Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Time discrepancy between member servers and domain controllers

Posted on 2014-02-03
5
Medium Priority
?
292 Views
Last Modified: 2014-02-11
Hello Windows Server Experts,

I have a strange problem that I'm having a hard time with.  The environment I work in has approximately 40 servers (both physical and virtual servers).  I have four servers, 2 physical and 2 virtual , that the clocks get out of sync with our domain controllers by exactly 2 minutes.  I have checked network connections and those look good.  I have verified the virtual servers are not syncing with their hosts and not domain controllers.  Any ideas of what I'm missing.  The time discrepancy never grows more or less than 2 minutes.

Thanks,
Nick
0
Comment
Question by:ndalmolin_13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39829816
I would try the following...
- resync the time on the servers and using (w32tm /resync)
Let the clocks resync to the DC time and monitor this to ensure that it does not fall back 2 minutes behind again.

- on the servers in question run "set logonserver" and see what DC the machines are authenticating to.

A common reason for time sync issues is due to the trust between the domain and the computer have been broken. You can use the netdom command to verify the trust.

netdom verify machineName /Domain:domain.com /UserO:Username /PasswordO:password

This will verify the connection. If this comes back successful sometimes it is a false positive and the server might been to be removed and then re-added back to the domain. I would start with the resyncing of the time.

Will.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39829935
Cross verify the some of the registry keys from below path,

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\


Refer registry keys from below link,

http://www.aperture.ro/index.php/2009/01/windows-time-sync-hyper-v-enabled-domain-controller-dilemma/
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39834217
Are the servers that get out of sync VM's? If so check to make sure the VM are not set to sync there time with the host. AD joined clients and servers should sync with the AD PDC server. Also on your VMware host check the date and time in the bios
0
 
LVL 1

Author Comment

by:ndalmolin_13
ID: 39839096
I've been out sick, so I'm just getting back to this.  Some of the servers are physical and some of them are virtual.  We also have a few workstations that off by two minutes.  Thanks for your participation in this.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39839155
On your Forest root PDC set the server to update it's time from an internet source.

w32tm /config /manualpeerlist:"ServerName" /reliable:yes /update

Your member servers & clients will pickup the new time when they are reboot or you force the time update using w32tm
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question