164 17:32:16.0156250s - NtpProvider: Created 2 sockets (1 listen-only): 10.65.50.17:123, (127.0.0.1:123)
149164 17:32:16.0156250s - PeerPollingThread: waiting forever
149164 17:32:16.0156250s - ReadConfig: 'AllowNonstandardModeCombinations'=0x00000001
149164 17:32:16.0156250s - ReadConfig: 'CompatibilityFlags'=0x80000000
149164 17:32:16.0156250s - ReadConfig: 'SpecialPollInterval'=0x00000E10
149164 17:32:16.0156250s - ReadConfig: 'ResolvePeerBackoffMinutes'=0x0000000A
149164 17:32:16.0156250s - ReadConfig: 'ResolvePeerBackoffMaxTimes'=0x00000007
149164 17:32:16.0156250s - ReadConfig: 'EventLogFlags'=0x00000000
149164 17:32:16.0156250s - ReadConfig: 'LargeSampleSkew'=0x00000003
149164 17:32:16.0156250s - ReadConfig: 'CrossSiteSyncFlags'=0x00000000
149164 17:32:16.0156250s - PeerPollingThread: waiting 0.000s
149164 17:32:16.0156250s - NtpClient started.
149164 17:32:16.0156250s - Starting 'NtpServer', dll:'C:\WINDOWS\system32\w32time.dll'
149164 17:32:16.0156250s - PeerPollingThread: PeerListUpdated
149164 17:32:16.0156250s - Resolving domain hierarchy
149164 17:32:16.0156250s - NtpTimeProvOpen("NtpServer") called.
149164 17:32:16.0156250s - ReadConfig: 'AllowNonstandardModeCombinations'=0x00000001
149164 17:32:16.0312500s - PeerPollingThread: WaitTimeout
149164 17:32:16.0312500s - PeerPollingThread: waiting forever
149164 17:32:16.0312500s - RPC Caller is NT AUTHORITY\LOCAL SERVICE (S-1-5-19)
149164 17:32:16.0312500s - Logging warning: NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 10 minutes.
149164 17:32:16.0312500s - Retrying resolution for domain hierarchy. Retry 1 will be in 10 minutes.
149164 17:32:16.0312500s - PeerPollingThread: waiting 600.000s
149164 17:32:16.0312500s - PeerPollingThread: waiting 600.000s

I have my ntp server set to ntp.maths.tcd.ie in the w32time registry settings.

I used the following MS knowledgebase article to do the configuration on the PDC. When I saw that the PDC was trying to connect to the other DC I change the config there too so I don't have the original config from either machine.


From what I can make out the DC 10.65.50.17 can't connect to the time server ntp.maths.tcd.ie even though I can ping it. This could be a firewall issue but I want to be sure everything else is working correctly before I go near the firewall .... and I'm scepticle that the rest is working correctly.

Can anybody give me some direction on this?

Rory


P.S.: Running 'net time' on each server reports the time at the PDC. The network is currently out of sync by approx 4 minutes 30seconds from an accurate time server.
Avatar of ChiefIT
ChiefIT
Flag of United States of America image

Its a firewall blocking port 123:

To bypass the firewall without comprimising security and dropping the port protection, you can download symmtime (from symmetricom's website). That utility will go out on port 80 to a number of different network and government time servers to synch your PDCe up with that time server through synchronization flags. These flags broadcast the PDCe as the default time server for your domain.

All ohter nodes on your domain, (BY DEFAULT), will synch up with your PDCe to get their time unless you configured an authoritative time server through group policy. Group policy overrides the default configuration of the synch flags.

NOTE: These computers will Not resynch to the PDCe until they are +/- the 5 minute phase offset of the PDCe synchronization flags.
Avatar of Rory Clerkin

ASKER

Thanks for replying ChiefIT.
I'd much prefer not to install extra software to do somthing that windows can do on its own tho. I can open port 123 if needed but I'm not going to do that until I'm sure everything is working correctly within the domain. I'm going to attempt to restore the configuration to its original state and then maybe set an authorative time server using GP and then try configure the external source again.

What confuses me is the fact that the PDC (.16) is sending a request to the other DC (.17) with the following NTP message;

Network Time Protocol
Flags: 0x19
00.. .... = Leap Indicator: no warning (0)
..01 1... = Version number: NTP Version 3 (3)
.... .001 = Mode: symmetric active (1)
Peer Clock Stratum: secondary reference (2)
Peer Polling Interval: 15 (32768 sec)
Peer Clock Precision: 0.015625 sec
Root Delay:    0.0000 sec
Root Dispersion:   10.0156 sec
Reference Clock ID: 10.65.50.17
Reference Clock Update Time: May 27, 2009 12:48:01.9044 UTC
Originate Time Stamp: NULL
Receive Time Stamp: NULL
Transmit Time Stamp: May 27, 2009 12:48:02.0144 UTC
Key ID: 910A0000
Message Authentication Code: 00000000000000000000000000000000


The DC (.17) then replies as the NTP server with this NTP message;

