Rory Clerkin
asked on
NTP problem on Windows Server 2003 domain
Hi,
I'm having an issue with NTP on our domain controllers. As I understand it, within a windows 2003 domain all hosts will make an NTP client request up the chain of the domain hierarchy util the primary domain controller is reached.
Currently we have;
10.65.50.16 - PDC (in house)
10.65.50.17 - DC (in house)
10.65.2.3 - DC (remote location)
10.65.50.0 - Hosts (in house)
Everything is running fine as far as NTP is concerned until the domain controllers in the 10.65.50.0 subnet are reached.
Using wireshark I can see that the PDC is requesting an NTP update from the DC 10.65.50.17 when I run;
w32tm /resync /rediscover
Also with wireshark I can see that nothing happens on the 10.65.50.17 DC when I use the same command.
The 10.65.50.17 DC show this in the w32time.log file;
149164 17:32:16.0156250s - Starting Providers.
149164 17:32:16.0156250s - Starting 'NtpClient', dll:'C:\WINDOWS\system32\w 32time.dll '
149164 17:32:16.0156250s - NtpTimeProvOpen("NtpClient ") called.
149164 17:32:16.0156250s - sysPrecision=-6, systmeClockResolution=1562 50
149164 17:32:16.0156250s - NtpProvider: Created 2 sockets (1 listen-only): 10.65.50.17:123, (127.0.0.1:123)
149164 17:32:16.0156250s - PeerPollingThread: waiting forever
149164 17:32:16.0156250s - ReadConfig: 'AllowNonstandardModeCombi nations'=0 x00000001
149164 17:32:16.0156250s - ReadConfig: 'CompatibilityFlags'=0x800 00000
149164 17:32:16.0156250s - ReadConfig: 'SpecialPollInterval'=0x00 000E10
149164 17:32:16.0156250s - ReadConfig: 'ResolvePeerBackoffMinutes '=0x000000 0A
149164 17:32:16.0156250s - ReadConfig: 'ResolvePeerBackoffMaxTime s'=0x00000 007
149164 17:32:16.0156250s - ReadConfig: 'EventLogFlags'=0x00000000
149164 17:32:16.0156250s - ReadConfig: 'LargeSampleSkew'=0x000000 03
149164 17:32:16.0156250s - ReadConfig: 'CrossSiteSyncFlags'=0x000 00000
149164 17:32:16.0156250s - PeerPollingThread: waiting 0.000s
149164 17:32:16.0156250s - NtpClient started.
149164 17:32:16.0156250s - Starting 'NtpServer', dll:'C:\WINDOWS\system32\w 32time.dll '
149164 17:32:16.0156250s - PeerPollingThread: PeerListUpdated
149164 17:32:16.0156250s - Resolving domain hierarchy
149164 17:32:16.0156250s - NtpTimeProvOpen("NtpServer ") called.
149164 17:32:16.0156250s - ReadConfig: 'AllowNonstandardModeCombi nations'=0 x00000001
149164 17:32:16.0312500s - PeerPollingThread: WaitTimeout
149164 17:32:16.0312500s - PeerPollingThread: waiting forever
149164 17:32:16.0312500s - RPC Caller is NT AUTHORITY\LOCAL SERVICE (S-1-5-19)
149164 17:32:16.0312500s - Logging warning: NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 10 minutes.
149164 17:32:16.0312500s - Retrying resolution for domain hierarchy. Retry 1 will be in 10 minutes.
149164 17:32:16.0312500s - PeerPollingThread: waiting 600.000s
149164 17:32:16.0312500s - PeerPollingThread: waiting 600.000s
I have my ntp server set to ntp.maths.tcd.ie in the w32time registry settings.
I used the following MS knowledgebase article to do the configuration on the PDC. When I saw that the PDC was trying to connect to the other DC I change the config there too so I don't have the original config from either machine.
From what I can make out the DC 10.65.50.17 can't connect to the time server ntp.maths.tcd.ie even though I can ping it. This could be a firewall issue but I want to be sure everything else is working correctly before I go near the firewall .... and I'm scepticle that the rest is working correctly.
Can anybody give me some direction on this?
Rory
P.S.: Running 'net time' on each server reports the time at the PDC. The network is currently out of sync by approx 4 minutes 30seconds from an accurate time server.
I'm having an issue with NTP on our domain controllers. As I understand it, within a windows 2003 domain all hosts will make an NTP client request up the chain of the domain hierarchy util the primary domain controller is reached.
