Solved

Time discrepancy between member servers and domain controllers

Posted on 2014-02-03
5
281 Views
Last Modified: 2014-02-11
Hello Windows Server Experts,

I have a strange problem that I'm having a hard time with.  The environment I work in has approximately 40 servers (both physical and virtual servers).  I have four servers, 2 physical and 2 virtual , that the clocks get out of sync with our domain controllers by exactly 2 minutes.  I have checked network connections and those look good.  I have verified the virtual servers are not syncing with their hosts and not domain controllers.  Any ideas of what I'm missing.  The time discrepancy never grows more or less than 2 minutes.

Thanks,
Nick
0
Comment
Question by:ndalmolin_13
5 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39829816
I would try the following...
- resync the time on the servers and using (w32tm /resync)
Let the clocks resync to the DC time and monitor this to ensure that it does not fall back 2 minutes behind again.

- on the servers in question run "set logonserver" and see what DC the machines are authenticating to.

A common reason for time sync issues is due to the trust between the domain and the computer have been broken. You can use the netdom command to verify the trust.

netdom verify machineName /Domain:domain.com /UserO:Username /PasswordO:password

This will verify the connection. If this comes back successful sometimes it is a false positive and the server might been to be removed and then re-added back to the domain. I would start with the resyncing of the time.

Will.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39829935
Cross verify the some of the registry keys from below path,

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\


Refer registry keys from below link,

http://www.aperture.ro/index.php/2009/01/windows-time-sync-hyper-v-enabled-domain-controller-dilemma/
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39834217
Are the servers that get out of sync VM's? If so check to make sure the VM are not set to sync there time with the host. AD joined clients and servers should sync with the AD PDC server. Also on your VMware host check the date and time in the bios
0
 
LVL 1

Author Comment

by:ndalmolin_13
ID: 39839096
I've been out sick, so I'm just getting back to this.  Some of the servers are physical and some of them are virtual.  We also have a few workstations that off by two minutes.  Thanks for your participation in this.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39839155
On your Forest root PDC set the server to update it's time from an internet source.

w32tm /config /manualpeerlist:"ServerName" /reliable:yes /update

Your member servers & clients will pickup the new time when they are reboot or you force the time update using w32tm
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question