?
Solved

NTP time is off on PDC

Posted on 2013-06-07
11
Medium Priority
?
599 Views
Last Modified: 2013-07-01
We have been noticing that the time for our PDC has been keeping incorrect time and I attempted to correct this with the following commands:

net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

w32tm /unregister
W32Time successfully unregistered.

w32tm /register
W32Time successfully registered.

net start w32time
The Windows Time service is starting..
The Windows Time service was started successfully.

w32tm /config /manualpeerlist:<LOCAL>0x1 /syncfromflags:manual /reliable:yes /update
The command completed successfully.

w32tm /config /update
The command completed successfully.

w32tm /resync /rediscover
The computer did not resync because no time data was available.

After this I looked into the situation a little more and see an warning in the server logs that may explain more:

Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

I then looked into the GPO to see the ntp server is time.windows.com,0x1 and the type is NR5DS.

I am now just looking from a method to update our NTP to a local NTP and an public backup if possible.

Any assistance would be great.
0
Comment
Question by:nextechexchadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 9

Expert Comment

by:M Roe
ID: 39230349
Great website to do this with an external source

http://support.microsoft.com/kb/816042/en-us
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 39230565
is port 123 blocked?

This fixit has some good tips.
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 39234308
In your command
w32tm /config /manualpeerlist:<LOCAL>0x1 /syncfromflags:manual /reliable:yes /update

Open in new window

you've set the W32time client to sync to it's own local clock, havn't you ? That looks a bit crazy.

I would recommend to use the service at pool.ntp.org for a selection of time servers. So your command should read
w32tm /config /manualpeerlist:0,pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org /syncfromflags:manual /reliable:yes /update

Open in new window


Besides of this "worldwide" set of servers there are regional ( "continental", or even more fine grained: "per country") sets of servers, too.

A more basic tip: I've had hassle with W32time in NTP mode whenever I used it. My recommendation would be to just disable W32time and use "the real thing" - a Windows port of the standard NTP implementation. See here for a list.

In that case you should add the servers to your ntp.conf file in this way:
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst

Open in new window

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:nextechexchadmin
ID: 39237634
Fredbear891:
I had to wait for a service window to test this.  I downloaded the "Fix-It" and typed in the IP for a local NTP server and then after about a minute of a bar going across it would respond it failed, but with no explaination.

ve3ofa:
I used PortQryUI and the port is not blocked.

frankhelk:
The reference in my code <LOCAL> was to represent a network local NTP server IP, not the local PDC.

Thanks for the help so far, but...anymore ideas?
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 39240492
My recommendation for the original NTP software applies to local applications, too.

Since NTP bandwidth usage is not an issue in local networks, a simple ntp.conf would look like this:
server <LOCAL> minpoll 6 maxpoll 6 iburst

driftfile %windir%\\ntp.drift
logfile C:\temp\ntp.log

Open in new window


The minpoll/maxpoll options fix the polling interval to "once every 64 seconds" (2^6).
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39240829
make sure port 123 is open on your firewall/router like stated above
0
 

Author Comment

by:nextechexchadmin
ID: 39240995
frankhelk:
I apologize for mis-understanding you.  I plan to attempt that in another maintenance window.

Fredbear891:
This server and the NTP server is both local and no router in between.

I am also looking into excluding the PDC from the GPO that the client machines get their NTP from and either editing the GPO locally or just issuing the commands I previously stated.
0
 

Accepted Solution

by:
nextechexchadmin earned 0 total points
ID: 39277980
I figured it out.  There was a default GPO that was being applied to the PDC.  The policy stated to look to the PDC for time and so the PDC looked to himself for it and thus got slowly off.

I edited the GPO to exclude a container of DCs and then locally edited the GPO on the PDC to look to a global NTP server and then the other DCs to once again look to the PDC.

Thanks for all the attempts.
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 39279488
Anyhow - if you want to give a standard NTP service a try, please take a look at this article.
0
 

Author Closing Comment

by:nextechexchadmin
ID: 39289371
The issue was more GPO and I had seen this in other post, but no one seemed to look towards in my post here.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question