Currently we have;
10.65.50.16 - PDC (in house)
10.65.50.17 - DC (in house)
10.65.2.3 - DC (remote location)
10.65.50.0 - Hosts (in house)
Everything is running fine as far as NTP is concerned until the domain controllers in the 10.65.50.0 subnet are reached.
Using wireshark I can see that the PDC is requesting an NTP update from the DC 10.65.50.17 when I run;
w32tm /resync /rediscover
Also with wireshark I can see that nothing happens on the 10.65.50.17 DC when I use the same command.
The 10.65.50.17 DC show this in the w32time.log file;
149164 17:32:16.0156250s - Starting Providers.
149164 17:32:16.0156250s - Starting 'NtpClient', dll:'C:\WINDOWS\system32\w
149164 17:32:16.0156250s - NtpTimeProvOpen("NtpClient
149164 17:32:16.0156250s - sysPrecision=-6, systmeClockResolution=1562
149164 17:32:16.0156250s - NtpProvider: Created 2 sockets (1 listen-only): 10.65.50.17:123, (127.0.0.1:123)
149164 17:32:16.0156250s - PeerPollingThread: waiting forever
149164 17:32:16.0156250s - ReadConfig: 'AllowNonstandardModeCombi
149164 17:32:16.0156250s - ReadConfig: 'CompatibilityFlags'=0x800
149164 17:32:16.0156250s - ReadConfig: 'SpecialPollInterval'=0x00
149164 17:32:16.0156250s - ReadConfig: 'ResolvePeerBackoffMinutes
149164 17:32:16.0156250s - ReadConfig: 'ResolvePeerBackoffMaxTime
149164 17:32:16.0156250s - ReadConfig: 'EventLogFlags'=0x00000000
149164 17:32:16.0156250s - ReadConfig: 'LargeSampleSkew'=0x000000
149164 17:32:16.0156250s - ReadConfig: 'CrossSiteSyncFlags'=0x000
149164 17:32:16.0156250s - PeerPollingThread: waiting 0.000s
149164 17:32:16.0156250s - NtpClient started.
149164 17:32:16.0156250s - Starting 'NtpServer', dll:'C:\WINDOWS\system32\w
149164 17:32:16.0156250s - PeerPollingThread: PeerListUpdated
149164 17:32:16.0156250s - Resolving domain hierarchy
149164 17:32:16.0156250s - NtpTimeProvOpen("NtpServer
149164 17:32:16.0156250s - ReadConfig: 'AllowNonstandardModeCombi
149164 17:32:16.0312500s - PeerPollingThread: WaitTimeout
149164 17:32:16.0312500s - PeerPollingThread: waiting forever
149164 17:32:16.0312500s - RPC Caller is NT AUTHORITY\LOCAL SERVICE (S-1-5-19)
149164 17:32:16.0312500s - Logging warning: NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 10 minutes.
149164 17:32:16.0312500s - Retrying resolution for domain hierarchy. Retry 1 will be in 10 minutes.
149164 17:32:16.0312500s - PeerPollingThread: waiting 600.000s
149164 17:32:16.0312500s - PeerPollingThread: waiting 600.000s
I have my ntp server set to ntp.maths.tcd.ie in the w32time registry settings.
I used the following MS knowledgebase article to do the configuration on the PDC. When I saw that the PDC was trying to connect to the other DC I change the config there too so I don't have the original config from either machine.
From what I can make out the DC 10.65.50.17 can't connect to the time server ntp.maths.tcd.ie even though I can ping it. This could be a firewall issue but I want to be sure everything else is working correctly before I go near the firewall .... and I'm scepticle that the rest is working correctly.
Can anybody give me some direction on this?
Rory
P.S.: Running 'net time' on each server reports the time at the PDC. The network is currently out of sync by approx 4 minutes 30seconds from an accurate time server.
ASKER
Thanks for replying ChiefIT.
I'd much prefer not to install extra software to do somthing that windows can do on its own tho. I can open port 123 if needed but I'm not going to do that until I'm sure everything is working correctly within the domain. I'm going to attempt to restore the configuration to its original state and then maybe set an authorative time server using GP and then try configure the external source again.
