Solved

2003 DC won't allow NTP updates from clients

Posted on 2014-03-26
7
345 Views
Last Modified: 2014-03-27
Hi Everyone,

I have come across a time issue in my domain. My PDC (which is currently running Server 2003) won't allow clients to access time updates

(output from client on command prompt: C:\Users\jdoe>telnet gltech-dc1 123
Connecting To gltech-dc1...Could not open connection to the host, on port 123:
Connect failed)

I have some people that have the right time and a lot of people with the wrong time. I do not have the Firewall ICS service running, but I never needed it before.

Any ideas?
0
Comment
Question by:WindhamSD
  • 4
  • 2
7 Comments
 
LVL 3

Assisted Solution

by:SandeepWalve
SandeepWalve earned 100 total points
ID: 39956261
Those machine which are not allowing the Time Sync please check whether they have your Primary DC as NTP Server

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Parameters\NtpServer

If the NTPServer is not correct you can update it with below command on all the machines which are having issues.

Net time \\<ntpserver> /set /yes
net stop w32time
net start w32time

Your Primary DC should be pointing to either third party time server or time.windows.com (Assuming here you have internet connectivity for updates from time.windows.com
0
 

Author Comment

by:WindhamSD
ID: 39956308
Thanks for the reply Sandeep,

All of our clients have the proper NTP server in the registry and if I update them they will temporarily get the right time, but then it will change again to a few minutes later. This is even happening on my other servers as well. The PDC is set to it's self (via DNS name) for time. I am planning on changing that off hours tonight to point out to an external time source.
0
 
LVL 3

Expert Comment

by:SandeepWalve
ID: 39956338
How much the time difference changes on the servers??

Check if Daylight Savings is set correctly for your clients/servers.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:WindhamSD
ID: 39956498
Thanks again Sandeep,

The time is off by about 5 and half minutes. Daylight Savings is good...
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 400 total points
ID: 39957165
Remove all time configurations from all sources (GPO, DHCP, router etc)
Time service works better on its own just run first set of command on PDC and second set of command from other DC's  from below article

Clients should get the time from server without any configuration

http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_10789-Time-Service-Configuration.html
0
 

Author Comment

by:WindhamSD
ID: 39957390
Thanks Sarang,

I will dive into this and see what transpires.

Much appreciated
0
 

Author Closing Comment

by:WindhamSD
ID: 39959008
That did the trick! One of my DCs needed to be re-registered.

Thank You so much!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Active Directory Recycle Bin - AD Size Increase. 2 24
document a domain users/computers 1 36
How to filter result in PowerShell 10 58
Event 4625 - Account Name: _ 3 28
Synchronize a new Active Directory domain with an existing Office 365 tenant
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question