Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

NTP time is off on PDC

Posted on 2013-06-07
11
589 Views
Last Modified: 2013-07-01
We have been noticing that the time for our PDC has been keeping incorrect time and I attempted to correct this with the following commands:

net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

w32tm /unregister
W32Time successfully unregistered.

w32tm /register
W32Time successfully registered.

net start w32time
The Windows Time service is starting..
The Windows Time service was started successfully.

w32tm /config /manualpeerlist:<LOCAL>0x1 /syncfromflags:manual /reliable:yes /update
The command completed successfully.

w32tm /config /update
The command completed successfully.

w32tm /resync /rediscover
The computer did not resync because no time data was available.

After this I looked into the situation a little more and see an warning in the server logs that may explain more:

Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

I then looked into the GPO to see the ntp server is time.windows.com,0x1 and the type is NR5DS.

I am now just looking from a method to update our NTP to a local NTP and an public backup if possible.

Any assistance would be great.
0
Comment
Question by:nextechexchadmin
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 9

Expert Comment

by:M Roe
ID: 39230349
Great website to do this with an external source

http://support.microsoft.com/kb/816042/en-us
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 39230565
is port 123 blocked?

This fixit has some good tips.
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 39234308
In your command
w32tm /config /manualpeerlist:<LOCAL>0x1 /syncfromflags:manual /reliable:yes /update

Open in new window

you've set the W32time client to sync to it's own local clock, havn't you ? That looks a bit crazy.

I would recommend to use the service at pool.ntp.org for a selection of time servers. So your command should read
w32tm /config /manualpeerlist:0,pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org /syncfromflags:manual /reliable:yes /update

Open in new window


Besides of this "worldwide" set of servers there are regional ( "continental", or even more fine grained: "per country") sets of servers, too.

A more basic tip: I've had hassle with W32time in NTP mode whenever I used it. My recommendation would be to just disable W32time and use "the real thing" - a Windows port of the standard NTP implementation. See here for a list.

In that case you should add the servers to your ntp.conf file in this way:
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst

Open in new window

0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:nextechexchadmin
ID: 39237634
Fredbear891:
I had to wait for a service window to test this.  I downloaded the "Fix-It" and typed in the IP for a local NTP server and then after about a minute of a bar going across it would respond it failed, but with no explaination.

ve3ofa:
I used PortQryUI and the port is not blocked.

frankhelk:
The reference in my code <LOCAL> was to represent a network local NTP server IP, not the local PDC.

Thanks for the help so far, but...anymore ideas?
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 39240492
My recommendation for the original NTP software applies to local applications, too.

Since NTP bandwidth usage is not an issue in local networks, a simple ntp.conf would look like this:
server <LOCAL> minpoll 6 maxpoll 6 iburst

driftfile %windir%\\ntp.drift
logfile C:\temp\ntp.log

Open in new window


The minpoll/maxpoll options fix the polling interval to "once every 64 seconds" (2^6).
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39240829
make sure port 123 is open on your firewall/router like stated above
0
 

Author Comment

by:nextechexchadmin
ID: 39240995
frankhelk:
I apologize for mis-understanding you.  I plan to attempt that in another maintenance window.

Fredbear891:
This server and the NTP server is both local and no router in between.

I am also looking into excluding the PDC from the GPO that the client machines get their NTP from and either editing the GPO locally or just issuing the commands I previously stated.
0
 
LVL 2

Expert Comment

by:eexchangetech
ID: 39276387
0
 

Accepted Solution

by:
nextechexchadmin earned 0 total points
ID: 39277980
I figured it out.  There was a default GPO that was being applied to the PDC.  The policy stated to look to the PDC for time and so the PDC looked to himself for it and thus got slowly off.

I edited the GPO to exclude a container of DCs and then locally edited the GPO on the PDC to look to a global NTP server and then the other DCs to once again look to the PDC.

Thanks for all the attempts.
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 39279488
Anyhow - if you want to give a standard NTP service a try, please take a look at this article.
0
 

Author Closing Comment

by:nextechexchadmin
ID: 39289371
The issue was more GPO and I had seen this in other post, but no one seemed to look towards in my post here.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question