What confuses me is the fact that the PDC (.16) is sending a request to the other DC (.17) with the following NTP message;
Network Time Protocol
Flags: 0x19
00.. .... = Leap Indicator: no warning (0)
..01 1... = Version number: NTP Version 3 (3)
.... .001 = Mode: symmetric active (1)
Peer Clock Stratum: secondary reference (2)
Peer Polling Interval: 15 (32768 sec)
Peer Clock Precision: 0.015625 sec
Root Delay: 0.0000 sec
Root Dispersion: 10.0156 sec
Reference Clock ID: 10.65.50.17
Reference Clock Update Time: May 27, 2009 12:48:01.9044 UTC
Originate Time Stamp: NULL
Receive Time Stamp: NULL
Transmit Time Stamp: May 27, 2009 12:48:02.0144 UTC
Key ID: 910A0000
Message Authentication Code: 00000000000000000000000000 000000
The DC (.17) then replies as the NTP server with this NTP message;
Network Time Protocol
Flags: 0x1c
00.. .... = Leap Indicator: no warning (0)
..01 1... = Version number: NTP Version 3 (3)
.... .100 = Mode: server (4)
Peer Clock Stratum: primary reference (1)
Peer Polling Interval: 15 (32768 sec)
Peer Clock Precision: 0.015625 sec
Root Delay: 0.0000 sec
Root Dispersion: 10.8182 sec
Reference Clock ID: Uncalibrate local clock
Reference Clock Update Time: May 26, 2009 17:32:16.0156 UTC
Originate Time Stamp: May 27, 2009 12:48:02.0144 UTC
Receive Time Stamp: May 27, 2009 12:48:02.0156 UTC
Transmit Time Stamp: May 27, 2009 12:48:02.0156 UTC
Key ID: 00000000
Message Authentication Code: 99F732DA322F692A3A48CC29B0 B5A6C1
So the PDC is obviously connecting to another DC which it uses as its server. This should be the other way around shouldn't it?
The code snippet below is the registry settings for the PDC, maybe somebody can make out something here as to why its trying to contact a secondary DC?
I'd much prefer not to install extra software to do somthing that windows can do on its own tho. I can open port 123 if needed but I'm not going to do that until I'm sure everything is working correctly within the domain. I'm going to attempt to restore the configuration to its original state and then maybe set an authorative time server using GP and then try configure the external source again.
What confuses me is the fact that the PDC (.16) is sending a request to the other DC (.17) with the following NTP message;
Network Time Protocol
Flags: 0x19
00.. .... = Leap Indicator: no warning (0)
..01 1... = Version number: NTP Version 3 (3)
.... .001 = Mode: symmetric active (1)
Peer Clock Stratum: secondary reference (2)
Peer Polling Interval: 15 (32768 sec)
Peer Clock Precision: 0.015625 sec
Root Delay: 0.0000 sec
Root Dispersion: 10.0156 sec
Reference Clock ID: 10.65.50.17
Reference Clock Update Time: May 27, 2009 12:48:01.9044 UTC
Originate Time Stamp: NULL
Receive Time Stamp: NULL
Transmit Time Stamp: May 27, 2009 12:48:02.0144 UTC
Key ID: 910A0000
Message Authentication Code: 00000000000000000000000000
The DC (.17) then replies as the NTP server with this NTP message;
Network Time Protocol
Flags: 0x1c
00.. .... = Leap Indicator: no warning (0)
..01 1... = Version number: NTP Version 3 (3)
.... .100 = Mode: server (4)
Peer Clock Stratum: primary reference (1)
Peer Polling Interval: 15 (32768 sec)
Peer Clock Precision: 0.015625 sec
Root Delay: 0.0000 sec
Root Dispersion: 10.8182 sec
Reference Clock ID: Uncalibrate local clock
Reference Clock Update Time: May 26, 2009 17:32:16.0156 UTC
Originate Time Stamp: May 27, 2009 12:48:02.0144 UTC
Receive Time Stamp: May 27, 2009 12:48:02.0156 UTC
Transmit Time Stamp: May 27, 2009 12:48:02.0156 UTC
Key ID: 00000000
Message Authentication Code: 99F732DA322F692A3A48CC29B0
So the PDC is obviously connecting to another DC which it uses as its server. This should be the other way around shouldn't it?
The code snippet below is the registry settings for the PDC, maybe somebody can make out something here as to why its trying to contact a secondary DC?
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
Class Name: <NO CLASS>
Last Write Time: 4/14/2008 - 8:05 AM
Value 0
Name: Description
Type: REG_SZ
Data: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Value 1
Name: DisplayName
Type: REG_SZ
Data: Windows Time
Value 2
Name: ErrorControl
Type: REG_DWORD
Data: 0x1
Value 3
Name: FailureActions
Type: REG_BINARY
Data:
00000000 05 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00 00 ................
