Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Domain controllers have different times

Posted on 2012-04-13
13
Medium Priority
?
350 Views
Last Modified: 2012-04-18
I have three locations and all the DC's have the exact same setting for time.  NtpServer, 0.pool.ntp.org.
One of them is off by 4 minutes.  I even deleted the registry entry and reentered it then rebooted.  
What could be wrong?
0
Comment
Question by:J.R. Sitman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +2
13 Comments
 
LVL 17

Expert Comment

by:bigeven2002
ID: 37842801
Hello,

For the one that is off by 4 minutes, can you check it's time in the BIOS?  Sometimes the BIOS and Windows try to override each other on time settings.
0
 

Author Comment

by:J.R. Sitman
ID: 37842810
Unfortunately I'm not at the location today.
0
 
LVL 23

Accepted Solution

by:
Radhakrishnan R earned 800 total points
ID: 37842913
Hi,

Copy the following command as batch file and run this to the affected server.

w32tm /configure /manualpeerlist:"0.pool.ntp.org
1.pool.ntp.org 2.pool.ntp.org",0x8 /syncfromflags:MANUAL
w32tm /config /update net stop w32time net start
w32time w32tm /resync /nowait

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync /rediscover

This sould contact the time sever and work as expected.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 6

Expert Comment

by:dave_it
ID: 37842930
How are you checking the time setting for each DC?  I have found the registry keys to be unreliable - On one of my local DCs, the value from HKLM/System/CurrentControlSet/Services/W32Time/Parameters/NtpServer shows - time.windows.com,0x9 - as the time source.  But from a command prompt on a DC, I use:  w32tm /monitor (This will show me the time source and current off-set for each DC in the domain).  I get the time source of this DC to be the PDC Emulator for the domain, which then gets its time from the PDC Emulator in the forest root.
0
 

Author Comment

by:J.R. Sitman
ID: 37843012
Attached is what I got after running w32tm/ monitor.  If I reading it correctly, the PDC is getting it's time from my other DC spcala185.  Is that correct?
w32.png
0
 
LVL 6

Assisted Solution

by:dave_it
dave_it earned 400 total points
ID: 37843072
Thanks for posting that screenshot.

The LA144 DC is getting time from itself, according to the screenshot (look for 'Stratum: 1' - that's the root time source).  I'd recommend running the command from the post ID: 37842913 to set that DC's time source to the one you want.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37843115
Please read over this to understand how time works in a AD environment.

http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/

If you are having issues with a DC that doesn't hold PDC emulator role then http://technet.microsoft.com/en-us/library/cc758905(v=ws.10).aspx
0
 

Author Comment

by:J.R. Sitman
ID: 37843142
I ran the command but there was one error.  See attached
w32error.png
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37843196
What OS are you running?

Are these Virtual machines?
0
 

Author Comment

by:J.R. Sitman
ID: 37843208
2008 r2, not virtual
0
 
LVL 6

Expert Comment

by:dave_it
ID: 37843265
Is the account being used have Domain Admins (or higher) rights?
0
 

Author Comment

by:J.R. Sitman
ID: 37843825
yep.  I always log in as Administrator
0
 

Author Closing Comment

by:J.R. Sitman
ID: 37863781
thanks to all for helping
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question