Solved

Windows Time Service

Posted on 2010-09-23
10
803 Views
Last Modified: 2012-05-10
It was brought to my attention yesterday that most computers in our office's clocks are out of sync.  Even our domain controller was 2 minutes off.

After some internet research, from the DC, I ran:
W32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual
Net stop w32time
Net start w32time


After I did this, the DC time was perfect, however I didn't see any changes across the network, unless they specifically ran the command
net time \\<our domain controller FQDN> /set /y

I've been reading that these changes should happen automatically.
I even set up a group policy for all the desktops and servers at our company, and ran:
gpupdate /force

No change.

What gives?  Am I doing something wrong?
0
Comment
Question by:jamorlando
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33745539
have you checked your Domain server's Name in time server at below Registry Key

A computer can be configured to be a domain time source server by adding the TIMESOURCE value (Reg_DWord) under the following registry key and setting the value to 1:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LANManServer\Parameters
0
 
LVL 8

Expert Comment

by:Camy
ID: 33745558
What are the service settings in the registry of the client also?
http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx

Type
Registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

This entry Indicates which peers to accept synchronization from:

- NoSync. The time service does not synchronize with other sources.
- NTP. The time service synchronizes from the servers specified in the NtpServer. registry entry.
- NT5DS. The time service synchronizes from the domain hierarchy.
- AllSync. The time service uses all the available synchronization mechanisms.

The default value on domain members is NT5DS. The default value on stand-alone clients and servers is NTP.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33745606
What you want to do is set the PDC Emulator to sync with a reliable time source and then let the windows time hiearchy do the rest.  Two really goog blogs
from Matt (tigetMatt on this site)
http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
Sander's time entry
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/09/10/active-directory-time-sync-broken-by-default.aspx
Thanks
Mike
 
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Accepted Solution

by:
Software_onbekend earned 250 total points
ID: 33747307
When your users logon to your domain you can run an batch file .
When you put the foolowing data into the batch file

:TIME
net time \\<our domain controller FQDN> /set /yes

Then the office computer sync everytime with your DC when they login...
0
 

Author Comment

by:jamorlando
ID: 33747360
Yeah that actually was another question I was going to ask.
When I run the command:
net time \\<our domain controller FQDN> /set /yes

Does that just sync it that one time, or does it keep it always in sync?
0
 

Author Comment

by:jamorlando
ID: 33747850
I've tried all your suggestions, and they're not syncing.  I am going to delete the group policy I created and just use @Software_onbekend's method of adding it to the login script.
Thanks!
0
 
LVL 4

Expert Comment

by:Software_onbekend
ID: 33747868
As fat as I know is this 1 time..
The scrip run only when the user logs on to the domain...
Normaly a user at least 1 times a day in.
This should be enough :)

If this isn't enough, perhaps you can install the batch files on your computer and use scheduled task to run the batch file as often as you wish...
But that is more like a work around solution...
0
 

Author Comment

by:jamorlando
ID: 33747959
Yes, I don't like workarounds, but the more articles I read about how poorly Microsoft implemented this isn't giving me much confidence.  I think the logon script will do.

I just implemented and it works like a charm.  Just need to be careful NOT to have the script apply to logging into the domain controller.  Not sure what kind of havoc that could cause, syncing the time with itself.
0
 
LVL 4

Expert Comment

by:Software_onbekend
ID: 33748813
I Don't know what will happen if you try to run the script on the Domain controller..
But normaly the normal user won't login on the domaincontroller itself..
Perhaps you can use GPO policies to exclude the server to run that script when there is a logon on a server...
0
 

Author Comment

by:jamorlando
ID: 33748831
Thats ok ... I have 3 containers set up in AD.  One for desktops, one for servers and one for DCs.  I have the time sync group policy linked to both the desktops and servers container.

We have one other DC that isn't PDC master.  I set up a scheduled task on that machine to run every 15 minutes:
net time \\<our domain controller FQDN> /set /yes

I think we should be good.  Thanks!
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange, active directory 3 53
DSRM password 5 42
How do I confirm automatic bridgehead server selection is working? 2 36
DNS/WINS in a domain 10 49
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question