00000010 64 00 20 00 01 00 00 00 - 60 ea 00 00 01 00 00 00 d. .....`ê......
60 ea 00 00 `ê..
Value 4
Name: Group
Type: REG_SZ
Data:
Value 5
Name: ImagePath
Type: REG_EXPAND_SZ
Data: %SystemRoot%\system32\svchost.exe -k LocalService
Value 6
Name: Objectname
Type: REG_SZ
Data: NT AUTHORITY\LocalService
Value 7
Name: Start
Type: REG_DWORD
Data: 0x2
Value 8
Name: Type
Type: REG_DWORD
Data: 0x20
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Class Name: <NO CLASS>
Last Write Time: 5/26/2009 - 5:57 PM
Value 0
Name: LastClockRate
Type: REG_DWORD
Data: 0x26259
Value 1
Name: MinClockRate
Type: REG_DWORD
Data: 0x260d4
Value 2
Name: MaxClockRate
Type: REG_DWORD
Data: 0x263e0
Value 3
Name: FrequencyCorrectRate
Type: REG_DWORD
Data: 0x4
Value 4
Name: PollAdjustFactor
Type: REG_DWORD
Data: 0x5
Value 5
Name: LargePhaseOffset
Type: REG_DWORD
Data: 0x2faf080
Value 6
Name: SpikeWatchPeriod
Type: REG_DWORD
Data: 0x384
Value 7
Name: HoldPeriod
Type: REG_DWORD
Data: 0x5
Value 8
Name: LocalClockDispersion
Type: REG_DWORD
Data: 0xa
Value 9
Name: EventLogFlags
Type: REG_DWORD
Data: 0x2
Value 10
Name: PhaseCorrectRate
Type: REG_DWORD
Data: 0x7
Value 11
Name: MinPollInterval
Type: REG_DWORD
Data: 0x6
Value 12
Name: MaxPollInterval
Type: REG_DWORD
Data: 0xa
Value 13
Name: UpdateInterval
Type: REG_DWORD
Data: 0x64
Value 14
Name: MaxNegPhaseCorrection
Type: REG_DWORD
Data: 0x708
Value 15
Name: MaxPosPhaseCorrection
Type: REG_DWORD
Data: 0x708
Value 16
Name: AnnounceFlags
Type: REG_DWORD
Data: 0x5
Value 17
Name: MaxAllowedPhaseOffset
Type: REG_DWORD
Data: 0x12c
Value 18
Name: FileLogEntries
Type: REG_SZ
Data: 0-116
Value 19
Name: FileLogName
Type: REG_SZ
Data: C:\Windows\Temp\w32time.log
Value 20
Name: FileLogSize
Type: REG_DWORD
Data: 0x10000000
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Class Name: <NO CLASS>
Last Write Time: 5/26/2009 - 6:28 PM
Value 0
Name: ServiceMain
Type: REG_SZ
Data: SvchostEntry_W32Time
Value 1
Name: ServiceDll
Type: REG_EXPAND_SZ
Data: C:\WINDOWS\system32\w32time.dll
Value 2
Name: NtpServer
Type: REG_SZ
Data: ntp.maths.tcd.ie,0x4
Value 3
Name: Type
Type: REG_SZ
Data: NTP
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security
Class Name: <NO CLASS>
Last Write Time: 4/26/2007 - 2:52 PM
Value 0
Name: Security
Type: REG_BINARY
Data:
00000000 01 00 14 80 90 00 00 00 - 9c 00 00 00 14 00 00 00 ................
00000010 30 00 00 00 02 00 1c 00 - 01 00 00 00 02 80 14 00 0...............
00000020 ff 01 0f 00 01 01 00 00 - 00 00 00 01 00 00 00 00 ÿ...............
00000030 02 00 60 00 04 00 00 00 - 00 00 14 00 8d 00 02 00 ..`.............
00000040 01 01 00 00 00 00 00 05 - 0b 00 00 00 00 00 18 00 ................
00000050 ff 01 0f 00 01 02 00 00 - 00 00 00 05 20 00 00 00 ÿ........... ...
00000060 20 02 00 00 00 00 14 00 - 9d 00 00 00 01 01 00 00 ...............
00000070 00 00 00 05 04 00 00 00 - 00 00 18 00 9d 00 00 00 ................
00000080 01 02 00 00 00 00 00 05 - 20 00 00 00 21 02 00 00 ........ ...!...
