[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

I need to get familiar with NTP and get it working on our network ASAP

Posted on 2012-09-07
22
Medium Priority
?
993 Views
Last Modified: 2012-09-08
We have a Windows 2008R2 domain and no one has been able to properly get our workstations and servers time to properly sync. I have been told we have two servers configured for NTP, but need to location them and than begin troubleshooting. I have a few basic questions to get started than will probably need to open another question as our network must be having issues getting this working.

1. Is NTP only located on a DC and if so how can I determine which one? is it a role? Service?

2. Would I normally just point each server and workstation's internet time to the domain controller that has NTP running?

It sounds easy, but apparently it has given some people a difficult time....all advice on getting started and articles on the subject are welcome
0
Comment
Question by:Thor2923
22 Comments
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38377951
PDC Syncronise time with External Time Provider (e.g pool.ntp.org)
Other DC's Syncronise time with PDC and also act as Time Server for Client Systems thats it
Nothing is complex in this every thing is done by Windows Time Service no policy deployment is required

Refer Article by Ace Fekay to configuere and more info on the same
http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspx
0
 
LVL 17

Expert Comment

by:James Haywood
ID: 38377968
Workstations and members usually sync to their local DC. To set the DC you want as master time source set the following registry key to 5

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\announceflags

Set the same key to 10 on the remaining DCs.

Once all your DCs are synchronised the workstations and member servers should fall into line. If not then you can set the time server using a GPO.

http://technet.microsoft.com/en-us/library/cc773263%28WS.10%29.aspx#w2k3tr_times_tools_vwtt
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38378003
I don't normally just post links to help but this one seems to have everything you need...

http://www.sysadminlab.net/windows/configuring-ntp-on-windows-2008-r2

Have you seen that?

The norm is to setup the server to sync to an NTP server on the internet, clients should already sync to the DC itself
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Thor2923
ID: 38379571
ok thanks to all your input and a little research of my own, I realize that I was probably going about this wrong. It appears NTP tim sync seems to be a built in part of the Active Directory system and there is no need to build an "NTP server" or add an "NTP role" to a server. My issue is bascially that it just is not working for us. I have been told I need to get the command C:\w32tm /resync to the point where it reports a successful synchronization. Right now I get;

 C:\Users\jblack_admin>w32tm /resync
Sending resync command to local computer
The following error occurred: Access is denied. (0x80070005)
 
and in the even viewer the only real issue I see is this warning;

NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

Maybe I need to resubmit the question differently, but do these errors mean anything to anyone or shed any light on what might be happening?
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38379585
You can check The time server by Running Command "w32tm /monitor" on server/Client

Perform below steps given by Ace and thats it...

1. On the DC that you're experiencing issues with, run the following in a command prompt:

 net stop w32time
 w32tm /unregister
 w32tm /register
 net start w32time
2. On the Server in question (whether it's the PDC Emulator or another server), run the following in a command prompt:

"net time /setsntp: " (Note the blank space prior to the end ")  [This tells the client (whether a DC or workstation) to delete the current registry settings for time and use default settings.]
Restart the time service:  Net stop w32time && net start w32time
3. On the PDC Emulator run the following in a command prompt:

W32tm /config /manualpeerlist:time.nrc.ca /syncfromflags:manual /reliable:yes /update
 W32tm /resync /rediscover
Restart the time service: net stop w32time && net start w32time
4. On each DC that are not holding the PDC Emulator role, run the following in a command prompt:

w32tm /config /syncfromflags:domhier /update
 W32tm /resync /rediscover
Restart the time service: net stop w32time && net start w32time
5. This will take out any errors in the Event Viewer, if there are any.
0
 
LVL 1

Author Comment

by:Thor2923
ID: 38379621
Thanks for all that input but I apparently have issues before I can even start your suggestions. I logged into our DC01 as a domain admin, opened the command prompt and attempted your net stop w32time and got the following error.

 C:\Users\jblack_admin>net stop w32time
System error 5 has occurred.

Access is denied.

I went to active directory Users and Computers right clicked our domain name and selected operations masters. Under the PDC tab I confirmed that our DC01 is the Operations Master. Does this mean I am on the right server. We do have 3 DCs but IT appears to be that I should be running your command on DC01. If you have any suggestions from here, I am open to anything right now...thanks
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38379632
Run from elevated privileges i.e Run as Administrator
0
 
LVL 1

Author Comment

by:Thor2923
ID: 38379648
Even from our DC01 I get
C:\Users\jblack_admin>w32tm /resync
Sending resync command to local computer
The following error occurred: Access is denied. (0x80070005)

when I try a simple resync. I noticed that the internet time settings are have sychronize with internet server checked and the server that is selected is time.windows.com. Does that all sound right?
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38379658
have you opened the Command Prompt using "Run As Administrator" ?
0
 
LVL 1

Author Comment

by:Thor2923
ID: 38379673
no I have not, I will try that next
0
 
LVL 1

Author Comment

by:Thor2923
ID: 38379690
ok u hit on something, not sure why I could not do it as a domain admin, but right clicking cmd and running as administrator allow me to finally get

C:\Windows\system32>w32tm /resync
Sending resync command to local computer
The command completed successfully.


