• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 357
  • Last Modified:

2003 DC won't allow NTP updates from clients

Hi Everyone,

I have come across a time issue in my domain. My PDC (which is currently running Server 2003) won't allow clients to access time updates

(output from client on command prompt: C:\Users\jdoe>telnet gltech-dc1 123
Connecting To gltech-dc1...Could not open connection to the host, on port 123:
Connect failed)

I have some people that have the right time and a lot of people with the wrong time. I do not have the Firewall ICS service running, but I never needed it before.

Any ideas?
0
WindhamSD
Asked:
WindhamSD
  • 4
  • 2
2 Solutions
 
SandeepWalveCommented:
Those machine which are not allowing the Time Sync please check whether they have your Primary DC as NTP Server

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Parameters\NtpServer

If the NTPServer is not correct you can update it with below command on all the machines which are having issues.

Net time \\<ntpserver> /set /yes
net stop w32time
net start w32time

Your Primary DC should be pointing to either third party time server or time.windows.com (Assuming here you have internet connectivity for updates from time.windows.com
0
 
WindhamSDAuthor Commented:
Thanks for the reply Sandeep,

All of our clients have the proper NTP server in the registry and if I update them they will temporarily get the right time, but then it will change again to a few minutes later. This is even happening on my other servers as well. The PDC is set to it's self (via DNS name) for time. I am planning on changing that off hours tonight to point out to an external time source.
0
 
SandeepWalveCommented:
How much the time difference changes on the servers??

Check if Daylight Savings is set correctly for your clients/servers.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
WindhamSDAuthor Commented:
Thanks again Sandeep,

The time is off by about 5 and half minutes. Daylight Savings is good...
0
 
Sarang TinguriaSr EngineerCommented:
Remove all time configurations from all sources (GPO, DHCP, router etc)
Time service works better on its own just run first set of command on PDC and second set of command from other DC's  from below article

Clients should get the time from server without any configuration

http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_10789-Time-Service-Configuration.html
0
 
WindhamSDAuthor Commented:
Thanks Sarang,

I will dive into this and see what transpires.

Much appreciated
0
 
WindhamSDAuthor Commented:
That did the trick! One of my DCs needed to be re-registered.

Thank You so much!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now