Network Time Protocol
Flags: 0x1c
00.. .... = Leap Indicator: no warning (0)
..01 1... = Version number: NTP Version 3 (3)
.... .100 = Mode: server (4)
Peer Clock Stratum: primary reference (1)
Peer Polling Interval: 15 (32768 sec)
Peer Clock Precision: 0.015625 sec
Root Delay:    0.0000 sec
Root Dispersion:   10.8182 sec
Reference Clock ID: Uncalibrate local clock
Reference Clock Update Time: May 26, 2009 17:32:16.0156 UTC
Originate Time Stamp: May 27, 2009 12:48:02.0144 UTC
Receive Time Stamp: May 27, 2009 12:48:02.0156 UTC
Transmit Time Stamp: May 27, 2009 12:48:02.0156 UTC
Key ID: 00000000
Message Authentication Code: 99F732DA322F692A3A48CC29B0B5A6C1


So the PDC is obviously connecting to another DC which it uses as its server. This should be the other way around shouldn't it?

The code snippet below is the registry settings for the PDC, maybe somebody can make out something here as to why its trying to contact a secondary DC?




Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
Class Name:        <NO CLASS>
Last Write Time:   4/14/2008 - 8:05 AM
Value 0
  Name:            Description
  Type:            REG_SZ
  Data:            Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 
 
Value 1
  Name:            DisplayName
  Type:            REG_SZ
  Data:            Windows Time
 
Value 2
  Name:            ErrorControl
  Type:            REG_DWORD
  Data:            0x1
 
Value 3
  Name:            FailureActions
  Type:            REG_BINARY
  Data:            
00000000   05 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00 00  ................
00000010   64 00 20 00 01 00 00 00 - 60 ea 00 00 01 00 00 00  d. .....`ê......
60 ea 00 00                                        `ê..
 
Value 4
  Name:            Group
  Type:            REG_SZ
  Data:            
 
Value 5
  Name:            ImagePath
  Type:            REG_EXPAND_SZ
  Data:            %SystemRoot%\system32\svchost.exe -k LocalService
 
Value 6
  Name:            Objectname
  Type:            REG_SZ
  Data:            NT AUTHORITY\LocalService
 
Value 7
  Name:            Start
  Type:            REG_DWORD
  Data:            0x2
 
Value 8
  Name:            Type
  Type:            REG_DWORD
  Data:            0x20
 
 
Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Class Name:        <NO CLASS>
Last Write Time:   5/26/2009 - 5:57 PM
Value 0
  Name:            LastClockRate
  Type:            REG_DWORD
  Data:            0x26259
 
Value 1
  Name:            MinClockRate
  Type:            REG_DWORD
  Data:            0x260d4
 
Value 2
  Name:            MaxClockRate
  Type:            REG_DWORD
  Data:            0x263e0
 
Value 3
  Name:            FrequencyCorrectRate
  Type:            REG_DWORD
  Data:            0x4
 
Value 4
  Name:            PollAdjustFactor
  Type:            REG_DWORD
  Data:            0x5
 
Value 5
  Name:            LargePhaseOffset
  Type:            REG_DWORD
  Data:            0x2faf080
 
Value 6
  Name:            SpikeWatchPeriod
  Type:            REG_DWORD
  Data:            0x384
 
Value 7
  Name:            HoldPeriod
  Type:            REG_DWORD
  Data:            0x5
 
Value 8
  Name:            LocalClockDispersion
  Type:            REG_DWORD
  Data:            0xa
 
Value 9
  Name:            EventLogFlags
  Type:            REG_DWORD
  Data:            0x2
 
Value 10
  Name:            PhaseCorrectRate
  Type:            REG_DWORD
  Data:            0x7
 
Value 11
  Name:            MinPollInterval
  Type:            REG_DWORD
  Data:            0x6
 
Value 12
  Name:            MaxPollInterval
  Type:            REG_DWORD
  Data:            0xa
 
Value 13
  Name:            UpdateInterval
  Type:            REG_DWORD
  Data:            0x64
 
Value 14
  Name:            MaxNegPhaseCorrection
  Type:            REG_DWORD
  Data:            0x708
 
Value 15
  Name:            MaxPosPhaseCorrection
  Type:            REG_DWORD
  Data:            0x708
 
Value 16
  Name:            AnnounceFlags
  Type:            REG_DWORD
  Data:            0x5
 
Value 17
  Name:            MaxAllowedPhaseOffset
  Type:            REG_DWORD
  Data:            0x12c
 
Value 18
  Name:            FileLogEntries
  Type:            REG_SZ
  Data:            0-116
 
Value 19
  Name:            FileLogName
  Type:            REG_SZ
  Data:            C:\Windows\Temp\w32time.log
 
Value 20
  Name:            FileLogSize
  Type:            REG_DWORD
  Data:            0x10000000
 
 
Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Class Name:        <NO CLASS>
Last Write Time:   5/26/2009 - 6:28 PM
Value 0
  Name:            ServiceMain
  Type:            REG_SZ
  Data:            SvchostEntry_W32Time
 
Value 1
  Name:            ServiceDll
  Type:            REG_EXPAND_SZ
  Data:            C:\WINDOWS\system32\w32time.dll
 
