Windows 2008 : Servers not syncing time with ntp server

Hello,

I just installed a monitoring tool like Nagios to monitor all my servers.

I have just noticed  that my servers do not synchronize well with the ntp server. What can I do? My ntp server is a windows 2008 domain controller


Time difference errors
Williams225System AdministatorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
enter the command below on your Windows 2008 domain controller to check where it is getting its time from, it should be getting the time from the PDC emulator. How many DC do you have on yur network?

w32tm /query /source
0
Seth SimmonsSr. Systems AdministratorCommented:
is the server with the pdc role configured to use external time source?

http://support.microsoft.com/kb/816042
0
NumbidCommented:
You have to update time manually at first. If time drift is too important, ntp will not update it.

On a linux environment :
service ntpd stop ; ntpdate ntp_ip_adress ; service ntpd start

Open in new window

On Windows :
net start w32time #if not already started
w32tm /config /update

Open in new window

To reconfigure sync between a domain member and his PDC, and resync it :
w32tm /config /syncfromflags:domhier /update

Open in new window

0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Thomas GrassiSystems AdministratorCommented:
What do you have set in the registry for NTP

Windows Time                                    
HKLM>System>CurrentControlSet>Services>W32Time>Parameters                                    
NTPServer      Pool.ntp.org
                        
Type      NTP            


This is what I use on my Windows 2008 server no issues.

make the changes then restart w32time service
0
NumbidCommented:
Last answer's not reliable in a domain environment.

Time configuration has to be hierachical, External source > PDC > DC's > Domain members.

/numbid
0
Williams225System AdministatorAuthor Commented:
the ntp server is our DC. Unfortunately I have access deny when I type all the commandes that you gave me
0
Seth SimmonsSr. Systems AdministratorCommented:
did you run any of that with elevated command prompt (run as administrator)?
0
Thomas GrassiSystems AdministratorCommented:
Which machine are we talking about here?

On the DC is Time Service running?

Is time service working on the DC

check the event logs right after you do a restart of the time service

IF you getting this error on the desktops then the time settings on the computers are incorrect

Please clarify where the errors are occurring screen prints would be helpful

The registry entries I gave you in my last post for the server are the same in the computers
Just in the computers point them to the ip address of the server
0
Williams225System AdministatorAuthor Commented:
My domain controller is also the NTP server of the domain. All the pc and servers of our domain do not sync correctly the time.

For example right now on the NTP Server(domain controller)  its 4:27pm and on my laptop its 4:29pm

The time on the DC is the correct time
0
Williams225System AdministatorAuthor Commented:
I think I found the issue. We have two Domain controllers which are also ntp servers. the time of the 1st ntp server is right, the time of the second ntp server is wrong.

I have tried to update manually the time of the second ntp server but its not working... what can I do?
0
Thomas GrassiSystems AdministratorCommented:
check the registry settings as I posted to see what is set.

Post what you have

Normally in a Windows Domain the NTP settings are found via AD

But I seen this not work as well so I change the registry to point to the servers ip address that is the NTP server.

Works every time.
0
Williams225System AdministatorAuthor Commented:
I want to find a solution to manually change the time of this ntp server

NTP Registry
NTP Query Source
0
NumbidCommented:
Oh, seems that you're using a VM.

At first, do not sync time of any VM with its host ! Let your domain hierarchy and a proper NTP configuration do the job. On vSphere, it can be descativated in the VMWare Tools wich are installed on your servers.

Second, use an elevated cmd prompt and a domain admin account.

Then, clean up configurations (on all servers)

net stop w32time
w32tm /unregister
w32tm /register
net start w32time

Open in new window


Then, on your PDC (the DC wich has the PDC FSMO role) :

w32tm /config /manualpeerlist:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org" /syncfromflags:MANUAL /update /reliable:YES

Open in new window


Now your PDC is configured to use an external time source (pool.ntp.org servers  - list on http://support.ntp.org/bin/view/Servers/NTPPoolServers ).
To verify, you can use :

w32tm /query /peers /verbose

Open in new window


It prints sync results.

On any other server on your domain, type :

w32tm /config /syncfromflags:domhier /update

Open in new window


They'll now use your PDC as primary time source.

If it still doesn't work, please paste result of this command, on PDC and another server :

w32tm /dumpreg /subkey:parameters

Open in new window


/numbid
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas GrassiSystems AdministratorCommented:
Type = NTP not NT5DS

NT5DS only works is your AD is setup properly for Time SYnc.

if you change it to NTP it will work it finds the ntp server by the ip address you put in the NTP Server entry.

That's how you manually do it.
0
NumbidCommented:
I don't get you pov ?

PDC is configured as an NTP server... and every other AD comps have to use NT5DS. That's exactly how to setup "AD" properly for time sync.

For non-AD comps, use NTP service on PDC.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.