Solved

2003 DC won't allow NTP updates from clients

Posted on 2014-03-26
7
342 Views
Last Modified: 2014-03-27
Hi Everyone,

I have come across a time issue in my domain. My PDC (which is currently running Server 2003) won't allow clients to access time updates

(output from client on command prompt: C:\Users\jdoe>telnet gltech-dc1 123
Connecting To gltech-dc1...Could not open connection to the host, on port 123:
Connect failed)

I have some people that have the right time and a lot of people with the wrong time. I do not have the Firewall ICS service running, but I never needed it before.

Any ideas?
0
Comment
Question by:WindhamSD
  • 4
  • 2
7 Comments
 
LVL 3

Assisted Solution

by:SandeepWalve
SandeepWalve earned 100 total points
ID: 39956261
Those machine which are not allowing the Time Sync please check whether they have your Primary DC as NTP Server

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Parameters\NtpServer

If the NTPServer is not correct you can update it with below command on all the machines which are having issues.

Net time \\<ntpserver> /set /yes
net stop w32time
net start w32time

Your Primary DC should be pointing to either third party time server or time.windows.com (Assuming here you have internet connectivity for updates from time.windows.com
0
 

Author Comment

by:WindhamSD
ID: 39956308
Thanks for the reply Sandeep,

All of our clients have the proper NTP server in the registry and if I update them they will temporarily get the right time, but then it will change again to a few minutes later. This is even happening on my other servers as well. The PDC is set to it's self (via DNS name) for time. I am planning on changing that off hours tonight to point out to an external time source.
0
 
LVL 3

Expert Comment

by:SandeepWalve
ID: 39956338
How much the time difference changes on the servers??

Check if Daylight Savings is set correctly for your clients/servers.
0
 

Author Comment

by:WindhamSD
ID: 39956498
Thanks again Sandeep,

The time is off by about 5 and half minutes. Daylight Savings is good...
0
 
LVL 18

Accepted Solution

by:
sarang_tinguria earned 400 total points
ID: 39957165
Remove all time configurations from all sources (GPO, DHCP, router etc)
Time service works better on its own just run first set of command on PDC and second set of command from other DC's  from below article

Clients should get the time from server without any configuration

http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_10789-Time-Service-Configuration.html
0
 

Author Comment

by:WindhamSD
ID: 39957390
Thanks Sarang,

I will dive into this and see what transpires.

Much appreciated
0
 

Author Closing Comment

by:WindhamSD
ID: 39959008
That did the trick! One of my DCs needed to be re-registered.

Thank You so much!
0

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now