Solved

Windows 2008 R2 DC NTP sync issue

Posted on 2011-03-11
2
3,258 Views
Last Modified: 2012-05-11
Hey

I have an internal firewall hosting our NTP server.

I would like to set out DC to use this NTP sever

I have added the following:

C:\Windows\system32>w32tm /config /syncfromflags:manual /manualpeerlist:10.1.0.1
 /update

C:\Windows\system32>net stop w32time
C:\Windows\system32>net start w32time
C:\Windows\system32>w32tm /resync

But in the evetlog i see:

Time Provider NtpClient: No valid response has been received from manually configured peer 10.1.0.1 after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.

I have also added 0x8 ... same problem.

I have a small NTP tool - that show the NTP server is responding.

What to do?

Mike
0
Comment
Question by:mikeydk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Assisted Solution

by:Miguel Angel Perez Muñoz
Miguel Angel Perez Muñoz earned 250 total points
ID: 35107460
0
 
LVL 2

Accepted Solution

by:
temores earned 250 total points
ID: 35160044
You should ensure that UDP port 123 is open to that port,it is probably the main cause. also remember that the time configuration depends on the time service configuration.

NT5DS means that the ntp client (even doman controllers) will search for the PDC on the domain and get it's hour from it, if your DC is configured this way it will override any configured NTP server and search for the PDC, you can change this setting from the following reg key: HKLM\system\currentcontrolset\services\w32time\Parameters\

Type: NTP (REG_SZ) or NT5DS
NtpServer means that the client will search for the configured stratum server, you can try adding somethin like 10.1.0.1,0x9

I strongly recommend to create a dns alias (ntp.domain.com) and point that to the IP you like, you can unse that dns record instead to configure the NTP clients so if you need to change the IP don't have to crawl on all you customized servers.

cheers.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question