Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Domain Controller Time Sync

Posted on 2014-02-09
6
5,129 Views
Last Modified: 2014-02-14
I have a network with 6 DC’s. Two are in a central location four are in off-site locations. They are connected through VPN tunnels. These tunnels do not filter traffic. I have setup time sync through the policies Computer Configuation\Policies\Administrative Templates\System\Windows Time Service.

A server in the central location synchronizes its time with pool.ntp.org. The domain controllers (and every other server) sync their time with this server. The domain controllers in the central location sync their time according to the policy settings. The DC’s in the off-site locations do not. Computers and other servers in the remote sites do sync their clocks.

All of the remote DCs are physical machines.

Running this command on DC2.Contoso.local (off-site server): w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Policy)
AnnounceFlags: 10 (Policy)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 10 (Policy)
MaxPollInterval: 15 (Policy)
MaxNegPhaseCorrection: 54000 (Policy)
MaxPosPhaseCorrection: 54000 (Policy)
MaxAllowedPhaseOffset: 59 (Policy)

FrequencyCorrectRate: 4 (Policy)
PollAdjustFactor: 5 (Policy)
LargePhaseOffset: 1280000 (Policy)
SpikeWatchPeriod: 90 (Policy)
LocalClockDispersion: 10 (Policy)
HoldPeriod: 5 (Policy)
PhaseCorrectRate: 1 (Policy)
UpdateInterval: 30000 (Policy)

[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Policy)
ResolvePeerBackoffMaxTimes: 7 (Policy)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 0 (Policy)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 1800 (Policy)
Type: NTP (Policy)
NtpServer: Time-Srv01.Contoso.local,0x8 (Policy)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

These settings are what I entered into the policy.

However when you ask for the status:

w32tm /query /status
Leap Indicator: 3(last minute has 61 seconds)
Stratum: 0 (unspecified)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 0.0000000s
ReferenceId: 0x00000000 (unspecified)
Last Successful Sync Time: unspecified
Source: Local CMOS Clock
Poll Interval: 10 (1024s)

Or ask for the source:

w32tm /query /computer:localhost /source
Local CMOS Clock

The off-site servers keep coming back with ‘Local CMOS Clock’.

I’ve tried:
W32tm /unregister
[reboot]
W32tm /register

…changing the NTP target to a different server.
…manually changing the w32tm settings: w32tm /config/computer:<name of DC>/manualpeerlist: Time-Srv01.Contoso.local /syncfromflags:manual /update

If anyone has a good suggestion, I’d love to hear it.
0
Comment
Question by:computication
  • 3
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 39846283
To configure a client computer or a member server to sync time from the domain, run the following command:

w32tm /config /syncfromflags:domhier /update
And then stop and restart the time service by running:

net stop w32time && net start w32time
This should be all you need to do.
0
 
LVL 3

Author Comment

by:computication
ID: 39846339
Hallo Greg,

Thank you for your comment. I tried it, no result. The source remains the Local CMOS Clock.

Kind regards,

Martijn
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 39846374
Here are the registry keys:  

1. Change Windows to use the NTP protocol for time synchronization:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Value: Type
Data: NTP

2. Configure the AnnounceFlags value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config
Value: AnnounceFlags
Data: 5

3. Enable the NTP server value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Value: Enabled
Data: 1

4. Specify the NTP server to use:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Value: NtpServer
Data: pool.ntp.org,0×1

5. Select the NTP polling interval:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Value: SpecialPollInterval
Data: 900

6. Configure the time correction settings:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config
Value: MaxPosPhaseCorrection
Radix: Decimal
Data: 3600

Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config
Value: MaxNegPhaseCorrection
Radix: Decimal
Data: 3600

After this, stopping and restarting the NTP service should get you working.

If this is a VM make sure the host/guest NTP Services are setup correctly.

stop start ntp after making changes.

regards,

Greg
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 3

Accepted Solution

by:
computication earned 0 total points
ID: 39846378
Hallo Greg,

I fixed it. I changed the server type in the policy to NT5DS. Thanks for your suggestions, much appreciated.

Kind regards,

M
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 39846752
Just a basic comment anyhow .... W32time, the timekeeping service in Windows. I experienced more than enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.

My recommendation:

Use a Windows port of the classic *ix NTP service. The NTP service software is free. Easy to install and configure, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting.

See this article for the "How To".

The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.
0
 
LVL 3

Author Closing Comment

by:computication
ID: 39858552
It worked.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question