DC not synchronizing with public NTP server

weikiiro
weikiiro used Ask the Experts™
on
Please help, I want my DC (2008 R2) to synchronizing with public NTP server (us.pool.net.org), and become as a NTP source for my domain. Here is what I did.

1.      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\ , AnnounceFlags to 5
2.      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\                                              Services\W32Time\TimeProviders\NtpServer\ , enabled to 1
3.      in command prompt type: w32tm /config /manualpeerlist:us.pool.ntp.org
4.      net stop w32time && net start w32time

But when I run w32tm /query /status, it still shows source: Local CMOS Clock.


Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Try doing this from command line instead:

w32tm /config/computer:<name of your DC>/manualpeerlist:us.pool.net.org /syncfromflags:manual /update
did you throw in a w32tm /config /update ?

Author

Commented:
I run
w32tm /config/computer:DC1manualpeerlist:us.pool.net.org /syncfromflags:manual /update
The command complete successfully
Then I run
w32tm /config /update
The command complete successfully
Then
net stop w32time && net start w32time

but still shows local COMS clock
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

If you are running this command from the PDC emulator, then all machines within the domain will respect this as the master time source.

Verify that you are running this from the PDC emulator:

netdom query fsmo

Author

Commented:
Run netdom query fsmo, DC1 is my PDC emulator, I only have one DC, all fsmo rolls are on this DC. My other computers are using this DC as NTP source, but the question is this DC is using local CMOS clock as source.
You configured everything correctly in my opinion. Do you have any firewall restrictions for NTP?

Author

Commented:
I use InternetTime program to help me debug connectivity the NTP server, please see attachment.
NTP.jpg
Well, you ruled that one out. Other than that, I'm out of ideas besides bouncing the box to see if you get different results.
just noticed a typo, not sure if you copy/pasted from earlier or not, but did you use:

w32tm /config /computer:DC1 /manualpeerlist:us.pool.net.org /syncfromflags:manual /update

or

w32tm /config /computer:DC1 /manualpeerlist:us.pool.ntp.org /syncfromflags:manual /update

?

Author

Commented:
No luck, I re-run using .ntp,  w32 update the stop and start NTP, still shows source: Local CMOS Clock.

Author

Commented:
Here is what I run w32time /query /configuration, do you think it is cause by policy?
w32time-Configuration.jpg
i notice the VMIC time source in there...  is this a virtual?

Author

Commented:
yes, it is virtual
What is the platform and are you sure time sync is disabled for the integration components?

Author

Commented:
it's on VMware ESXi, I setup the ESXi to use us.pool.net.org for NTP. Do you know what is the correct way to set this up?
OK.  I had to battle with something similar, but it was for hyper-v.  Virtualized domain controllers have special considerations, especially as it pertains to time.  I'm not sure on the specifics of how ESXi is labeled for the time provider and what best practice is for it.  I would imagine it's similar to hyper-v, however.

Take a look here: http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/11/19/time-synchronization-in-hyper-v.aspx.  Paying particular attention to question #5 and #6.

Specific settings changes for your ESXi environment would probably be similar to: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1189

Ultimately what i did, was i set the physicals to sync off domhier and disabled VM Integration Components' time sync feature on the virtual and then set it up to sync off an external source.

Author

Commented:
I think I got it to work, there's an option on VM tools to sync with host.
Did you just have to disable it? =)
Hyper-V has something similar with Integration Services.
Top Expert 2014

Commented:
Also, verify that you don't have local policy or Group Policy configuring these settings (i.e. set in your Default Domain Policy or other applied at the domain level).  I see that many of your settings are configured by policy instead of local.  The settings are fine for clients, but shouldn't be applied to the DC.
Leon FesterSenior Solutions Architect

Commented:
Verify that your VMWare Guest is not configured to sync time from Host.
You definitely don't want that on a DC.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial