Help with internal NTP server

Posted on 2015-01-29
Last Modified: 2016-06-18
I recently discovered that not all of our servers are in sync with our internal NTP server that resides on our Server 2012 R2 Domain Controller.  We recently moved from Server 2003 to 2012 about 4 months ago.  We have a mixed server environment including Servers 2003 R2, 2008, 2008 R2 and 2012 R2.  Everything worked fine with 2003.  All of our 2012 servers sync with no problem but only some of the 2003 and 2008 are in sync.  I also should state that these are all virtual servers.  I made sure all the VM tools were up to date and that the most current Windows updates were completed but for some reason, some of the servers won't sync.  I've tried forcing sync via CLI in command prompt and I made sure that the virtuals were in sync with their host which I resync'd in vSphere.  Does anyone have an idea how I can get this to work throughout my entire server farm?  Also, we have two RHEL4 servers that pointed to the 2003 server and stayed in sync but they don't with 2012.
Question by:HallsIT
  • 7
  • 3
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 250 total points
ID: 40578138
is the server holding the PDC emulator role configured to use an external source?
clients will automatically point to that server for time
the linux clients will then need to change to that server (if it isn't already)

How to configure an authoritative time server in Windows Server

Author Comment

ID: 40578146
Yes, it is holding the PDC emulator.  As for the Linux box, we kept the same IP Address for the Domain Controllers as they were for the old 2003 DC's.

Also to note, our desktops are all Windows 7 and they're in sync alone with my Windows 8.1 desktop.
LVL 77

Expert Comment

ID: 40578147
on server 2003 you would use net time \\servername /querysntp to see its current settings.
If you need to change, net time \\servername /setsntp:"servers to which you want it synchronized"

note the difference in time could be a misconfiguration of the timezone. i.e. are they off by hour/s

on windows 2008 and newer, net time was replaced with w32tm /tz to see the timezone
to access a different system w32tm /computer:servername

What is different between the similar systems windows 2003, 2008 that do sync and that do not?

I believe there is a fix for VMs to sync.

Double check the 2012 advanced firewall settings allow the NTP requests to come through Work/home/domain public.  IT depends on how the client is seen on the network.

Author Comment

ID: 40578167
The time "mismatch" is only a matter of minutes.  It's ironic that all the 2003 servers that don't sync are about 2 minutes ahead of NTP and the 2008 servers are about 1 minute ahead of the NTP server so time zone is not an issue.

In terms of what's similar and different between 2003 and 2008...nothing stands out.  I spent most of yesterday and last night trying to find out this specific question but couldn't find anything that stood out.

I'm going to try the command line Arnold posted and I'll let you know the results.

Author Comment

ID: 40578169
Also, all internal Windows firewalls are turned off via group policy so the Windows firewall is not the culprit either.
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

LVL 77

Expert Comment

ID: 40578269
strange thing I've seen even with the GPO disabling the firewall, some settings still make it an issue.
Are all systems joined into the AD, I think there is/was a vmware fix that dealt.

your issue seems to be a drift.
Are all Vmware hosts on the same vmware version? Do the Vms with these issues span multiple hosts, or are they fall under the same host/vmware version?

Author Comment

ID: 40578294
Thanks to Arnold, I figured out the difference.  Some of our servers are point to,0x1 and some are pointing to my domain controller 192.168.0.x,0x8.  It seems the servers point to my domain controller are correct according to NIST but, in saying that, my domain controller is wrong.

I need to configure my internet NTP to point to NIST.

Author Comment

ID: 40578296
Arnold, Yes, all VMware hosts are of the same VMware ESXi version.  Yes, the VM's with the issues span all three of my hosts.

Author Comment

ID: 40578299
The link you gave me is for me to point to the Windows time server which, I found it is actually between 1 and 2 minutes behind NIST.  It also seems Verizon uses NIST because my cell phone is in sync with NIST to the second.
LVL 77

Accepted Solution

arnold earned 250 total points
ID: 40578300
you need to make sure your 2012 DC is synchronizing to nist  or to an local/regional set of servers.

Public NTP <=> your 2012 DC <=> your LAN/VMs

Author Comment

ID: 40578307
I agree in light of my new findings.  Thanks for your assistance.  I'm working on it now.  I will keep you informed.

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now