Solved

NTP Active Directory

Posted on 2014-10-19
9
228 Views
Last Modified: 2014-10-26
Hi,

I am trying to get the domain controllers to update to the correct time via the ntp server.  I have  added it in the registry key for ntp the source ip, it shows in this format:   xxx.xxx.xxx.x , 0x9 .  What is th 0x9 represent?  Also, the time is not updating.  I have verified connectivity to the resource.

thanks
0
Comment
Question by:Jack_son_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 40390773
Hi,
Once you've setup the NTP server it does not mean that the Domain controller would start to update from it. You shuld make the initial synchronization manually and it would then start to synchronize with the NTP Source.

Please follow this TechNet article here. It shows hoe to perform the initial synchronziation. The problem here is NTP would not strt synchronization if time difference is too big.

You can find the flags after the time server here

This article over MSDN has the meaning of all the flags.

Cheers,
K.
0
 

Author Comment

by:Jack_son_
ID: 40391015
thanks; this is all set, although the time is still not correct.  Looks like it is using NTP now in the registry on the PDC.  Will it take time to update?
0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 334 total points
ID: 40391036
You're welcome. Are you sure your Time Zone is configured properly? This being said clients do synchronization when you logon/reboot or periodically over the server. To do it manually you can use this command:

w32tm /resync

Open in new window


Cheers,
K.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Jack_son_
ID: 40391132
yes; I am actually just looking at the time on the DC.  Right now it shows this when I run the resync command:

The computer did not resync because no time data was available.
0
 
LVL 14

Assisted Solution

by:frankhelk
frankhelk earned 166 total points
ID: 40391471
Hmmm ... W32time, the timekeeping service in Windows. I experienced enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.

My recommendation:

Use a Windows port of the classic *ix NTP service, sync a master (or two, three) with an external source (i.e. from pool.ntp.org) and sync the clients and DCs to the master. The NTP service software is free. Easy to install and configure, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting.

See this article for the "How To".

The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.

If securtity is an issue, you might as well place radio controlled clock appliances into your LAN who serve time very reliable and precise.
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 40391494
When you say time is wrong over PDC what do you mean? Some hours? minutes?

Are you clients logging in to the domain or do they belong to some own workgroup ?
0
 

Author Comment

by:Jack_son_
ID: 40391637
no, its a domain and the time is wrong.  I need the PDC (primary domain controller) to sync with an external NTP server versus its internal clock.
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 40393813
Maybe I repeat myself, but that's a classic case for a classic NTP client ... give it a try.
0
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 334 total points
ID: 40394556
When you run these commands:

> net stop w32time
> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org” /reliable:yes
> net start w32time

Open in new window


I guess this should work.

Cheers,
K.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Change Exchange 2010 Namespace 6 71
Group Policy Objects not applying to Windows 10 Machine 3 49
IF statement on a PowerShell Script 2 33
Demoting 2008 DC 1 22
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question