Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5632
  • Last Modified:

Domain Controller Time Sync

I have a network with 6 DC’s. Two are in a central location four are in off-site locations. They are connected through VPN tunnels. These tunnels do not filter traffic. I have setup time sync through the policies Computer Configuation\Policies\Administrative Templates\System\Windows Time Service.

A server in the central location synchronizes its time with pool.ntp.org. The domain controllers (and every other server) sync their time with this server. The domain controllers in the central location sync their time according to the policy settings. The DC’s in the off-site locations do not. Computers and other servers in the remote sites do sync their clocks.

All of the remote DCs are physical machines.

Running this command on DC2.Contoso.local (off-site server): w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Policy)
AnnounceFlags: 10 (Policy)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 10 (Policy)
MaxPollInterval: 15 (Policy)
MaxNegPhaseCorrection: 54000 (Policy)
MaxPosPhaseCorrection: 54000 (Policy)
MaxAllowedPhaseOffset: 59 (Policy)

FrequencyCorrectRate: 4 (Policy)
PollAdjustFactor: 5 (Policy)
LargePhaseOffset: 1280000 (Policy)
SpikeWatchPeriod: 90 (Policy)
LocalClockDispersion: 10 (Policy)
HoldPeriod: 5 (Policy)
PhaseCorrectRate: 1 (Policy)
UpdateInterval: 30000 (Policy)

[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Policy)
ResolvePeerBackoffMaxTimes: 7 (Policy)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 0 (Policy)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 1800 (Policy)
Type: NTP (Policy)
NtpServer: Time-Srv01.Contoso.local,0x8 (Policy)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

These settings are what I entered into the policy.

However when you ask for the status:

w32tm /query /status
Leap Indicator: 3(last minute has 61 seconds)
Stratum: 0 (unspecified)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 0.0000000s
ReferenceId: 0x00000000 (unspecified)
Last Successful Sync Time: unspecified
Source: Local CMOS Clock
Poll Interval: 10 (1024s)

Or ask for the source:

w32tm /query /computer:localhost /source
Local CMOS Clock

The off-site servers keep coming back with ‘Local CMOS Clock’.

I’ve tried:
W32tm /unregister
[reboot]
W32tm /register

…changing the NTP target to a different server.
…manually changing the w32tm settings: w32tm /config/computer:<name of DC>/manualpeerlist: Time-Srv01.Contoso.local /syncfromflags:manual /update

If anyone has a good suggestion, I’d love to hear it.
0
computication
Asked:
computication
  • 3
  • 2
1 Solution
 
Greg HejlPrincipal ConsultantCommented:
To configure a client computer or a member server to sync time from the domain, run the following command:

w32tm /config /syncfromflags:domhier /update
And then stop and restart the time service by running:

net stop w32time && net start w32time
This should be all you need to do.
0
 
computicationAuthor Commented:
Hallo Greg,

Thank you for your comment. I tried it, no result. The source remains the Local CMOS Clock.

Kind regards,

Martijn
0
 
Greg HejlPrincipal ConsultantCommented:
Here are the registry keys:  

1. Change Windows to use the NTP protocol for time synchronization:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Value: Type
Data: NTP

2. Configure the AnnounceFlags value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config
Value: AnnounceFlags
Data: 5

3. Enable the NTP server value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Value: Enabled
Data: 1

4. Specify the NTP server to use:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Value: NtpServer
Data: pool.ntp.org,0×1

5. Select the NTP polling interval:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Value: SpecialPollInterval
Data: 900

6. Configure the time correction settings:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config
Value: MaxPosPhaseCorrection
Radix: Decimal
Data: 3600

Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config
Value: MaxNegPhaseCorrection
Radix: Decimal
Data: 3600

After this, stopping and restarting the NTP service should get you working.

If this is a VM make sure the host/guest NTP Services are setup correctly.

stop start ntp after making changes.

regards,

Greg
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
computicationAuthor Commented:
Hallo Greg,

I fixed it. I changed the server type in the policy to NT5DS. Thanks for your suggestions, much appreciated.

Kind regards,

M
0
 
frankhelkCommented:
Just a basic comment anyhow .... W32time, the timekeeping service in Windows. I experienced more than enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.

My recommendation:

Use a Windows port of the classic *ix NTP service. The NTP service software is free. Easy to install and configure, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting.

See this article for the "How To".

The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.
0
 
computicationAuthor Commented:
It worked.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now