Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2977
  • Last Modified:

Can't change time on 2008 R2 DC

The clock on the DC at one of our locations is fast by 5 minutes.  When I change it and hit Apply, it changes to the new time and then immediately changes back to the previous time.

What would cause this?

How do I fix it?
0
J.R. Sitman
Asked:
J.R. Sitman
  • 17
  • 5
  • 2
  • +3
4 Solutions
 
Mike KlineCommented:
Is this the PDC emulator in the forest root?   Time should be following the windows time hiearchy as outlined below

http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx

Is this the only DC that is having issues?

Thanks

Mike
0
 
helpfinderIT ConsultantCommented:
Server which is holding PDC role is a server for syncing time in the domain. Server with PDC takes time from BIOS, external time server (ntp), router, etc all other DCs from this server and member servers and workstations from nearest available DC.

So if your server holds this FSMO role (PDC emulator) try to set some reliable time server, but if you write this is only server with time problem probably this is not a server with PDC (because then all computers in the domain should have 5 minute time lag).

On mentioned server use command net time and you will see from which source server is taking time.
Also check command w32tm /monitor for results
For set correct time do not change time manually but resync it using w32tm /resync
0
 
J.R. SitmanIT DirectorAuthor Commented:
Yes it is the PDC, Yes it is the only server I can't change the time on.  In the past I was able to change it (I believe).  

I configured the server based on
http://support.microsoft.com/kb/816042

All 4 of my locations are configured the same way and for whatever reason this site always has the incorrect time after a few weeks.

Very frustrating.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
J.R. SitmanIT DirectorAuthor Commented:
I ran net time and it is getting it's time from itself.  I ran w23tm /monitor.  See attached
w32DCVMLB.png
0
 
J.R. SitmanIT DirectorAuthor Commented:
Still need help!
0
 
helpfinderIT ConsultantCommented:
Try to register new time service (external) PDC will sybc time with using w32tm command
0
 
J.R. SitmanIT DirectorAuthor Commented:
What about the registry settings I've done from the Microsoft article?  Should those be deleted?
0
 
J.R. SitmanIT DirectorAuthor Commented:
I changed my time provider to time.nist.gov. Then did the net stop w32time & net start w32time.  Then did w32tm /resync /force.  I get the message that no time data was available.
0
 
J.R. SitmanIT DirectorAuthor Commented:
I changed the PDC to another server and set that server to sync with time.nist.gov.  That worked until I rebooted the server that I couldn't change the time on.  As soon as that server was back up the new PDC changed it;s time to that server.  I even verified that there were no GPO controlling time.  I also verified the registry settings for the new PDC and there are exactly what they should be for the PDC to get it's time from time.nist.gov, but it's not.  
HELP!
0
 
J.R. SitmanIT DirectorAuthor Commented:
Here is some more details

The Hyper-V host is getting it's time from a DC that is not the PDC

2 of the Hyper-V servers are getting their time from VM IC Time Synchronization provider

The Hyper-V that is the DC (not PDC but was previously the PDC) is getting it's time from Free Running System clock

The physical PDC is getting it's time from the Hyper-V DC. Even though the registry settings for NTPServer is time.nist.gov

The 3rd physical DC is also getting it's time from the Hyper-V DC, even though it's registry setting for NTPServer is set to time.windows.com,0x9

Hope this helps
0
 
Craig BeckCommented:
Don't let the virtual DCs sync their time with the Hyper-V host.  Turn off time synchronization in Hyper-V for each of the DC guest machines.
0
 
J.R. SitmanIT DirectorAuthor Commented:
How?  

Even with that done the question remains, why is the PDC syncing with a Virtual DC and not it's external source?  And why is the 3rd physical DC also syncing with the Virtual DC?
0
 
pgm554Commented:
Have you checked the BIOS clock on the server?
0
 
J.R. SitmanIT DirectorAuthor Commented:
Which server.  There are 6.  3 physical, 3 virtual.  Do Virtual have a Bios clock?
0
 
Craig BeckCommented:
DCs should only sync with the PDC - the PDC shouldn't be syncing with one of the other DCs.  If it is you've probably configured W32Time incorrectly.

