Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Time Loss on Server and Workstations in Domain

Posted on 2011-09-09
23
Medium Priority
?
501 Views
Last Modified: 2012-05-12
The domain controller and workstations are continually losing time on a small network (about 30 computers). I know this is a common issue but I want to look at different solutions before dedciding on the best one.   The Server OS is Windows Server 2008 R2.  
I know you can install a free time sync program or even edit the registry to sync time correctly but the issue in this case may be more complex.  Currently,  the server is losing about 5 minutes per week.  However, if the server is powered off for a bit it tends to lose time more quickly (like 10 minutes per week or more).  I am being told that the CMOS battery being dead could cause this but it was recently replaced and the problem is still occuring.  I read where if you have a bad capacitor on the motherboard - the problem will continue even with a new battery. If that is the case, will installing a time program or other option fix this?  Any feedback on this topic is greatly appreciated
.
0
Comment
Question by:fjkaykr11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
  • 4
  • +1
23 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 2000 total points
ID: 36513597
Just setup NTP on the PDC.

Check this link out
0
 
LVL 6

Expert Comment

by:joeyfaz
ID: 36513918
This supports Windows 2008 Domain Controllers

http://technet.microsoft.com/en-us/library/cc816633(WS.10).aspx
0
 
LVL 3

Author Comment

by:fjkaykr11
ID: 36514336
@Papertrip, it already looks like NTP (W32Time) is already setup on the PDC.
Services > Windows Time
I think this was working on one time but the stopped working and someone mentioned a CMOS battery issue.   Any ideas?
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 21

Expert Comment

by:Papertrip
ID: 36514339
Yeah but is it using a valid external time source?  In the comments of that link there are some other notes, including how clear the current config if you want to redo it.

Internal clocks skew for a variety of reasons, that is what NTP is for :)
0
 
LVL 6

Expert Comment

by:joeyfaz
ID: 36514342
@fjkaykr11, You mentioned that the server clock is too slow, so it is unusable at this point. The Microsoft document at the link below explains how to setup an external time source, this should be your best solution.

http://technet.microsoft.com/en-us/library/cc816633(WS.10).aspx
 
0
 
LVL 6

Expert Comment

by:K_Wilke
ID: 36514360
Look at the motherboard on the server and look at the capacitors to see if they are blown or bulging.  If so replace the motherboard.
Thanks,
Kelly W.
0
 
LVL 3

Author Comment

by:fjkaykr11
ID: 36514379
@joeyfaz.  Is there a way of verifying if the W32Time service  is already setup to sync to NTP ?
0
 
LVL 6

Expert Comment

by:joeyfaz
ID: 36514400
w32tm /query /status
0
 
LVL 3

Author Comment

by:fjkaykr11
ID: 36514966
when I run that command here are the results:
Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source name:  "LOCL")
Last Successful Sync Time: 9/9/2011 7:55:43 PM
Source: Local CMOS Clock
Poll Interval: 6 (64s)

0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 2000 total points
ID: 36514968
Here is your problem:

Source: Local CMOS Clock

Open in new window


Follow the instructions in the link I provided to query from an external time source and should be resolved.
0
 
LVL 3

Author Comment

by:fjkaykr11
ID: 36515012
@Papertrip, when I tried the steps in the link I get an error in step 4:
The following arguments were uexpected:  1.pool.ntp.org, 2.pool.ntp.org
0
 
LVL 6

Expert Comment

by:joeyfaz
ID: 36515040
Run this command on the domain controller:
 w32tm /config /computer:time-nw.nist.gov /update /reliable:YES

then run w32tm /query /status
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 2000 total points
ID: 36515060
@Papertrip, when I tried the steps in the link I get an error in step 4:
The following arguments were uexpected:  1.pool.ntp.org, 2.pool.ntp.org

Hmm yeah my bad, that syntax is mangled.  Try this instead:

C:\> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org”

Open in new window


It's always best practices to have more than 1 source.  There are many reasons why, if you only have 1 ntp source setup, that it could become unavailable.  This applies to pretty much anything that could be a single point of failure.
0
 
LVL 3

Author Comment

by:fjkaykr11
ID: 36515260
If I set up this method to get an external source for time do I need to open ports on the firewall?
I read somewhere where you have to have port 123 for UDP both inbound and outbound open.
I am not that familiar with my firewall interface so I might want to have this sorted out first before I change the time source.  Any ideas if that is the case?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36517266
Yes, UDP/123 for NTP ingress and egress.
0
 
LVL 3

Author Comment

by:fjkaykr11
ID: 36517597
Does the UDP port 123 need to be NATTED to the server that is running the W32 time service?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36517618
You don't NAT ports.

What you need to do depends on how your firewall and/or router are setup.  All you need is for traffic to be able to reach the internet from the PDC over UDP/123, and be able to get the return traffic NAT'd back.  

If for example right now your PDC can browse the web over HTTP, then port TCP/80 is open.  You need to make your policy the same for that computer to be able to access UDP/123 over the internet.

If you meant would a NAT need to be setup somewhere in that flow, then yes unless your PDC has a public IP.

Just talk to whoever admins your firewall, this is a very basic and common firewalling concept, just allowing access in and out of a specific port.
0
 
LVL 3

Author Comment

by:fjkaykr11
ID: 36517784
Now I am more confused. I thought you said ", UDP/123 for NTP ingress and egress."
But now you are saying only open port 123 UDP egress?  Am I reading this incorrectly?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36517790
It all depends on how your router and/or firewall are setup.

I don't mean to be rude here but the concept is pretty simple, I think you are over-complicating it.  All that needs to happen is traffic can get to and from the internet for your PDC over UDP/123.

Just talk to whoever manages your firewall and tell them you need UDP/123 open for NTP, they should know what you are talking about.



0
 
LVL 3

Author Comment

by:fjkaykr11
ID: 36518110
Look I understand you may FEEL that I am over-complicating things.  I am hear to learn as well as teach others who may come across this post.  I have a paid account with Experts-Exchange and I have helped other people on this board without judging them. If you don't want to help me learn the entire process to get this working then just move on. It's not like you even mentioned the firewall issue in your original post
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36518115
OK so.  I said that "I don't mean to be rude", because I didn't, but apparently you skipped over that part.

I didn't mention the firewall issue in the original post because you didn't mention anything about a firewall until recently, after which I tried to help as I had been all along.  We didn't even know until recently that you weren't using an external time source but rather the local CMOS clock.

Do you admin the firewall?  If not have you talked to the person who does?  This is the next step in the entire process which you are referring, but you haven't answered that question yet although I mentioned it twice.

If I didn't want to help, why would I keep replying?  Have I said something like "you are stupid" or just a plain "no" or anything of that sort?  No, I have posted relevant and accurate information to help with this.  If you don't want to follow the advice I am giving and answer the questions I am only asking to help you, then so be it.
0
 
LVL 3

Author Comment

by:fjkaykr11
ID: 36519300
You said "Just talk to whoever admins your firewall, this is a very basic and common firewalling concept"   Why would I need Experts-Exchange if I had a firewall admin?
0
 
LVL 3

Author Closing Comment

by:fjkaykr11
ID: 36533730
It looks like it worked without having to make changes to ports on the firewall.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question