Solved

Incorrect network time

Posted on 2013-01-16
8
467 Views
Last Modified: 2013-01-21
I had a client ask me why their computer time was about 2.5 minutes behind the cell phones in the office.  

After some digging, I found that when I ran

w32tm /stripchart /computer:time.windows.com /samples:5 /dataonly

I received a response similar to below:  
9:28:33, +144.00668998s

When I look at timeanddate.com to see the current time, sure enough it seems to be about 144 seconds faster than my computer.  

Basically it seems the +144. seconds on my response is the exact amount of time missing from my computer and network time.  Why would this 144 second delay be happening?
0
Comment
Question by:perk83
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38783049
That is interesting, I'll do some testing later to see if I get the same 144 from time.windows.com

Have you tested any other stratum 2 servers

http://support.ntp.org/bin/view/Servers/StratumTwoTimeServers

Thanks

Mike
0
 
LVL 1

Expert Comment

by:sarconastic
ID: 38783115
the amount of time that the server is off is probably irrelevant. It is off because either A: it is not updating with a a NIST or NTP pool server that has the accurate time based on the Atomic clocks, or B: someone changed it manually and placed a time offset in it. or C: it is getting it's time from an internet site that is incorrect.

what you need to find out is what the time on the PDC (Primary Domain Controller) for the network is first. If this time is correct, then either the PC itself has a time offset or it is receiving its time from a regular DC that is not syncing correctly. The way it works if it is right is the PDC syncs to  a site like time.windows.com then theDCs all sync to it. all domain computers by default sync to the DCs or the PDC unless they are manually over ridden by a GPO or command line argument.

run these commands to check and see if it has been changed, and to rest it to the domain controller

net time /querysntp
net time /setsntp:domaincontroller
net time /set

Good Luck
0
 
LVL 1

Author Comment

by:perk83
ID: 38783282
mkline,

I did try 3 different servers and got the same response from all three.

time.windows.com
pool.ntp.org
time.nist.gov ( I believe that was it)


sarconastic,

I should have been more clear in my OP.  I get the same response when running the command from the workstations or servers.  It is all machines on that network.  The DC has the same incorrect time as all others.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Expert Comment

by:sarconastic
ID: 38783337
If the DC has the wrong time then it is not updating correctly. I would be checking it. do a "w32tm /resync /rediscover" on teh server and see if it successfully completes. Also if this is not the PDC then you should check it as well.

using w32tm /query /peers should tell your the peers the DC and the PDC are connected to.
0
 
LVL 1

Author Comment

by:perk83
ID: 38784510
When I ran on "w32tm /resync /rediscover" the DC, I got a message back. " The computer did not resync because no time data was available."  Didn't expect that.  

It is the FSMO role holder.
0
 
LVL 1

Accepted Solution

by:
sarconastic earned 500 total points
ID: 38787596
Ok so what that is telling you is that the DC your running this on is not syncing with a time server. For whatever reason, you need to track it down. I will tell you from experience it usually turns out to be that the ports required to be open are not open on the firewall.  Just adding the NTP service to the allowed ports in your firewall usually does he trick.

I believe it is port UDP 123 that needs to be opened. Both ways, in and out to that server.

Since it is the FSMO controller then it is the one that should be going to the web to get its time.

Check those ports.
0
 
LVL 1

Author Comment

by:perk83
ID: 38801229
Thanks, I believe that helped.  I opened NTP service through the firewall as it was not opened.  On the DC, I then set a manual list of time servers to use. using thew32tm /config command.  After running net stop w32tm and net start w32tm, the DC now has the correct time.  I will be watching it throughout the day to make sure it holds that time, but I believe it will.
0
 
LVL 1

Author Closing Comment

by:perk83
ID: 38802093
Thanks for the tip on opening NTP through the firewall.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question