Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 71
  • Last Modified:

Help with internal NTP server

I recently discovered that not all of our servers are in sync with our internal NTP server that resides on our Server 2012 R2 Domain Controller.  We recently moved from Server 2003 to 2012 about 4 months ago.  We have a mixed server environment including Servers 2003 R2, 2008, 2008 R2 and 2012 R2.  Everything worked fine with 2003.  All of our 2012 servers sync with no problem but only some of the 2003 and 2008 are in sync.  I also should state that these are all virtual servers.  I made sure all the VM tools were up to date and that the most current Windows updates were completed but for some reason, some of the servers won't sync.  I've tried forcing sync via CLI in command prompt and I made sure that the virtuals were in sync with their host which I resync'd in vSphere.  Does anyone have an idea how I can get this to work throughout my entire server farm?  Also, we have two RHEL4 servers that pointed to the 2003 server and stayed in sync but they don't with 2012.
0
HallsIT
Asked:
HallsIT
  • 7
  • 3
2 Solutions
 
Seth SimmonsSr. Systems AdministratorCommented:
is the server holding the PDC emulator role configured to use an external source?
clients will automatically point to that server for time
the linux clients will then need to change to that server (if it isn't already)

How to configure an authoritative time server in Windows Server
http://support.microsoft.com/kb/816042
0
 
HallsITAuthor Commented:
Yes, it is holding the PDC emulator.  As for the Linux box, we kept the same IP Address for the Domain Controllers as they were for the old 2003 DC's.

Also to note, our desktops are all Windows 7 and they're in sync alone with my Windows 8.1 desktop.
0
 
arnoldCommented:
on server 2003 you would use net time \\servername /querysntp to see its current settings.
If you need to change, net time \\servername /setsntp:"servers to which you want it synchronized"

note the difference in time could be a misconfiguration of the timezone. i.e. are they off by hour/s

on windows 2008 and newer, net time was replaced with w32tm /tz to see the timezone
to access a different system w32tm /computer:servername

What is different between the similar systems windows 2003, 2008 that do sync and that do not?



I believe there is a fix for VMs to sync.

Double check the 2012 advanced firewall settings allow the NTP requests to come through Work/home/domain public.  IT depends on how the client is seen on the network.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
HallsITAuthor Commented:
The time "mismatch" is only a matter of minutes.  It's ironic that all the 2003 servers that don't sync are about 2 minutes ahead of NTP and the 2008 servers are about 1 minute ahead of the NTP server so time zone is not an issue.

In terms of what's similar and different between 2003 and 2008...nothing stands out.  I spent most of yesterday and last night trying to find out this specific question but couldn't find anything that stood out.

I'm going to try the command line Arnold posted and I'll let you know the results.
0
 
HallsITAuthor Commented:
Also, all internal Windows firewalls are turned off via group policy so the Windows firewall is not the culprit either.
0
 
arnoldCommented:
strange thing I've seen even with the GPO disabling the firewall, some settings still make it an issue.
Are all systems joined into the AD, I think there is/was a vmware fix that dealt.

your issue seems to be a drift.
Are all Vmware hosts on the same vmware version? Do the Vms with these issues span multiple hosts, or are they fall under the same host/vmware version?
0
 
HallsITAuthor Commented:
Thanks to Arnold, I figured out the difference.  Some of our servers are point to time.windows.com,0x1 and some are pointing to my domain controller 192.168.0.x,0x8.  It seems the servers point to my domain controller are correct according to NIST but, in saying that, my domain controller is wrong.

I need to configure my internet NTP to point to NIST.
0
 
HallsITAuthor Commented:
Arnold, Yes, all VMware hosts are of the same VMware ESXi version.  Yes, the VM's with the issues span all three of my hosts.
0
 
HallsITAuthor Commented:
The link you gave me is for me to point to the Windows time server which, I found it is actually between 1 and 2 minutes behind NIST.  It also seems Verizon uses NIST because my cell phone is in sync with NIST to the second.
0
 
arnoldCommented:
you need to make sure your 2012 DC is synchronizing to nist  or to an ntp.org local/regional set of servers.

Public NTP <=> your 2012 DC <=> your LAN/VMs
0
 
HallsITAuthor Commented:
I agree in light of my new findings.  Thanks for your assistance.  I'm working on it now.  I will keep you informed.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

  • 7
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now