Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Problem contacting NTP server from Win 2003 behind firewall

Posted on 2011-09-16
9
Medium Priority
?
794 Views
Last Modified: 2012-05-12
I've had ongoing problems trying to get a Windows 2003 DC to get time from any NTP server on the web. I've tried following docs on the microsoft site to sync with an NTP server, but cannot get it working.

I find this message in the event viewer
Event Type:      Error
Event Source:      W32Time
Event Category:      None
Event ID:      29
Date:            9/16/2011
Time:            8:59:58 AM
User:            N/A
Computer:      Hxxx
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 120 minutes. NtpClient has no source of accurate time.
0
Comment
Question by:Tony Giangreco
  • 4
  • 3
  • 2
9 Comments
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36549787
did you check if port is open in your firewall ?
 123/udp                           #Network Time Protocol
0
 
LVL 30

Accepted Solution

by:
Randy Downs earned 2000 total points
ID: 36549793
Try this

http://www.ozzu.com/mswindows-forum/how-configure-ntp-server-windows-2003-server-t91197.html

First thing you need to do is configure the domain controller to sync with a reliable time source. If you have two or more domain controllers you need to find the one that is acting as the PDC. To sync it with a time source open up a command prompt and perform the following:

Stop the time service
Code: [ Select ]net stop w32time <enter>


Then configure the time source
Code: [ Select ]w32tm /config /manualpeerlist:XXX.XXX.XXX.XXX,0x8 /syncfromflags:MANUAL /reliable:yes /update <enter>


The X's can be the IP address of the time server or the domain name of a time server such as time-a.nist.gov.

Once the command above is done you need to start the W32Time service
Code: [ Select ] [ Line Numbers Off ]
net start w32time <enter>
w32tm /resync <enter>

01.net start w32time <enter>
02.w32tm /resync <enter>


The <enter> means to press the enter key.

Next you need to sync all of your client PC's to the domain controller. You can do the following from the command line.

Code: [ Select ] [ Line Numbers Off ]
net stop w32time <enter>
w32tm /config /manualpeerlist:peers /syncfromflags:DOMHIER /update <enter>
net start w32time <enter>
w32tm /resync </enter>

01.net stop w32time <enter>
02.w32tm /config /manualpeerlist:peers /syncfromflags:DOMHIER /update <enter>
03.net start w32time <enter>
04.w32tm /resync </enter>


You can remotely do these commands using psexec from SysInternals if you have a lot of client machines.
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36549798
and as well as in windows firewall also
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
LVL 25

Author Comment

by:Tony Giangreco
ID: 36549896
Hi Number-1

I performed this ok:
Stop the time service
Code: [ Select ]net stop w32time <enter>

When I get to the next line, do I edit the registry and update a key? I tryied typeing it into the cmd prompt and it said the service was not started (I'm assuming it's the time service because the previous command stopped it.

Then configure the time source
Code: [ Select ]w32tm /config /manualpeerlist:XXX.XXX.XXX.XXX,0x8 /syncfromflags:MANUAL /reliable:yes /update <enter>
0
 
LVL 30

Expert Comment

by:Randy Downs
ID: 36549948
No it should work from command line. This might explain it a bit better

http://www.1stbyte.com/2009/04/07/configure-windows-server-2003-and-2008-w32tm-commands-on-domain-controller/

that first w32tm command is all one line.

w32tm /config /manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org pool.ntp.org”,0×8 /syncfromflags:MANUAL /reliable:yes

w32tm /config /update

net stop w32time

net start w32time

w32tm /resync /rediscover

That should do it. However, always make sure you firewall is open to port 123 outbound!  I initially was receiving this error after running a “w32tm /resync” :

The computer did not resync because no time data was available.

In my case, that was caused by my firewall blocking port 123 for NTP traffic.  Go figure, we’ve been running this particular network for probably 2 years with that firewall blocking port 123, and only now did someone come and ask “why is our computer time off by 6 or  7 minutes?”  This is when you say, “Welcome to the world, can I help you?”  (Good old Beavis)  Well, at least we got our server configured better as a “reliable” time source with the right ntp.org pools.
0
 
LVL 30

Expert Comment

by:Randy Downs
ID: 36549986
0
 
LVL 30

Expert Comment

by:Randy Downs
ID: 36550017
Looks like the article above just stops & restarts the service after the config. Maybe that will work better for you.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 36550089
Number-1,

I tried the commands and they appeared to work. the event logs shows time was received. I will monitor this server and let you know what happens. Tkx
0
 
LVL 25

Author Closing Comment

by:Tony Giangreco
ID: 36561607
Worked great. Thanks!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question