Time Loss on Server and Workstations in Domain
The domain controller and workstations are continually losing time on a small network (about 30 computers). I know this is a common issue but I want to look at different solutions before dedciding on the best one. The Server OS is Windows Server 2008 R2.
I know you can install a free time sync program or even edit the registry to sync time correctly but the issue in this case may be more complex. Currently, the server is losing about 5 minutes per week. However, if the server is powered off for a bit it tends to lose time more quickly (like 10 minutes per week or more). I am being told that the CMOS battery being dead could cause this but it was recently replaced and the problem is still occuring. I read where if you have a bad capacitor on the motherboard - the problem will continue even with a new battery. If that is the case, will installing a time program or other option fix this? Any feedback on this topic is greatly appreciated
.
I know you can install a free time sync program or even edit the registry to sync time correctly but the issue in this case may be more complex. Currently, the server is losing about 5 minutes per week. However, if the server is powered off for a bit it tends to lose time more quickly (like 10 minutes per week or more). I am being told that the CMOS battery being dead could cause this but it was recently replaced and the problem is still occuring. I read where if you have a bad capacitor on the motherboard - the problem will continue even with a new battery. If that is the case, will installing a time program or other option fix this? Any feedback on this topic is greatly appreciated
.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Papertrip, it already looks like NTP (W32Time) is already setup on the PDC.
Services > Windows Time
I think this was working on one time but the stopped working and someone mentioned a CMOS battery issue. Any ideas?
Services > Windows Time
I think this was working on one time but the stopped working and someone mentioned a CMOS battery issue. Any ideas?
Yeah but is it using a valid external time source? In the comments of that link there are some other notes, including how clear the current config if you want to redo it.
Internal clocks skew for a variety of reasons, that is what NTP is for :)
Internal clocks skew for a variety of reasons, that is what NTP is for :)
@fjkaykr11, You mentioned that the server clock is too slow, so it is unusable at this point. The Microsoft document at the link below explains how to setup an external time source, this should be your best solution.
http://technet.microsoft.com/en-us/library/cc816633(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc816633(WS.10).aspx
Look at the motherboard on the server and look at the capacitors to see if they are blown or bulging. If so replace the motherboard.
Thanks,
Kelly W.
Thanks,
Kelly W.
ASKER
@joeyfaz. Is there a way of verifying if the W32Time service is already setup to sync to NTP ?
w32tm /query /status
ASKER
when I run that command here are the results:
Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source name: "LOCL")
Last Successful Sync Time: 9/9/2011 7:55:43 PM
Source: Local CMOS Clock
Poll Interval: 6 (64s)
Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source name: "LOCL")
Last Successful Sync Time: 9/9/2011 7:55:43 PM
Source: Local CMOS Clock
Poll Interval: 6 (64s)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Papertrip, when I tried the steps in the link I get an error in step 4:
The following arguments were uexpected: 1.pool.ntp.org, 2.pool.ntp.org
The following arguments were uexpected: 1.pool.ntp.org, 2.pool.ntp.org
Run this command on the domain controller:
w32tm /config /computer:time-nw.nist.gov
then run w32tm /query /status
w32tm /config /computer:time-nw.nist.gov
then run w32tm /query /status
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If I set up this method to get an external source for time do I need to open ports on the firewall?
I read somewhere where you have to have port 123 for UDP both inbound and outbound open.
I am not that familiar with my firewall interface so I might want to have this sorted out first before I change the time source. Any ideas if that is the case?
I read somewhere where you have to have port 123 for UDP both inbound and outbound open.
I am not that familiar with my firewall interface so I might want to have this sorted out first before I change the time source. Any ideas if that is the case?
Yes, UDP/123 for NTP ingress and egress.
ASKER
Does the UDP port 123 need to be NATTED to the server that is running the W32 time service?
You don't NAT ports.
What you need to do depends on how your firewall and/or router are setup. All you need is for traffic to be able to reach the internet from the PDC over UDP/123, and be able to get the return traffic NAT'd back.
If for example right now your PDC can browse the web over HTTP, then port TCP/80 is open. You need to make your policy the same for that computer to be able to access UDP/123 over the internet.
If you meant would a NAT need to be setup somewhere in that flow, then yes unless your PDC has a public IP.
Just talk to whoever admins your firewall, this is a very basic and common firewalling concept, just allowing access in and out of a specific port.
What you need to do depends on how your firewall and/or router are setup. All you need is for traffic to be able to reach the internet from the PDC over UDP/123, and be able to get the return traffic NAT'd back.
If for example right now your PDC can browse the web over HTTP, then port TCP/80 is open. You need to make your policy the same for that computer to be able to access UDP/123 over the internet.
If you meant would a NAT need to be setup somewhere in that flow, then yes unless your PDC has a public IP.
Just talk to whoever admins your firewall, this is a very basic and common firewalling concept, just allowing access in and out of a specific port.
ASKER
Now I am more confused. I thought you said ", UDP/123 for NTP ingress and egress."
But now you are saying only open port 123 UDP egress? Am I reading this incorrectly?
But now you are saying only open port 123 UDP egress? Am I reading this incorrectly?
It all depends on how your router and/or firewall are setup.
I don't mean to be rude here but the concept is pretty simple, I think you are over-complicating it. All that needs to happen is traffic can get to and from the internet for your PDC over UDP/123.
Just talk to whoever manages your firewall and tell them you need UDP/123 open for NTP, they should know what you are talking about.
I don't mean to be rude here but the concept is pretty simple, I think you are over-complicating it. All that needs to happen is traffic can get to and from the internet for your PDC over UDP/123.
Just talk to whoever manages your firewall and tell them you need UDP/123 open for NTP, they should know what you are talking about.
ASKER
Look I understand you may FEEL that I am over-complicating things. I am hear to learn as well as teach others who may come across this post. I have a paid account with Experts-Exchange and I have helped other people on this board without judging them. If you don't want to help me learn the entire process to get this working then just move on. It's not like you even mentioned the firewall issue in your original post
OK so. I said that "I don't mean to be rude", because I didn't, but apparently you skipped over that part.
I didn't mention the firewall issue in the original post because you didn't mention anything about a firewall until recently, after which I tried to help as I had been all along. We didn't even know until recently that you weren't using an external time source but rather the local CMOS clock.
Do you admin the firewall? If not have you talked to the person who does? This is the next step in the entire process which you are referring, but you haven't answered that question yet although I mentioned it twice.
If I didn't want to help, why would I keep replying? Have I said something like "you are stupid" or just a plain "no" or anything of that sort? No, I have posted relevant and accurate information to help with this. If you don't want to follow the advice I am giving and answer the questions I am only asking to help you, then so be it.
I didn't mention the firewall issue in the original post because you didn't mention anything about a firewall until recently, after which I tried to help as I had been all along. We didn't even know until recently that you weren't using an external time source but rather the local CMOS clock.
Do you admin the firewall? If not have you talked to the person who does? This is the next step in the entire process which you are referring, but you haven't answered that question yet although I mentioned it twice.
If I didn't want to help, why would I keep replying? Have I said something like "you are stupid" or just a plain "no" or anything of that sort? No, I have posted relevant and accurate information to help with this. If you don't want to follow the advice I am giving and answer the questions I am only asking to help you, then so be it.
ASKER
You said "Just talk to whoever admins your firewall, this is a very basic and common firewalling concept" Why would I need Experts-Exchange if I had a firewall admin?
ASKER
It looks like it worked without having to make changes to ports on the firewall.
http://technet.microsoft.com/en-us/library/cc816633(WS.10).aspx