wantabe2
asked on
Domain Time
I have 3 offices on my domain. The FSMO roles are split between two servers. Server 1 holds the PDC Emulator role. I've checked all my servers to make sure they are looking to this server that operations master & they are. I looked in the registry on this server in the \HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\S ervices\W3 2Time\Para meters
and below are my settings:
(default) REG_SZ (value not set)
NtpServer REG_SZ time.windows.com,0x9
ServiceDll REG_EXPAND_SZ %systemroot%\system32\w32t ime.dll
ServiceDllUnloadOnStop REG_DWORD 0x0000000001(1)
ServiceMain REG_SZ SvchostEntry_W32Time
Type REG_SZ NT5DS
I want to set this server to get its time from time.nist.gov
I am assuming this is the same time as we see on www.time.gov isn't it? If so, how do I set server 1 to point to time.nist.gov without causing any issues on my domain? I've read online several places but I'm confused as to if I need to change the NT5DS to something else.
and below are my settings:
(default) REG_SZ (value not set)
NtpServer REG_SZ time.windows.com,0x9
ServiceDll REG_EXPAND_SZ %systemroot%\system32\w32t
ServiceDllUnloadOnStop REG_DWORD 0x0000000001(1)
ServiceMain REG_SZ SvchostEntry_W32Time
Type REG_SZ NT5DS
I want to set this server to get its time from time.nist.gov
I am assuming this is the same time as we see on www.time.gov isn't it? If so, how do I set server 1 to point to time.nist.gov without causing any issues on my domain? I've read online several places but I'm confused as to if I need to change the NT5DS to something else.
This should do it for you
w32time /config /manualpeerlist: "time.nist.gov", 0x1" /syncfromflags:manual /reliable:yes /update
Then type
Net Stop w32time && Net Start w32time
w32time /config /manualpeerlist: "time.nist.gov", 0x1" /syncfromflags:manual /reliable:yes /update
Then type
Net Stop w32time && Net Start w32time
Run the following command to verify which machine is your PDC Emulator:
netdom query fsmo
Then on the PDCe ONLY, open a command prompt and enter (the ,0x9 at the end will tell the time service to run in ntp client mode and to use the SpecialPollInterval):
w32tm /config /manualpeerlist:time.nist. gov,0x9 /syncfromflags:MANUAL /update
w32tm /resync
On all other DCs, the Type entry should be NT5DS; if it is not, run the following commands:
w32tm /config /syncfromflags:DOMHIER /update
w32tm /resync
Other time servers are here; pick a time server geographically close to you::
A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet
http://support.microsoft.com/kb/262680
The pool.ntp.org project
http://www.pool.ntp.org/
netdom query fsmo
Then on the PDCe ONLY, open a command prompt and enter (the ,0x9 at the end will tell the time service to run in ntp client mode and to use the SpecialPollInterval):
w32tm /config /manualpeerlist:time.nist.
w32tm /resync
On all other DCs, the Type entry should be NT5DS; if it is not, run the following commands:
w32tm /config /syncfromflags:DOMHIER /update
w32tm /resync
Other time servers are here; pick a time server geographically close to you::
A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet
http://support.microsoft.com/kb/262680
The pool.ntp.org project
http://www.pool.ntp.org/
ASKER
Okay, now I have the PDC changed to use a different external time source. The time on the PDC server changed on it's own like it should. I logged into a server at one of the remote sites & restarted the time service & also forced replication to the PDC server & the time has not changed at any of the other domain controllers either in the same site as the PDC or at any other remote DC...how long should it take. These servers have all the default settings as far as replication & stuff.
As I said: first verify on the other DCs (and other machines that don't seem to sync their time) whether the Type entry is NT5DS (and run the command I listed above to set it back, if necessary).
Then be aware that the time isn't always synced in one big step; IIRC, if the difference is less than 5 minutes the clock is slightly accelerated/slowed down until the time matches again.
Check the system event log on the machine for events with source W32Time; they will tell you whether the time service is syncing correctly (you can ignore the occasional error if there are successes as well; NTP is UDP, after all).
Then be aware that the time isn't always synced in one big step; IIRC, if the difference is less than 5 minutes the clock is slightly accelerated/slowed down until the time matches again.
Check the system event log on the machine for events with source W32Time; they will tell you whether the time service is syncing correctly (you can ignore the occasional error if there are successes as well; NTP is UDP, after all).
ASKER
The PDC is now NTP...the DC in that bldg is set to NT5DS & I restarted the time service on that server & it now matches the PDC. All the other DCs in the domain are also set to NT5DS but are all 3 - 4 minutes off.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've done that already...noting has changed yet...they are still about 3 -4 minutes off from the PDC...I'll sit back & wait about another hour....I even rebooted a remote server to see if that would help but still no change. I am getting this warning int he event viewer on one of the remote DCs:
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
https://www.experts-exchange.com/questions/23630502/Authoritative-Time-Server.html