Help with internal NTP server

Posted on 2015-01-29
Last Modified: 2016-06-18
I recently discovered that not all of our servers are in sync with our internal NTP server that resides on our Server 2012 R2 Domain Controller.  We recently moved from Server 2003 to 2012 about 4 months ago.  We have a mixed server environment including Servers 2003 R2, 2008, 2008 R2 and 2012 R2.  Everything worked fine with 2003.  All of our 2012 servers sync with no problem but only some of the 2003 and 2008 are in sync.  I also should state that these are all virtual servers.  I made sure all the VM tools were up to date and that the most current Windows updates were completed but for some reason, some of the servers won't sync.  I've tried forcing sync via CLI in command prompt and I made sure that the virtuals were in sync with their host which I resync'd in vSphere.  Does anyone have an idea how I can get this to work throughout my entire server farm?  Also, we have two RHEL4 servers that pointed to the 2003 server and stayed in sync but they don't with 2012.
Question by:HallsIT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 250 total points
ID: 40578138
is the server holding the PDC emulator role configured to use an external source?
clients will automatically point to that server for time
the linux clients will then need to change to that server (if it isn't already)

How to configure an authoritative time server in Windows Server

Author Comment

ID: 40578146
Yes, it is holding the PDC emulator.  As for the Linux box, we kept the same IP Address for the Domain Controllers as they were for the old 2003 DC's.

Also to note, our desktops are all Windows 7 and they're in sync alone with my Windows 8.1 desktop.
LVL 79

Expert Comment

ID: 40578147
on server 2003 you would use net time \\servername /querysntp to see its current settings.
If you need to change, net time \\servername /setsntp:"servers to which you want it synchronized"

note the difference in time could be a misconfiguration of the timezone. i.e. are they off by hour/s

on windows 2008 and newer, net time was replaced with w32tm /tz to see the timezone
to access a different system w32tm /computer:servername

What is different between the similar systems windows 2003, 2008 that do sync and that do not?

I believe there is a fix for VMs to sync.

Double check the 2012 advanced firewall settings allow the NTP requests to come through Work/home/domain public.  IT depends on how the client is seen on the network.
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now


Author Comment

ID: 40578167
The time "mismatch" is only a matter of minutes.  It's ironic that all the 2003 servers that don't sync are about 2 minutes ahead of NTP and the 2008 servers are about 1 minute ahead of the NTP server so time zone is not an issue.

In terms of what's similar and different between 2003 and 2008...nothing stands out.  I spent most of yesterday and last night trying to find out this specific question but couldn't find anything that stood out.

I'm going to try the command line Arnold posted and I'll let you know the results.

Author Comment

ID: 40578169
Also, all internal Windows firewalls are turned off via group policy so the Windows firewall is not the culprit either.
LVL 79

Expert Comment

ID: 40578269
strange thing I've seen even with the GPO disabling the firewall, some settings still make it an issue.
Are all systems joined into the AD, I think there is/was a vmware fix that dealt.

your issue seems to be a drift.
Are all Vmware hosts on the same vmware version? Do the Vms with these issues span multiple hosts, or are they fall under the same host/vmware version?

Author Comment

ID: 40578294
Thanks to Arnold, I figured out the difference.  Some of our servers are point to,0x1 and some are pointing to my domain controller 192.168.0.x,0x8.  It seems the servers point to my domain controller are correct according to NIST but, in saying that, my domain controller is wrong.

I need to configure my internet NTP to point to NIST.

Author Comment

ID: 40578296
Arnold, Yes, all VMware hosts are of the same VMware ESXi version.  Yes, the VM's with the issues span all three of my hosts.

Author Comment

ID: 40578299
The link you gave me is for me to point to the Windows time server which, I found it is actually between 1 and 2 minutes behind NIST.  It also seems Verizon uses NIST because my cell phone is in sync with NIST to the second.
LVL 79

Accepted Solution

arnold earned 250 total points
ID: 40578300
you need to make sure your 2012 DC is synchronizing to nist  or to an local/regional set of servers.

Public NTP <=> your 2012 DC <=> your LAN/VMs

Author Comment

ID: 40578307
I agree in light of my new findings.  Thanks for your assistance.  I'm working on it now.  I will keep you informed.

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question