Solved

2003 DC won't allow NTP updates from clients

Posted on 2014-03-26
7
351 Views
Last Modified: 2014-03-27
Hi Everyone,

I have come across a time issue in my domain. My PDC (which is currently running Server 2003) won't allow clients to access time updates

(output from client on command prompt: C:\Users\jdoe>telnet gltech-dc1 123
Connecting To gltech-dc1...Could not open connection to the host, on port 123:
Connect failed)

I have some people that have the right time and a lot of people with the wrong time. I do not have the Firewall ICS service running, but I never needed it before.

Any ideas?
0
Comment
Question by:WindhamSD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 3

Assisted Solution

by:SandeepWalve
SandeepWalve earned 100 total points
ID: 39956261
Those machine which are not allowing the Time Sync please check whether they have your Primary DC as NTP Server

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Parameters\NtpServer

If the NTPServer is not correct you can update it with below command on all the machines which are having issues.

Net time \\<ntpserver> /set /yes
net stop w32time
net start w32time

Your Primary DC should be pointing to either third party time server or time.windows.com (Assuming here you have internet connectivity for updates from time.windows.com
0
 

Author Comment

by:WindhamSD
ID: 39956308
Thanks for the reply Sandeep,

All of our clients have the proper NTP server in the registry and if I update them they will temporarily get the right time, but then it will change again to a few minutes later. This is even happening on my other servers as well. The PDC is set to it's self (via DNS name) for time. I am planning on changing that off hours tonight to point out to an external time source.
0
 
LVL 3

Expert Comment

by:SandeepWalve
ID: 39956338
How much the time difference changes on the servers??

Check if Daylight Savings is set correctly for your clients/servers.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 

Author Comment

by:WindhamSD
ID: 39956498
Thanks again Sandeep,

The time is off by about 5 and half minutes. Daylight Savings is good...
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 400 total points
ID: 39957165
Remove all time configurations from all sources (GPO, DHCP, router etc)
Time service works better on its own just run first set of command on PDC and second set of command from other DC's  from below article

Clients should get the time from server without any configuration

http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_10789-Time-Service-Configuration.html
0
 

Author Comment

by:WindhamSD
ID: 39957390
Thanks Sarang,

I will dive into this and see what transpires.

Much appreciated
0
 

Author Closing Comment

by:WindhamSD
ID: 39959008
That did the trick! One of my DCs needed to be re-registered.

Thank You so much!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question