The time service has stopped advertising as a time source because the local clock is not synchronized.
I asked a question via link
https://www.experts-exchange.com/questions/28220247/Windows-time-service-with-100-domain-controllers-multiple-sites.html
resetup PDC of root domain to sync time with external time source.
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist: "0.ntp.pool.org,0x1 1.ntp.pool.org,0x1 2.ntp.pool.org,0x1 3.ntp.pool.org,0x1" /reliable:yes /update
net start w32time
w32tm /resync /rediscover /nowait
On all other DCs.
I ran
w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time
net start w32time
w32tm /resync /rediscover /nowait
I noticed on some Dcs that I get this error.
The time service has stopped advertising as a time source because the local clock is not synchronized.
Why am I getting this error?
w32tm /query /source shows the right DC = PDC
ran w32tm /stripchart /computer:dc01 /dataonly
and its 00.005
How do I get rid of these errors on the Dcs.
And still getting "AD Replication Monitoring - Time skew detected" in SCOM
https://www.experts-exchange.com/questions/28220247/Windows-time-service-with-100-domain-controllers-multiple-sites.html
resetup PDC of root domain to sync time with external time source.
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist: "0.ntp.pool.org,0x1 1.ntp.pool.org,0x1 2.ntp.pool.org,0x1 3.ntp.pool.org,0x1" /reliable:yes /update
net start w32time
w32tm /resync /rediscover /nowait
On all other DCs.
I ran
w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time
net start w32time
w32tm /resync /rediscover /nowait
I noticed on some Dcs that I get this error.
The time service has stopped advertising as a time source because the local clock is not synchronized.
Why am I getting this error?
w32tm /query /source shows the right DC = PDC
ran w32tm /stripchart /computer:dc01 /dataonly
and its 00.005
How do I get rid of these errors on the Dcs.
And still getting "AD Replication Monitoring - Time skew detected" in SCOM
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
On non PDC servers do you run
w32tm /config /syncfromflags:domhier /update
or
w32tm /config /syncfromflags:domhier /reliable:no /update
"reliable"
Not sure if other DCs are suppose to be set to reliable or not.
w32tm /config /syncfromflags:domhier /update
or
w32tm /config /syncfromflags:domhier /reliable:no /update
"reliable"
Not sure if other DCs are suppose to be set to reliable or not.
Juts run below commands on non PDC servers
w32tm /config /syncfromflags:domhier /update
W32tm /resync /rediscover
Restart the time service: net stop w32time && net start w32time
w32tm /config /syncfromflags:domhier /update
W32tm /resync /rediscover
Restart the time service: net stop w32time && net start w32time
ASKER
all appears to have worked, except on one windows 2003 server.
its time slips and then it will be minutes off.
a w32tm /resync /rediscover doesn't work.
I fix the problem by running net time \\dc01.domain.com /set
But then in a few hours it slips again.
Any ideas on how to permenately fix this issue.
I even unregister, and register.
its time slips and then it will be minutes off.
a w32tm /resync /rediscover doesn't work.
I fix the problem by running net time \\dc01.domain.com /set
But then in a few hours it slips again.
Any ideas on how to permenately fix this issue.
I even unregister, and register.
Have you checked the GPO whcih may be apply locally or from domain if any remove the same.Run rsop.msc and check the same.Also ensure that there is no third party time sync software installed like Dimention4 which may be causing the issue.
If you have not prefromed unregister/register of w32time perfrom the same.
If you have not prefromed unregister/register of w32time perfrom the same.
ASKER
I did find a GPO with the Administrative Computer Policy set as follows, which runs on all computers in the domain, including DCs.
Are any of these settings / concerns and should they be edited?
System/Windows Time Service
Global Configuration Settings Enabled
Clock Discipline Parameters
FrequencyCorrectRate 4
HoldPeriod 5
LargePhaseOffset 1280000
MaxAllowedPhaseOffset 300
MaxNegPhaseCorrection 54000
MaxPosPhaseCorrection 54000
PhaseCorrectRate 1
PollAdjustFactor 5
SpikeWatchPeriod 90
UpdateInterval 30000
General Parameters
AnnounceFlags 10
EventLogFlags 2
LocalClockDispersion 10
MaxPollInterval 15
MinPollInterval 10
ChainEntryTimeout
ChainMaxEntries
ChainMaxHostEntries
ChainDisable
ChainLoggingRate
System/Windows Time Service/Time Providers
Enable Windows NTP Client Enabled
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.
Setting State
Software\Policies\Microsof
Are any of these settings / concerns and should they be edited?
System/Windows Time Service
Global Configuration Settings Enabled
Clock Discipline Parameters
FrequencyCorrectRate 4
HoldPeriod 5
LargePhaseOffset 1280000
MaxAllowedPhaseOffset 300
MaxNegPhaseCorrection 54000
MaxPosPhaseCorrection 54000
PhaseCorrectRate 1
PollAdjustFactor 5
SpikeWatchPeriod 90
UpdateInterval 30000
General Parameters
AnnounceFlags 10
EventLogFlags 2
LocalClockDispersion 10
MaxPollInterval 15
MinPollInterval 10
ChainEntryTimeout
ChainMaxEntries
ChainMaxHostEntries
ChainDisable
ChainLoggingRate
System/Windows Time Service/Time Providers
Enable Windows NTP Client Enabled
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.
