?
Solved

Windows Time Service

Posted on 2010-09-23
10
Medium Priority
?
805 Views
Last Modified: 2012-05-10
It was brought to my attention yesterday that most computers in our office's clocks are out of sync.  Even our domain controller was 2 minutes off.

After some internet research, from the DC, I ran:
W32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual
Net stop w32time
Net start w32time


After I did this, the DC time was perfect, however I didn't see any changes across the network, unless they specifically ran the command
net time \\<our domain controller FQDN> /set /y

I've been reading that these changes should happen automatically.
I even set up a group policy for all the desktops and servers at our company, and ran:
gpupdate /force

No change.

What gives?  Am I doing something wrong?
0
Comment
Question by:jamorlando
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33745539
have you checked your Domain server's Name in time server at below Registry Key

A computer can be configured to be a domain time source server by adding the TIMESOURCE value (Reg_DWord) under the following registry key and setting the value to 1:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LANManServer\Parameters
0
 
LVL 8

Expert Comment

by:Camy
ID: 33745558
What are the service settings in the registry of the client also?
http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx

Type
Registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

This entry Indicates which peers to accept synchronization from:

- NoSync. The time service does not synchronize with other sources.
- NTP. The time service synchronizes from the servers specified in the NtpServer. registry entry.
- NT5DS. The time service synchronizes from the domain hierarchy.
- AllSync. The time service uses all the available synchronization mechanisms.

The default value on domain members is NT5DS. The default value on stand-alone clients and servers is NTP.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33745606
What you want to do is set the PDC Emulator to sync with a reliable time source and then let the windows time hiearchy do the rest.  Two really goog blogs
from Matt (tigetMatt on this site)
http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
Sander's time entry
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/09/10/active-directory-time-sync-broken-by-default.aspx
Thanks
Mike
 
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 4

Accepted Solution

by:
Software_onbekend earned 1000 total points
ID: 33747307
When your users logon to your domain you can run an batch file .
When you put the foolowing data into the batch file

:TIME
net time \\<our domain controller FQDN> /set /yes

Then the office computer sync everytime with your DC when they login...
0
 

Author Comment

by:jamorlando
ID: 33747360
Yeah that actually was another question I was going to ask.
When I run the command:
net time \\<our domain controller FQDN> /set /yes

Does that just sync it that one time, or does it keep it always in sync?
0
 

Author Comment

by:jamorlando
ID: 33747850
I've tried all your suggestions, and they're not syncing.  I am going to delete the group policy I created and just use @Software_onbekend's method of adding it to the login script.
Thanks!
0
 
LVL 4

Expert Comment

by:Software_onbekend
ID: 33747868
As fat as I know is this 1 time..
The scrip run only when the user logs on to the domain...
Normaly a user at least 1 times a day in.
This should be enough :)

If this isn't enough, perhaps you can install the batch files on your computer and use scheduled task to run the batch file as often as you wish...
But that is more like a work around solution...
0
 

Author Comment

by:jamorlando
ID: 33747959
Yes, I don't like workarounds, but the more articles I read about how poorly Microsoft implemented this isn't giving me much confidence.  I think the logon script will do.

I just implemented and it works like a charm.  Just need to be careful NOT to have the script apply to logging into the domain controller.  Not sure what kind of havoc that could cause, syncing the time with itself.
0
 
LVL 4

Expert Comment

by:Software_onbekend
ID: 33748813
I Don't know what will happen if you try to run the script on the Domain controller..
But normaly the normal user won't login on the domaincontroller itself..
Perhaps you can use GPO policies to exclude the server to run that script when there is a logon on a server...
0
 

Author Comment

by:jamorlando
ID: 33748831
Thats ok ... I have 3 containers set up in AD.  One for desktops, one for servers and one for DCs.  I have the time sync group policy linked to both the desktops and servers container.

We have one other DC that isn't PDC master.  I set up a scheduled task on that machine to run every 15 minutes:
net time \\<our domain controller FQDN> /set /yes

I think we should be good.  Thanks!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question