The Hyper-V host(s) can use the Time Synchronization feature to force the guest VM to set its time to whatever the host is set to.  See this...

http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/11/19/time-synchronization-in-hyper-v.aspx

Have you also seen this...?

http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx
0
 
J.R. SitmanIT DirectorAuthor Commented:
I agree something is wrong.  yep I have the second article.  I'll go through it "again" step by step and post later.
0
 
MaheshArchitectCommented:
1st of all remove NTP time synchronization setting from previous PDC server if it is pointing to external time source
All you need to do is change registry for announceflags to a (hexadecimal ) and value of TYPE to NT5DS instead of NTP under HKLM\System\CurrentControlSet\Services\W32tm\Parameters
Then restart windows time service

Then remove hyper-v time synchronization from all virtual domain controllers

For time being you can set new PDC to synchronize with its own hardware CMOS clock until you get proper external time server IP address \ name by following up KB article you mentioned earlier and also ensure that PDC server CMOS battery is not faulty
Run below commands on PDC
w32tm /query /status
w32tm /query /source

Then run below command on all domain controllers except PDC
net time \\PDC_IP /set /y

However note that any DC can get \ sync time between peer DCs except PDC

Mahesh.
0
 
J.R. SitmanIT DirectorAuthor Commented:
Please send instructions on how to remove hyper-v time sync.  Thanks
0
 
MaheshArchitectCommented:
0
 
J.R. SitmanIT DirectorAuthor Commented:
Thanks.  I'll begin working on this soon.
0
 
J.R. SitmanIT DirectorAuthor Commented:
Announceflags were set to 5.  I changed type to NT5DS.  What should the NtpServer be?  See attached.  This is current setting.  This is on the server that was previously the PDC and it is also the Virtual DC.
ntpserver.png
0
 
MaheshArchitectCommented:
Announceflags should be set to a, it should not be 5

Also you can enter time.windows.com,0x9 for NTPServer value
0
 
J.R. SitmanIT DirectorAuthor Commented:
Thx
0
 
J.R. SitmanIT DirectorAuthor Commented:
What should the NtpServer and Advancedflags settings be for all servers other than the PDC?
0
 
MaheshArchitectCommented:
By default domain computers,and member servers get there time from ADCs \ PDC depending upon there reporting  AD sites site ADC \ PDC
For this to work no explicit setting is required on them
This default behaviour

In a given AD forest root domain PDC master server will sync its time from external time source \ itself from its own hardware clock depending on how you set it
By default All PDC servers in every child domain \ tree root domain will get there time sync with PDC of forest root domain Controller (PDC).
All client computers \member servers in each domain will get sync there time from respective domain PDC master server
All ADCs in each domain get sync there time from there respective PDC aster servers \ peer domain controllers in same domain

I would suggest you to not alter default factory setting on those computers and servers.

However if you wanted you can set those setting through GPO, but its not required in reality

Mahesh.
0
 
J.R. SitmanIT DirectorAuthor Commented:
The problem is I already edited TT he registry.  The PDC is now getting the correct time but the other servers are not syncing to it.  I did have a GPO that I forgot about and I now have it disabled.  Do you think a reboot of all servers might fix it?
0
 
MaheshArchitectCommented:
You can do TWO things in order to repair incorrect registry on client computers

1st of all on PDC server, open GPO where you set client NTP settings, Probably at below path.
Computer configuration\administrative templates\system\Windows Time service\Time Providers
Here make settings to not configured for "Configure Windows NTP client" and "Enable Windows NTP server"
Also enable "Windows NTP client" setting

Under Computer configuration\administrative templates\system\Windows Time service, you will find "Global Configuration Settings"
Change it to not configured

Now close the GPO and run Gpupdate /force on PDC server and reboot it once. Then allow clients to reboot and then check if they are syncing properly with local domain controllers \ PDC

If still you are facing errors just put below lines in .bat script and add it as a computer startup script to another GPO \ same GPO as above so that it will apply to computers
Same batch file you need to run on other domain controllers as well other than PDC master server

w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time

Open in new window


The above command will reset the wrong configuration on client computers and other DCs if any

Check below article for more information
http://technet.microsoft.com/en-us/library/cc758905(v=ws.10).aspx

Mahesh
0
 
J.R. SitmanIT DirectorAuthor Commented:
Thanks very much for all The help everyThing is working perfectly
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 17
  • 5
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now