Solved

Windows 2008 R2 w32time configuration Clients off by two minutes

Posted on 2012-03-12
9
753 Views
Last Modified: 2012-03-12
So, I spent a great deal of time getting my AD servers to sync to the Internet but now that they are, all my servers are still off from the AD Servers and I don't understand it.

On the AD Servers I configured them as such:

w32tm /config /manualpeerlist:"0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org",0x8 /syncfromflags:MANUAL /reliable:YES /update

after restarting they sync just fine and I'm good to go.

On the member Servers in the domain I first did this:

w32tm /config /syncfromflags:DOMHIER /update

That didn't seem to do anything so I changed it to this below with the ips of the domain controllers:

w32tm /config /manualpeerlist:"10.0.0.10 10.0.0.11",0x8 /syncfromflags:MANUAL /update

Well, at that point the clock shifted it's time. But it did so about 1:45 seconds different from the AD servers. previously it was almost four minutes. So it did update, but it did so within 2 minutes instead of exact. I don't understand it!

I can't seem to figure out. I did a test on the server and this is the result:

w32tm /stripchart /computer:10.0.0.10 /dataonly
Tracking 10.0.0.10 [10.0.0.10:123].
The current time is 3/12/2012 6:03:45 PM.
18:03:45, +155.9530574s
18:03:47, +155.9499391s

Why is it off by so much?

Oh, and I made sure I had no Group Policy governing which servers to sync time with. I have that setup on my workstation OU and those computers are off by about 24 seconds.
0
Comment
Question by:cmaohio
  • 5
  • 4
9 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37712347
Are they running as virtual machines?
0
 
LVL 5

Author Comment

by:cmaohio
ID: 37712370
No, not virtual machines.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 37712374
The command you ran on the member servers should have sync with the DC that holds the PDC emulator role.

http://technet.microsoft.com/en-us/library/cc758905(v=ws.10).aspx

Read this as well very good article to read to understand how time works.

http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
0
 
LVL 5

Author Comment

by:cmaohio
ID: 37712380
Is there a command to see the status of the sync? Like a verbose /resync command? Perhaps I can see what server it's really looking at and why it's off by two minutes.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37712390
w32tm /monitor
0
 
LVL 5

Author Comment

by:cmaohio
ID: 37712403
Doesn't that simply show me the domain controllers?

Well, interestingly enough, I posted this around 6pm and now at 7:15pm, I go back to the server to try some more and the time is within 1 second. Now after going to the site you suggested (the Microsoft one) and telling it to "fix it for me" the time is within 0.86 seconds.

Good enough for me.

Is it possible the server simply needs a long time to come into sync? I have never seen this before but it seems that this is what it did.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37712409
Oh yeah it can take a bit for the clients to get fully sync with the DCs they don't want to change that much of the time at once so, if I remember right they take it down a little at a time.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37712414
When more command to run if you changed some settings

w32tm /resync /rediscover
0
 
LVL 5

Author Comment

by:cmaohio
ID: 37712426
Yeah, I was resyncing everytime.

That is it. I just ran the /stripchart.... Function on one of my servers that is off by 200+ seconds and as it ticks away I see it dropping by a few seconds with every check.

I have never seen a server do that before.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now