Solved

Syncing local machines with server time

Posted on 2014-01-10
7
394 Views
Last Modified: 2014-01-17
Hi all,

We are trying to sync all the machines on the network with the time on the server through a logon script however it isn't working.

When testing the command manually through cmd, we get what is shown in the image.

The server time is being set using Atomic Clock Sync.
cmd.png
0
Comment
Question by:cbapartnership
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
As long as you've joined the machines to the domain and have not customized the default settings in the OS (by group policy or other) time syncing is automatic. Client OSes joined to a domain use the windows time service and regularly sync to a domain controller. This happens even when users are not logged in, so a logon script is rather superfluous.
0
 
LVL 19

Expert Comment

by:strivoli
Comment Utility
The user must be granted the permission to change system's time.
0
 

Author Comment

by:cbapartnership
Comment Utility
Thanks for your quick responses.

I agree, the client OSes should be automatic but they are out of time by a couple of minutes so something is not working. So to get around this, I want to use Atomic Clock Sync. I used to use it on a previous Windows SBS 2003 server and I didnt have any problems. I suspect that our new SBS 2011 server may have more tighter access rights security.

We use a logon script to map drives and it made sense to just put the "Net Time" command in there as well.

Can you tell me if I need to change the user permission to change the time on all the PC's or can I do it just from the server?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 19

Assisted Solution

by:strivoli
strivoli earned 150 total points
Comment Utility
You must grant "Change the system time" permission to the user on all PCs. Do that on one PC and see what happens. After you've seen it's what you want, you can do the change using GPO which will affect all PCs.
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 150 total points
Comment Utility
If the windows time service is not syncing clients then net time will fail as well. They both use the same underlying architecture. You need to troubleshoot the cause of the sync failing. Not the symptom. Or you'll fond you have the same problem because the root cause is still there.

Using an atomic click app on the server to which the clients sync is fine. I personally think it is unnecessary, but it is still fine. The problem is the client syncing mechanism. And again, unless you are installing atomic sync on all the clients, net time uses the same communications and protocols as the windows time service, so your efforts to script it are reinventing the wheel. A wheel that, in your case, is broken and that you are trying to replace with another broken wheel.
0
 
LVL 9

Accepted Solution

by:
Red-King earned 200 total points
Comment Utility
As the others have mentioned it is best to configure your domain controller to sync it's time from an external source and then get your desktops syncing against that.
Trying to set all desktops to sync from an external source will use up bandwidth on your WAN link and you'll probably still have a number of PCs that are reporting an inaccurate time as they cannot connect to the the external source for some reason.

You need to determine where your PCs are currently getting their time.
You mentioned you're using an SBS 2011 server which is essentially a Windows 2008 R2 server.

Here's some commands you can run from a command line on a desktop PC that will help you find any errors.
(Run the command prompt as an administrator for some of these to work)

Firstly find your Primary Domain Controller (PDC). This should be your SBS 2011 server;
netdom /query fsmo

Open in new window

You'll get some output like this;
Schema master               SVR004.domain.local
Domain naming master        SVR004.domain.local
PDC                         SVR004.domain.local
RID pool manager            SVR004.domain.local
Infrastructure master       SVR004.domain.local
The command completed successfully.

Open in new window

Next find where the desktop is getting it's time from (I'm running this on Windows 8.1 but you should get much the same results);
w32tm /query /status

Open in new window

This should give you some output like this;
Leap Indicator: 0(no warning)
Stratum: 4 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0937500s
Root Dispersion: 0.3542354s
ReferenceId: 0x0A010A03 (source IP:  10.1.10.3)
Last Successful Sync Time: 10/01/2014 11:36:22
Source: svr016.domain.local
Poll Interval: 11 (2048s)

Open in new window

Note the "Last Successful Sync Time" and the "Source".
In my results you'll see that my Desktop's Source is different to the server listed as a PDC. If I log into svr016.domain.local and run the status command again I get the following;
Leap Indicator: 0(no warning)
Stratum: 3 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0625000s
Root Dispersion: 0.3052694s
ReferenceId: 0x0A010A01 (source IP:  10.1.10.1)
Last Successful Sync Time: 10/01/2014 11:46:09
Source: SVR004.domain.local
Poll Interval: 10 (1024s)

Open in new window

So you can see that my desktop sync's to svr016.domain.local (which is a DC) and this server in turn sync's to svr004.domain.local (the PDC).
Lastly, if I run the same query on the svr004.domain.local you'll see it's syncing to the external time source;
Leap Indicator: 0(no warning)
Stratum: 2 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0312500s
Root Dispersion: 0.1253321s
ReferenceId: 0xC101DB74 (source IP:  193.1.219.116)
Last Successful Sync Time: 10/01/2014 12:00:10
Source: 1.ie.pool.ntp.org,0x1
Poll Interval: 10 (1024s)

Open in new window


To build up a report of the status of each desktop you can add the following to your logon script;
w32tm /query /status > \\fileserver.domain.local\public\%computername%_w32tm-status.txt

Open in new window

If you've point the fileserver path to a folder where everybody has write permissions then you will get a bunch of files listed by the computer names (dktp001_w32tm-status.txt etc.)

So once you've determined that your Desktops are syncing against your domain controller correctly you can then go ahead and configure the external time source on your PDC.
To do that you can use this series of commands;
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
w32tm /config /reliable:yes
net start w32time
w32tm /query /configuration
w32tm /query /status

Open in new window


Hopefully that will get you most of the way there to having accurate time throughout all your desktops.

Rory

Edit: Had the FSMO role results in the wrong place
0
 

Author Closing Comment

by:cbapartnership
Comment Utility
When I originally ran the NET TIME command from a cmd window, I got the access rights privilege error. I now realise why this happened - I didn't run cmd as an administrator. As soon as I did, it worked. The next day I checked several client PC's and they have the exact time as the server so all is working now.

Many thanks for all your advice.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now