00000090 01 01 00 00 00 00 00 05 - 12 00 00 00 01 01 00 00 ................
00 00 00 05 12 00 00 00 - ........
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders
Class Name: <NO CLASS>
Last Write Time: 12/5/2007 - 8:48 AM
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Class Name: <NO CLASS>
Last Write Time: 4/1/2009 - 3:06 PM
Value 0
Name: Enabled
Type: REG_DWORD
Data: 0x1
Value 1
Name: InputProvider
Type: REG_DWORD
Data: 0x1
Value 2
Name: AllowNonstandardModeCombinations
Type: REG_DWORD
Data: 0x1
Value 3
Name: CrossSiteSyncFlags
Type: REG_DWORD
Data: 0x2
Value 4
Name: ResolvePeerBackoffMinutes
Type: REG_DWORD
Data: 0xf
Value 5
Name: ResolvePeerBackoffMaxTimes
Type: REG_DWORD
Data: 0x7
Value 6
Name: CompatibilityFlags
Type: REG_DWORD
Data: 0x80000000
Value 7
Name: EventLogFlags
Type: REG_DWORD
Data: 0x1
Value 8
Name: LargeSampleSkew
Type: REG_DWORD
Data: 0x3
Value 9
Name: DllName
Type: REG_SZ
Data: C:\WINDOWS\system32\w32time.dll
Value 10
Name: SpecialPollTimeRemaining
Type: REG_MULTI_SZ
Data:
Value 11
Name: SpecialPollInterval
Type: REG_DWORD
Data: 0x384
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Class Name: <NO CLASS>
Last Write Time: 12/5/2007 - 8:48 AM
Value 0
Name: InputProvider
Type: REG_DWORD
Data: 0
Value 1
Name: AllowNonstandardModeCombinations
Type: REG_DWORD
Data: 0x1
Value 2
Name: DllName
Type: REG_SZ
Data: C:\WINDOWS\system32\w32time.dll
Value 3
Name: Enabled
Type: REG_DWORD
Data: 0x1
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Enum
Class Name: <NO CLASS>
Last Write Time: 4/14/2008 - 8:05 AM
Value 0
Name: 0
Type: REG_SZ
Data: Root\LEGACY_W32TIME\0000
Value 1
Name: Count
Type: REG_DWORD
Data: 0x1
Value 2
Name: NextInstance
Type: REG_DWORD
Data: 0x1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all your help ChiefIT.
After scouring through the group Policies I was able to find an entry for windows time in one of them.
Once I'd set the windows time group policy settings back to 'Not Configured' and refreshed it on the PDC it immeadiately synced with the outside source. There was no firewall issue here at all oddly enough.
Once I restored the registry settings on the Secondary DC it correctly went to the PDC for its reference clock.
The cause of the odd behaviour seems to be that the windows time settings in the group policy were enabled and set to NTP (not NT5DS) but there was no time server specified in the policy, it was simply left blank and the DC's didn't know where to go for their reference clock.
With the group policy time settings reverted to the default and the PDC set according to this MS knowledge base article http://support.microsoft.com/kb/816042/en-us everything is running correctly and all our systems are now synchronising as expected.
Another lesson learned!
Rory
After scouring through the group Policies I was able to find an entry for windows time in one of them.
Once I'd set the windows time group policy settings back to 'Not Configured' and refreshed it on the PDC it immeadiately synced with the outside source. There was no firewall issue here at all oddly enough.
Once I restored the registry settings on the Secondary DC it correctly went to the PDC for its reference clock.
The cause of the odd behaviour seems to be that the windows time settings in the group policy were enabled and set to NTP (not NT5DS) but there was no time server specified in the policy, it was simply left blank and the DC's didn't know where to go for their reference clock.
With the group policy time settings reverted to the default and the PDC set according to this MS knowledge base article http://support.microsoft.com/kb/816042/en-us everything is running correctly and all our systems are now synchronising as expected.
Another lesson learned!
Rory
To bypass the firewall without comprimising security and dropping the port protection, you can download symmtime (from symmetricom's website). That utility will go out on port 80 to a number of different network and government time servers to synch your PDCe up with that time server through synchronization flags. These flags broadcast the PDCe as the default time server for your domain.
All ohter nodes on your domain, (BY DEFAULT), will synch up with your PDCe to get their time unless you configured an authoritative time server through group policy. Group policy overrides the default configuration of the synch flags.
NOTE: These computers will Not resynch to the PDCe until they are +/- the 5 minute phase offset of the PDCe synchronization flags.