Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 503
  • Last Modified:

Time Loss on Server and Workstations in Domain

The domain controller and workstations are continually losing time on a small network (about 30 computers). I know this is a common issue but I want to look at different solutions before dedciding on the best one.   The Server OS is Windows Server 2008 R2.  
I know you can install a free time sync program or even edit the registry to sync time correctly but the issue in this case may be more complex.  Currently,  the server is losing about 5 minutes per week.  However, if the server is powered off for a bit it tends to lose time more quickly (like 10 minutes per week or more).  I am being told that the CMOS battery being dead could cause this but it was recently replaced and the problem is still occuring.  I read where if you have a bad capacitor on the motherboard - the problem will continue even with a new battery. If that is the case, will installing a time program or other option fix this?  Any feedback on this topic is greatly appreciated
.
0
fjkaykr11
Asked:
fjkaykr11
  • 10
  • 8
  • 4
  • +1
3 Solutions
 
PapertripCommented:
Just setup NTP on the PDC.

Check this link out
0
 
joeyfazCommented:
This supports Windows 2008 Domain Controllers

http://technet.microsoft.com/en-us/library/cc816633(WS.10).aspx
0
 
fjkaykr11Author Commented:
@Papertrip, it already looks like NTP (W32Time) is already setup on the PDC.
Services > Windows Time
I think this was working on one time but the stopped working and someone mentioned a CMOS battery issue.   Any ideas?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
PapertripCommented:
Yeah but is it using a valid external time source?  In the comments of that link there are some other notes, including how clear the current config if you want to redo it.

Internal clocks skew for a variety of reasons, that is what NTP is for :)
0
 
joeyfazCommented:
@fjkaykr11, You mentioned that the server clock is too slow, so it is unusable at this point. The Microsoft document at the link below explains how to setup an external time source, this should be your best solution.

http://technet.microsoft.com/en-us/library/cc816633(WS.10).aspx
 
0
 
K_WilkeCommented:
Look at the motherboard on the server and look at the capacitors to see if they are blown or bulging.  If so replace the motherboard.
Thanks,
Kelly W.
0
 
fjkaykr11Author Commented:
@joeyfaz.  Is there a way of verifying if the W32Time service  is already setup to sync to NTP ?
0
 
joeyfazCommented:
w32tm /query /status
0
 
fjkaykr11Author Commented:
when I run that command here are the results:
Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source name:  "LOCL")
Last Successful Sync Time: 9/9/2011 7:55:43 PM
Source: Local CMOS Clock
Poll Interval: 6 (64s)

0
 
PapertripCommented:
Here is your problem:

Source: Local CMOS Clock

Open in new window


Follow the instructions in the link I provided to query from an external time source and should be resolved.
0
 
fjkaykr11Author Commented:
@Papertrip, when I tried the steps in the link I get an error in step 4:
The following arguments were uexpected:  1.pool.ntp.org, 2.pool.ntp.org
0
 
joeyfazCommented:
Run this command on the domain controller:
 w32tm /config /computer:time-nw.nist.gov /update /reliable:YES

then run w32tm /query /status
0
 
PapertripCommented:
@Papertrip, when I tried the steps in the link I get an error in step 4:
The following arguments were uexpected:  1.pool.ntp.org, 2.pool.ntp.org

Hmm yeah my bad, that syntax is mangled.  Try this instead:

C:\> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org”

Open in new window


It's always best practices to have more than 1 source.  There are many reasons why, if you only have 1 ntp source setup, that it could become unavailable.  This applies to pretty much anything that could be a single point of failure.
0
 
fjkaykr11Author Commented:
If I set up this method to get an external source for time do I need to open ports on the firewall?
I read somewhere where you have to have port 123 for UDP both inbound and outbound open.
I am not that familiar with my firewall interface so I might want to have this sorted out first before I change the time source.  Any ideas if that is the case?
0
 
PapertripCommented:
Yes, UDP/123 for NTP ingress and egress.
0
 
fjkaykr11Author Commented:
Does the UDP port 123 need to be NATTED to the server that is running the W32 time service?
0
 
PapertripCommented:
You don't NAT ports.

What you need to do depends on how your firewall and/or router are setup.  All you need is for traffic to be able to reach the internet from the PDC over UDP/123, and be able to get the return traffic NAT'd back.  

If for example right now your PDC can browse the web over HTTP, then port TCP/80 is open.  You need to make your policy the same for that computer to be able to access UDP/123 over the internet.

If you meant would a NAT need to be setup somewhere in that flow, then yes unless your PDC has a public IP.

Just talk to whoever admins your firewall, this is a very basic and common firewalling concept, just allowing access in and out of a specific port.
0
 
fjkaykr11Author Commented:
Now I am more confused. I thought you said ", UDP/123 for NTP ingress and egress."
But now you are saying only open port 123 UDP egress?  Am I reading this incorrectly?
0
 
PapertripCommented:
It all depends on how your router and/or firewall are setup.

I don't mean to be rude here but the concept is pretty simple, I think you are over-complicating it.  All that needs to happen is traffic can get to and from the internet for your PDC over UDP/123.

Just talk to whoever manages your firewall and tell them you need UDP/123 open for NTP, they should know what you are talking about.



0
 
fjkaykr11Author Commented:
Look I understand you may FEEL that I am over-complicating things.  I am hear to learn as well as teach others who may come across this post.  I have a paid account with Experts-Exchange and I have helped other people on this board without judging them. If you don't want to help me learn the entire process to get this working then just move on. It's not like you even mentioned the firewall issue in your original post
0
 
PapertripCommented:
OK so.  I said that "I don't mean to be rude", because I didn't, but apparently you skipped over that part.

I didn't mention the firewall issue in the original post because you didn't mention anything about a firewall until recently, after which I tried to help as I had been all along.  We didn't even know until recently that you weren't using an external time source but rather the local CMOS clock.

Do you admin the firewall?  If not have you talked to the person who does?  This is the next step in the entire process which you are referring, but you haven't answered that question yet although I mentioned it twice.

If I didn't want to help, why would I keep replying?  Have I said something like "you are stupid" or just a plain "no" or anything of that sort?  No, I have posted relevant and accurate information to help with this.  If you don't want to follow the advice I am giving and answer the questions I am only asking to help you, then so be it.
0
 
fjkaykr11Author Commented:
You said "Just talk to whoever admins your firewall, this is a very basic and common firewalling concept"   Why would I need Experts-Exchange if I had a firewall admin?
0
 
fjkaykr11Author Commented:
It looks like it worked without having to make changes to ports on the firewall.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 10
  • 8
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now