Solved

Set Windows (non domain joined) member server to sync time with a domain controller.

Posted on 2013-11-20
4
2,803 Views
Last Modified: 2014-03-13
Hi

I have a few servers that live in our DMZ that I wish to sync with our domain controller that is on the inside network.  These servers in the DMZ are not joined to the domain and are also running inside a Hyper V virtual machine which I believe is what is causing the time drift

The servers all run Windows Server 2008 R2.

So I am wondering how to set these servers to sync with the domain controller that is inside the private internal network.

I also understand firewall rules would need to be adjusted order for the servers in the DMZ to communicate with the domain controller.

I've been researching this, but am getting a lot of conflicting information, and some article indicate there is no concrete fix to get a non domain server to time sync with a Windows domain controller.

Looking for help,

Thank you!
0
Comment
Question by:paradigm_IS
  • 2
  • 2
4 Comments
 
LVL 6

Expert Comment

by:vmdude
ID: 39664164
How do your domain controllers keep time? Are they syncing with an external NTP time source? If so one option you might consider is allowing the servers in the DMZ to sync to the same NTP host.

Maybe not the answer you are looking for but just thought I'd throw it our there :)
0
 

Author Comment

by:paradigm_IS
ID: 39664185
Hi vmdude

I thought of that, but part of my problem is I am not entirely certain how to determine how my domain controller is keeping it's time.

I run this command on my domain controller:

w32tm /query /source

I get this result:
Free-running System Clock

Which I *think* means it is not syncing to anything other than the onboard RTC chip.


Thanks
0
 
LVL 6

Accepted Solution

by:
vmdude earned 500 total points
ID: 39664259
Try running the following command instead, this will tell you if you have any NTP time providers configured on your domian.

w32tm /query /configuration

My advice would be to first get the domain controller holding the PDC FSMO role (not sure how big your environment is so could all be the same server) syncing with a reliable NTP server I normally use ones from the following site http://www.pool.ntp.org/en/ 

To configure NTP is actually fairly straightforward the following commands will do it

C:\> w32tm /config /manualpeerlist:"0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org" /syncfromflags:manual
C:\> w32tm /config /update
C:\> w32tm /resync
0
 

Author Closing Comment

by:paradigm_IS
ID: 39927868
That did the trick.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
An article on effective troubleshooting
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question