I deliberatly set the time and date wrong on a server i was working with and ran the same command on that server and it synced up beautifully. Now I have things set so my DC01 is operations master and points to time.windows.come and I have the server I was trying to sync with DC01 set to synchronize with DC01.domain.local   this is working, but is it normal for me to have to touch every machine in our domain so they will sync with dc01.domain.local?? It just seems with todays technology adding a workstation or server to our domain should have a more automated time sync system. I will take the win though even if it requires me to touch every machine
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38379714
No, You do not have to do this every machine only thing required is that it should be member of Domain and Time Service should running on this
You can just check the source time server on client by running w32tm /monitor

If you run dcdiag /test:advertising on DC and it gets passed that means you have a valid time server

Need to run Run as administrator is because of User access control feature of 2008 & win7
0
 
LVL 1

Author Comment

by:Thor2923
ID: 38379830
Well I guess I still have work to do. I ran your dcdiag and got the following results. It is reporting that "Warning: P-AD-DC01 is not advertising as a time server.
         ......................... P-AD-DC01 failed test Advertising"

It is satisfying my coworkers because I have manually pointed to the FQDN of P-AD-DC01 as my internet time server, but apparently it is still not working the way it should be. Any idea how I can get the server to advertise as a time server?  

C:\Windows\system32>dcdiag /test:advertising

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = P-AD-DC01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: DataCenter1-FtLauderdale\P-AD-DC01
      Starting test: Connectivity
         ......................... P-AD-DC01 passed test Connectivity

Doing primary tests

   Testing server: DataCenter1-FtLauderdale\P-AD-DC01
      Starting test: Advertising
         Warning: P-AD-DC01 is not advertising as a time server.
         ......................... P-AD-DC01 failed test Advertising


   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : PTI

   Running enterprise tests on : PTI.local

C:\Windows\system32>
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 2000 total points
ID: 38379848
Does P-AD-DC01  holds the PDC role if yes run below command from CMD (Run as administrator)
net stop w32time 
w32tm /unregister 
w32tm /register 
net start w32time 
net time /setsntp: 
Net stop w32time && net start w32time 
W32tm /config /manualpeerlist:time.nrc.ca /syncfromflags:manual /reliable:yes /update 
W32tm /resync /rediscover 
net stop w32time && net start w32time 

Open in new window


If No then run below

net stop w32time 
w32tm /unregister 
w32tm /register 
net start w32time 
net time /setsntp: 
Net stop w32time && net start w32time 
w32tm /config /syncfromflags:domhier /update 
W32tm /resync /rediscover 
net stop w32time && net start w32time 

Open in new window



Just Copy paste the commands in CMD

After Doing above run
dcdiag /test:advertising

Open in new window

again
0
 
LVL 1

Author Comment

by:Thor2923
ID: 38379857
thanks for the input, but what i did was this;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
annd verify that it is set to 10 in decimal (0x0000000A), then use w32tm /config /update

 I have also tried:
w32tm /config /syncfromflags:domhier /update

 then:
net stop w32time
net start w32time
 
Then I ran your DCDIAG command and my DC01 PASSED ADVERTISING!!!

I think that is it, however I have one last question. NOW, when I go to my workstation or any of the servers I have been trying to sync with, I NO LONGER have a choice to set up internet time or configure and internet time server. THe tab is just not there anymore. Is this correct??
0
 
LVL 1

Author Comment

by:Thor2923
ID: 38379865
hmmm even my DC01 no longer allows me to point to an internet time server like time.windows.com???
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38379871
THe tab is just not there anymore. Is this correct??  ->>> Where are you looking for Tab
0
 
LVL 1

Author Comment

by:Thor2923
ID: 38379879
1. I double click on the time in the lower right
2. select date and time changes

I used to have a Date and Time tab, Addictional Clocks tab and a third tab would appear. I do not see it now, but I think it said Internet time server.

BTW I was told there is one workstation that we need to deliberatly have the wrong time for our testing. Is there a way to make an exception for one machine?
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38379884
Thats ok
and stop windows Time service on that machine for the time when you want time should not be synconised
0
 
LVL 1

Author Comment

by:Thor2923
ID: 38379910
this is all working out real well!! But where is my DC01 getting its time from? I no longer have a place to point it to one of the major internet time servers. Won't it slowly loose its accurate time as months go by?
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38379949
you can check this by  w32tm /monitor as I already stated
0
 
LVL 1

Author Closing Comment

by:Thor2923
ID: 38380013
excellent information!
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question