Solved

NTP time is off on PDC

Posted on 2013-06-07
11
583 Views
Last Modified: 2013-07-01
We have been noticing that the time for our PDC has been keeping incorrect time and I attempted to correct this with the following commands:

net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

w32tm /unregister
W32Time successfully unregistered.

w32tm /register
W32Time successfully registered.

net start w32time
The Windows Time service is starting..
The Windows Time service was started successfully.

w32tm /config /manualpeerlist:<LOCAL>0x1 /syncfromflags:manual /reliable:yes /update
The command completed successfully.

w32tm /config /update
The command completed successfully.

w32tm /resync /rediscover
The computer did not resync because no time data was available.

After this I looked into the situation a little more and see an warning in the server logs that may explain more:

Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

I then looked into the GPO to see the ntp server is time.windows.com,0x1 and the type is NR5DS.

I am now just looking from a method to update our NTP to a local NTP and an public backup if possible.

Any assistance would be great.
0
Comment
Question by:nextechexchadmin
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 9

Expert Comment

by:M Roe
ID: 39230349
Great website to do this with an external source

http://support.microsoft.com/kb/816042/en-us
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39230565
is port 123 blocked?

This fixit has some good tips.
0
 
LVL 13

Expert Comment

by:frankhelk
ID: 39234308
In your command
w32tm /config /manualpeerlist:<LOCAL>0x1 /syncfromflags:manual /reliable:yes /update

Open in new window

you've set the W32time client to sync to it's own local clock, havn't you ? That looks a bit crazy.

I would recommend to use the service at pool.ntp.org for a selection of time servers. So your command should read
w32tm /config /manualpeerlist:0,pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org /syncfromflags:manual /reliable:yes /update

Open in new window


Besides of this "worldwide" set of servers there are regional ( "continental", or even more fine grained: "per country") sets of servers, too.

A more basic tip: I've had hassle with W32time in NTP mode whenever I used it. My recommendation would be to just disable W32time and use "the real thing" - a Windows port of the standard NTP implementation. See here for a list.

In that case you should add the servers to your ntp.conf file in this way:
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst

Open in new window

0
 

Author Comment

by:nextechexchadmin
ID: 39237634
Fredbear891:
I had to wait for a service window to test this.  I downloaded the "Fix-It" and typed in the IP for a local NTP server and then after about a minute of a bar going across it would respond it failed, but with no explaination.

ve3ofa:
I used PortQryUI and the port is not blocked.

frankhelk:
The reference in my code <LOCAL> was to represent a network local NTP server IP, not the local PDC.

Thanks for the help so far, but...anymore ideas?
0
 
LVL 13

Expert Comment

by:frankhelk
ID: 39240492
My recommendation for the original NTP software applies to local applications, too.

Since NTP bandwidth usage is not an issue in local networks, a simple ntp.conf would look like this:
server <LOCAL> minpoll 6 maxpoll 6 iburst

driftfile %windir%\\ntp.drift
logfile C:\temp\ntp.log

Open in new window


The minpoll/maxpoll options fix the polling interval to "once every 64 seconds" (2^6).
0
Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

 
LVL 9

Expert Comment

by:M Roe
ID: 39240829
make sure port 123 is open on your firewall/router like stated above
0
 

Author Comment

by:nextechexchadmin
ID: 39240995
frankhelk:
I apologize for mis-understanding you.  I plan to attempt that in another maintenance window.

Fredbear891:
This server and the NTP server is both local and no router in between.

I am also looking into excluding the PDC from the GPO that the client machines get their NTP from and either editing the GPO locally or just issuing the commands I previously stated.
0
 
LVL 2

Expert Comment

by:eexchangetech
ID: 39276387
0
 

Accepted Solution

by:
nextechexchadmin earned 0 total points
ID: 39277980
I figured it out.  There was a default GPO that was being applied to the PDC.  The policy stated to look to the PDC for time and so the PDC looked to himself for it and thus got slowly off.

I edited the GPO to exclude a container of DCs and then locally edited the GPO on the PDC to look to a global NTP server and then the other DCs to once again look to the PDC.

Thanks for all the attempts.
0
 
LVL 13

Expert Comment

by:frankhelk
ID: 39279488
Anyhow - if you want to give a standard NTP service a try, please take a look at this article.
0
 

Author Closing Comment

by:nextechexchadmin
ID: 39289371
The issue was more GPO and I had seen this in other post, but no one seemed to look towards in my post here.
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now