Value 2
  Name:            NtpServer
  Type:            REG_SZ
  Data:            ntp.maths.tcd.ie,0x4
 
Value 3
  Name:            Type
  Type:            REG_SZ
  Data:            NTP
 
 
Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security
Class Name:        <NO CLASS>
Last Write Time:   4/26/2007 - 2:52 PM
Value 0
  Name:            Security
  Type:            REG_BINARY
  Data:            
00000000   01 00 14 80 90 00 00 00 - 9c 00 00 00 14 00 00 00  ................
00000010   30 00 00 00 02 00 1c 00 - 01 00 00 00 02 80 14 00  0...............
00000020   ff 01 0f 00 01 01 00 00 - 00 00 00 01 00 00 00 00  ÿ...............
00000030   02 00 60 00 04 00 00 00 - 00 00 14 00 8d 00 02 00  ..`.............
00000040   01 01 00 00 00 00 00 05 - 0b 00 00 00 00 00 18 00  ................
00000050   ff 01 0f 00 01 02 00 00 - 00 00 00 05 20 00 00 00  ÿ........... ...
00000060   20 02 00 00 00 00 14 00 - 9d 00 00 00 01 01 00 00   ...............
00000070   00 00 00 05 04 00 00 00 - 00 00 18 00 9d 00 00 00  ................
00000080   01 02 00 00 00 00 00 05 - 20 00 00 00 21 02 00 00  ........ ...!...
00000090   01 01 00 00 00 00 00 05 - 12 00 00 00 01 01 00 00  ................
00 00 00 05 12 00 00 00 -                          ........
 
 
Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders
Class Name:        <NO CLASS>
Last Write Time:   12/5/2007 - 8:48 AM
 
Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Class Name:        <NO CLASS>
Last Write Time:   4/1/2009 - 3:06 PM
Value 0
  Name:            Enabled
  Type:            REG_DWORD
  Data:            0x1
 
Value 1
  Name:            InputProvider
  Type:            REG_DWORD
  Data:            0x1
 
Value 2
  Name:            AllowNonstandardModeCombinations
  Type:            REG_DWORD
  Data:            0x1
 
Value 3
  Name:            CrossSiteSyncFlags
  Type:            REG_DWORD
  Data:            0x2
 
Value 4
  Name:            ResolvePeerBackoffMinutes
  Type:            REG_DWORD
  Data:            0xf
 
Value 5
  Name:            ResolvePeerBackoffMaxTimes
  Type:            REG_DWORD
  Data:            0x7
 
Value 6
  Name:            CompatibilityFlags
  Type:            REG_DWORD
  Data:            0x80000000
 
Value 7
  Name:            EventLogFlags
  Type:            REG_DWORD
  Data:            0x1
 
Value 8
  Name:            LargeSampleSkew
  Type:            REG_DWORD
  Data:            0x3
 
Value 9
  Name:            DllName
  Type:            REG_SZ
  Data:            C:\WINDOWS\system32\w32time.dll
 
Value 10
  Name:            SpecialPollTimeRemaining
  Type:            REG_MULTI_SZ
  Data:            
 
Value 11
  Name:            SpecialPollInterval
  Type:            REG_DWORD
  Data:            0x384
 
 
Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Class Name:        <NO CLASS>
Last Write Time:   12/5/2007 - 8:48 AM
Value 0
  Name:            InputProvider
  Type:            REG_DWORD
  Data:            0
 
Value 1
  Name:            AllowNonstandardModeCombinations
  Type:            REG_DWORD
  Data:            0x1
 
Value 2
  Name:            DllName
  Type:            REG_SZ
  Data:            C:\WINDOWS\system32\w32time.dll
 
Value 3
  Name:            Enabled
  Type:            REG_DWORD
  Data:            0x1
 
 
Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Enum
Class Name:        <NO CLASS>
Last Write Time:   4/14/2008 - 8:05 AM
Value 0
  Name:            0
  Type:            REG_SZ
  Data:            Root\LEGACY_W32TIME\0000
 
Value 1
  Name:            Count
  Type:            REG_DWORD
  Data:            0x1
 
Value 2
  Name:            NextInstance
  Type:            REG_DWORD
  Data:            0x1

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of ChiefIT
ChiefIT
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for all your help ChiefIT.
After scouring through the group Policies I was able to find an entry for windows time in one of them.
Once I'd set the windows time group policy settings back to 'Not Configured' and refreshed it on the PDC it immeadiately synced with the outside source. There was no firewall issue here at all oddly enough.
Once I restored the registry settings on the Secondary DC it correctly went to the PDC for its reference clock.

The cause of the odd behaviour seems to be that the windows time settings in the group policy were enabled and set to NTP (not NT5DS) but there was no time server specified in the policy, it was simply left blank and the DC's didn't know where to go for their reference clock.

With the group policy time settings reverted to the default and the PDC set according to this MS knowledge base article http://support.microsoft.com/kb/816042/en-us everything is running correctly and all our systems are now synchronising as expected.

Another lesson learned!
Rory