Solved

Domain controllers have different times

Posted on 2012-04-13
13
346 Views
Last Modified: 2012-04-18
I have three locations and all the DC's have the exact same setting for time.  NtpServer, 0.pool.ntp.org.
One of them is off by 4 minutes.  I even deleted the registry entry and reentered it then rebooted.  
What could be wrong?
0
Comment
Question by:J.R. Sitman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +2
13 Comments
 
LVL 17

Expert Comment

by:bigeven2002
ID: 37842801
Hello,

For the one that is off by 4 minutes, can you check it's time in the BIOS?  Sometimes the BIOS and Windows try to override each other on time settings.
0
 

Author Comment

by:J.R. Sitman
ID: 37842810
Unfortunately I'm not at the location today.
0
 
LVL 21

Accepted Solution

by:
Radhakrishnan R earned 200 total points
ID: 37842913
Hi,

Copy the following command as batch file and run this to the affected server.

w32tm /configure /manualpeerlist:"0.pool.ntp.org
1.pool.ntp.org 2.pool.ntp.org",0x8 /syncfromflags:MANUAL
w32tm /config /update net stop w32time net start
w32time w32tm /resync /nowait

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync /rediscover

This sould contact the time sever and work as expected.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 6

Expert Comment

by:dave_it
ID: 37842930
How are you checking the time setting for each DC?  I have found the registry keys to be unreliable - On one of my local DCs, the value from HKLM/System/CurrentControlSet/Services/W32Time/Parameters/NtpServer shows - time.windows.com,0x9 - as the time source.  But from a command prompt on a DC, I use:  w32tm /monitor (This will show me the time source and current off-set for each DC in the domain).  I get the time source of this DC to be the PDC Emulator for the domain, which then gets its time from the PDC Emulator in the forest root.
0
 

Author Comment

by:J.R. Sitman
ID: 37843012
Attached is what I got after running w32tm/ monitor.  If I reading it correctly, the PDC is getting it's time from my other DC spcala185.  Is that correct?
w32.png
0
 
LVL 6

Assisted Solution

by:dave_it
dave_it earned 100 total points
ID: 37843072
Thanks for posting that screenshot.

The LA144 DC is getting time from itself, according to the screenshot (look for 'Stratum: 1' - that's the root time source).  I'd recommend running the command from the post ID: 37842913 to set that DC's time source to the one you want.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37843115
Please read over this to understand how time works in a AD environment.

http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/

If you are having issues with a DC that doesn't hold PDC emulator role then http://technet.microsoft.com/en-us/library/cc758905(v=ws.10).aspx
0
 

Author Comment

by:J.R. Sitman
ID: 37843142
I ran the command but there was one error.  See attached
w32error.png
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37843196
What OS are you running?

Are these Virtual machines?
0
 

Author Comment

by:J.R. Sitman
ID: 37843208
2008 r2, not virtual
0
 
LVL 6

Expert Comment

by:dave_it
ID: 37843265
Is the account being used have Domain Admins (or higher) rights?
0
 

Author Comment

by:J.R. Sitman
ID: 37843825
yep.  I always log in as Administrator
0
 

Author Closing Comment

by:J.R. Sitman
ID: 37863781
thanks to all for helping
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question