Setting State
Software\Policies\Microsof
I will recommend to disable the time GPO as this may be conflicting.Remove the GPO and reboot the DCs for setting to take effect assuming you have configured authorative time server role as per this http://support.microsoft.com/kb/223184 on PDC server.Once server is online run the diagnosis test and check.
ASKER
Man I am confused.
At the root domain there is a GPO that serves another purpose, but has the following, and applies to all workstations, servers, and Dcs.
The Dc container has another GPO which is shared and has the same entries (duplication)
First, does these settings make ssense for clients, dcs, and member servers.
Botice it sets all NTP client as enabled, and annouceflags to 10.
Since this GPO is applied to my PDC emulator - will it cause issues with syncing with external time source (announce flags and etc)
and will clients still get time from PDC emulator.
Enable Windows NTP Client Enabled
Global Configuration Settings Enabled
Clock Discipline Parameters
FrequencyCorrectRate 4
HoldPeriod 5
LargePhaseOffset 1280000
MaxAllowedPhaseOffset 300
MaxNegPhaseCorrection 54000
MaxPosPhaseCorrection 54000
PhaseCorrectRate 1
PollAdjustFactor 5
SpikeWatchPeriod 90
UpdateInterval 30000
General Parameters
AnnounceFlags 10
EventLogFlags 2
LocalClockDispersion 10
MaxPollInterval 15
MinPollInterval 10
ChainEntryTimeout
ChainMaxEntries
ChainMaxHostEntries
ChainDisable
ChainLoggingRate
At the root domain there is a GPO that serves another purpose, but has the following, and applies to all workstations, servers, and Dcs.
The Dc container has another GPO which is shared and has the same entries (duplication)
First, does these settings make ssense for clients, dcs, and member servers.
Botice it sets all NTP client as enabled, and annouceflags to 10.
Since this GPO is applied to my PDC emulator - will it cause issues with syncing with external time source (announce flags and etc)
and will clients still get time from PDC emulator.
Enable Windows NTP Client Enabled
Global Configuration Settings Enabled
Clock Discipline Parameters
FrequencyCorrectRate 4
HoldPeriod 5
LargePhaseOffset 1280000
MaxAllowedPhaseOffset 300
MaxNegPhaseCorrection 54000
MaxPosPhaseCorrection 54000
PhaseCorrectRate 1
PollAdjustFactor 5
SpikeWatchPeriod 90
UpdateInterval 30000
General Parameters
AnnounceFlags 10
EventLogFlags 2
LocalClockDispersion 10
MaxPollInterval 15
MinPollInterval 10
ChainEntryTimeout
ChainMaxEntries
ChainMaxHostEntries
ChainDisable
ChainLoggingRate
ASKER
Does the GPO for w32time apply to clients or only servers\domain controllers.
If configuring gpo for clients.
would you make announce flags 10??
type: NT5DS or NTP
NTPServer? dc.domain.local,0x1? or leave blank
Windows NTP Server = disabled
For secondary domain controllers:
announce flags 10?
type: NT5DS or NTP
NTPServer? dc.domain.local,0x1? or leave blank
Windows NTP Server = enabled
For Primary domain controllers:
announce flags 5
type: NTP
NTPServer? us.pool.ntp.org
Windows NTP Server = enabled
If configuring gpo for clients.
would you make announce flags 10??
type: NT5DS or NTP
NTPServer? dc.domain.local,0x1? or leave blank
Windows NTP Server = disabled
For secondary domain controllers:
announce flags 10?
type: NT5DS or NTP
NTPServer? dc.domain.local,0x1? or leave blank
Windows NTP Server = enabled
For Primary domain controllers:
announce flags 5
type: NTP
NTPServer? us.pool.ntp.org
Windows NTP Server = enabled
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So If a GPO was already inplace with the configuration that I mentioned, should I remove it?
Will it keep the settings from the GPO or reset back to default and sync with Domain using proper DS architecture.
Wasn't sure since the GPO already has been given explicit settings.
Or should I just edit the current GPO, even though you mentioned its not required to make it sync right, and if so, based on above settings what should I set for the clients. which for member servers. which for DC.
and which for PDC emulator.
Looks like they all get the GPO applied to them.
Thanks for your assistance.
Something is not right, as a few DCs still slip on time.
Will it keep the settings from the GPO or reset back to default and sync with Domain using proper DS architecture.
Wasn't sure since the GPO already has been given explicit settings.
Or should I just edit the current GPO, even though you mentioned its not required to make it sync right, and if so, based on above settings what should I set for the clients. which for member servers. which for DC.
and which for PDC emulator.
Looks like they all get the GPO applied to them.
Thanks for your assistance.
Something is not right, as a few DCs still slip on time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
w32tm /query /configuration
w32tm /query /status
On your PDC?
Can you verify that the w32tm setting is actually syncing with external servers?
I remember trying to setup this w32tm thing on a server, but it didnt work since the ntp servers were not reachable (firewall setting). The command although, did not display an error.