Solved

Domain controllers have different times

Posted on 2012-04-13
13
348 Views
Last Modified: 2012-04-18
I have three locations and all the DC's have the exact same setting for time.  NtpServer, 0.pool.ntp.org.
One of them is off by 4 minutes.  I even deleted the registry entry and reentered it then rebooted.  
What could be wrong?
0
Comment
Question by:J.R. Sitman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +2
13 Comments
 
LVL 17

Expert Comment

by:bigeven2002
ID: 37842801
Hello,

For the one that is off by 4 minutes, can you check it's time in the BIOS?  Sometimes the BIOS and Windows try to override each other on time settings.
0
 

Author Comment

by:J.R. Sitman
ID: 37842810
Unfortunately I'm not at the location today.
0
 
LVL 21

Accepted Solution

by:
Radhakrishnan R earned 200 total points
ID: 37842913
Hi,

Copy the following command as batch file and run this to the affected server.

w32tm /configure /manualpeerlist:"0.pool.ntp.org
1.pool.ntp.org 2.pool.ntp.org",0x8 /syncfromflags:MANUAL
w32tm /config /update net stop w32time net start
w32time w32tm /resync /nowait

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync /rediscover

This sould contact the time sever and work as expected.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 6

Expert Comment

by:dave_it
ID: 37842930
How are you checking the time setting for each DC?  I have found the registry keys to be unreliable - On one of my local DCs, the value from HKLM/System/CurrentControlSet/Services/W32Time/Parameters/NtpServer shows - time.windows.com,0x9 - as the time source.  But from a command prompt on a DC, I use:  w32tm /monitor (This will show me the time source and current off-set for each DC in the domain).  I get the time source of this DC to be the PDC Emulator for the domain, which then gets its time from the PDC Emulator in the forest root.
0
 

Author Comment

by:J.R. Sitman
ID: 37843012
Attached is what I got after running w32tm/ monitor.  If I reading it correctly, the PDC is getting it's time from my other DC spcala185.  Is that correct?
w32.png
0
 
LVL 6

Assisted Solution

by:dave_it
dave_it earned 100 total points
ID: 37843072
Thanks for posting that screenshot.

The LA144 DC is getting time from itself, according to the screenshot (look for 'Stratum: 1' - that's the root time source).  I'd recommend running the command from the post ID: 37842913 to set that DC's time source to the one you want.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37843115
Please read over this to understand how time works in a AD environment.

http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/

If you are having issues with a DC that doesn't hold PDC emulator role then http://technet.microsoft.com/en-us/library/cc758905(v=ws.10).aspx
0
 

Author Comment

by:J.R. Sitman
ID: 37843142
I ran the command but there was one error.  See attached
w32error.png
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37843196
What OS are you running?

Are these Virtual machines?
0
 

Author Comment

by:J.R. Sitman
ID: 37843208
2008 r2, not virtual
0
 
LVL 6

Expert Comment

by:dave_it
ID: 37843265
Is the account being used have Domain Admins (or higher) rights?
0
 

Author Comment

by:J.R. Sitman
ID: 37843825
yep.  I always log in as Administrator
0
 

Author Closing Comment

by:J.R. Sitman
ID: 37863781
thanks to all for helping
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question