This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.
How to diagnose time issues in a large 2003 domain?
Hello,
We have a large (5500+) mixed OS (mostly Win7, a few WinXP) environment, with 6 Server 2003 DCs, running at a 2003 Functional Level. These DC's are housed in four separate locations, all 'direct' connected to our home office via fiber.
We've noticed a time discrepancy in the past month or two with workstation time. Initial diagnosis showed us that there are varying times between the six domain controllers.
The DC setup seems consistent and correct (as far as I know it... I don't have much experience with Server 2003). DC2 has the PDC Emulator role, and is configured to use 0.north-america.pool.ntp.o
The odd thing is that even though we currently have a discrepancy of more than 3 minutes between DC1 and DC2, there are no (that I can find, anyway) NTP errors being reported on either server.
Can someone assist me in troubleshooting this?
Thank you.
Scott
We have a large (5500+) mixed OS (mostly Win7, a few WinXP) environment, with 6 Server 2003 DCs, running at a 2003 Functional Level. These DC's are housed in four separate locations, all 'direct' connected to our home office via fiber.
We've noticed a time discrepancy in the past month or two with workstation time. Initial diagnosis showed us that there are varying times between the six domain controllers.
The DC setup seems consistent and correct (as far as I know it... I don't have much experience with Server 2003). DC2 has the PDC Emulator role, and is configured to use 0.north-america.pool.ntp.o
The odd thing is that even though we currently have a discrepancy of more than 3 minutes between DC1 and DC2, there are no (that I can find, anyway) NTP errors being reported on either server.
Can someone assist me in troubleshooting this?
Thank you.
Scott
Asked:
-
5
4
1 Solution
LVL 25
I would check the interval time is checked on your Main DC and setup a manual task on the other DC's to sync their time with the Main DC every hour or two. Then monitor them all a few times a day to see if they stay synced.
Hi TG-TIS,
Thanks for the response.
I'm not sure exactly how you meant I should 'check the interval time on my main DC', but we may have a handle the issue now.
I ran 'w32tm /monitor' and found all six DC's reporting in were showing that they were syncing with DC2 (our PDC Emulator), but 4 of the six were 195 seconds off. Also, the RefID in the results from the /monitor command referenced a forest root server, not the PDC Emulator.
I wasn't even aware that we had a forest root server (we have only one domain... it is a legacy server that was never removed from the network), but it was also set to pull it's time from an external time source.
To resolve, I left the FR server alone and configured the PDC Emulator's NtpServer registry setting to point to the FR server, rather than an external source.
I then went to each DC and verified (and in some cases reset) their NtpServer entry to the PDC Emulator, and their 'type' to NT5DS.
Afterward, I restarted the W32Time service on each, and then resync'd using w32tm /resync /rediscover.
So far, so good... each server is within 2 one-hundredths of the PDC. I'll check again tomorrow.
sm
Thanks for the response.
I'm not sure exactly how you meant I should 'check the interval time on my main DC', but we may have a handle the issue now.
I ran 'w32tm /monitor' and found all six DC's reporting in were showing that they were syncing with DC2 (our PDC Emulator), but 4 of the six were 195 seconds off. Also, the RefID in the results from the /monitor command referenced a forest root server, not the PDC Emulator.
I wasn't even aware that we had a forest root server (we have only one domain... it is a legacy server that was never removed from the network), but it was also set to pull it's time from an external time source.
To resolve, I left the FR server alone and configured the PDC Emulator's NtpServer registry setting to point to the FR server, rather than an external source.
I then went to each DC and verified (and in some cases reset) their NtpServer entry to the PDC Emulator, and their 'type' to NT5DS.
Afterward, I restarted the W32Time service on each, and then resync'd using w32tm /resync /rediscover.
So far, so good... each server is within 2 one-hundredths of the PDC. I'll check again tomorrow.
sm
Sorry for the late response...
The DC's are all keeping time correctly (3 weeks and counting)... however, some workstations in the domain are reporting being a few minutes off, even after multiple logoffs/reboots.
Any ideas how to troubleshoot this?
The DC's are all keeping time correctly (3 weeks and counting)... however, some workstations in the domain are reporting being a few minutes off, even after multiple logoffs/reboots.
Any ideas how to troubleshoot this?
I've seen this before on older servers. what I did was add a scheduled task to the PDC to resync time with it's internet time server twice a day at specific times line 6AM and 6PM.
Add a scheduled task to all the uther servers to resync with the DC and different times so they al don't request time updates together. if this does not resolve the problem, let me know.
Add a scheduled task to all the uther servers to resync with the DC and different times so they al don't request time updates together. if this does not resolve the problem, let me know.
Our problem isn't with the DCs at this point, but with some workstations in our environment.
I could potentially add w32tm /resync to the logon script for the workstations, if that's what you mean...
I could potentially add w32tm /resync to the logon script for the workstations, if that's what you mean...
Yes, that should wok fine. you might have some Pc's that are loosing time due to hardware or other issues. Adding a schedule task to resync should resolve the problem on those Pc's.
You can probably put this in a batch file and add it as a scheduled task on the workstions
w32tm /resync
w32tm /resync
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
This course will introduce you to C++ 11 and teach you about syntax fundamentals.
Tackle projects and never again get stuck behind a technical roadblock.
Join Now