Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Help with internal NTP server

Posted on 2015-01-29
12
Medium Priority
?
64 Views
Last Modified: 2016-06-18
I recently discovered that not all of our servers are in sync with our internal NTP server that resides on our Server 2012 R2 Domain Controller.  We recently moved from Server 2003 to 2012 about 4 months ago.  We have a mixed server environment including Servers 2003 R2, 2008, 2008 R2 and 2012 R2.  Everything worked fine with 2003.  All of our 2012 servers sync with no problem but only some of the 2003 and 2008 are in sync.  I also should state that these are all virtual servers.  I made sure all the VM tools were up to date and that the most current Windows updates were completed but for some reason, some of the servers won't sync.  I've tried forcing sync via CLI in command prompt and I made sure that the virtuals were in sync with their host which I resync'd in vSphere.  Does anyone have an idea how I can get this to work throughout my entire server farm?  Also, we have two RHEL4 servers that pointed to the 2003 server and stayed in sync but they don't with 2012.
0
Comment
Question by:HallsIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
12 Comments
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 1000 total points
ID: 40578138
is the server holding the PDC emulator role configured to use an external source?
clients will automatically point to that server for time
the linux clients will then need to change to that server (if it isn't already)

How to configure an authoritative time server in Windows Server
http://support.microsoft.com/kb/816042
0
 

Author Comment

by:HallsIT
ID: 40578146
Yes, it is holding the PDC emulator.  As for the Linux box, we kept the same IP Address for the Domain Controllers as they were for the old 2003 DC's.

Also to note, our desktops are all Windows 7 and they're in sync alone with my Windows 8.1 desktop.
0
 
LVL 79

Expert Comment

by:arnold
ID: 40578147
on server 2003 you would use net time \\servername /querysntp to see its current settings.
If you need to change, net time \\servername /setsntp:"servers to which you want it synchronized"

note the difference in time could be a misconfiguration of the timezone. i.e. are they off by hour/s

on windows 2008 and newer, net time was replaced with w32tm /tz to see the timezone
to access a different system w32tm /computer:servername

What is different between the similar systems windows 2003, 2008 that do sync and that do not?



I believe there is a fix for VMs to sync.

Double check the 2012 advanced firewall settings allow the NTP requests to come through Work/home/domain public.  IT depends on how the client is seen on the network.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:HallsIT
ID: 40578167
The time "mismatch" is only a matter of minutes.  It's ironic that all the 2003 servers that don't sync are about 2 minutes ahead of NTP and the 2008 servers are about 1 minute ahead of the NTP server so time zone is not an issue.

In terms of what's similar and different between 2003 and 2008...nothing stands out.  I spent most of yesterday and last night trying to find out this specific question but couldn't find anything that stood out.

I'm going to try the command line Arnold posted and I'll let you know the results.
0
 

Author Comment

by:HallsIT
ID: 40578169
Also, all internal Windows firewalls are turned off via group policy so the Windows firewall is not the culprit either.
0
 
LVL 79

Expert Comment

by:arnold
ID: 40578269
strange thing I've seen even with the GPO disabling the firewall, some settings still make it an issue.
Are all systems joined into the AD, I think there is/was a vmware fix that dealt.

your issue seems to be a drift.
Are all Vmware hosts on the same vmware version? Do the Vms with these issues span multiple hosts, or are they fall under the same host/vmware version?
0
 

Author Comment

by:HallsIT
ID: 40578294
Thanks to Arnold, I figured out the difference.  Some of our servers are point to time.windows.com,0x1 and some are pointing to my domain controller 192.168.0.x,0x8.  It seems the servers point to my domain controller are correct according to NIST but, in saying that, my domain controller is wrong.

I need to configure my internet NTP to point to NIST.
0
 

Author Comment

by:HallsIT
ID: 40578296
Arnold, Yes, all VMware hosts are of the same VMware ESXi version.  Yes, the VM's with the issues span all three of my hosts.
0
 

Author Comment

by:HallsIT
ID: 40578299
The link you gave me is for me to point to the Windows time server which, I found it is actually between 1 and 2 minutes behind NIST.  It also seems Verizon uses NIST because my cell phone is in sync with NIST to the second.
0
 
LVL 79

Accepted Solution

by:
arnold earned 1000 total points
ID: 40578300
you need to make sure your 2012 DC is synchronizing to nist  or to an ntp.org local/regional set of servers.

Public NTP <=> your 2012 DC <=> your LAN/VMs
0
 

Author Comment

by:HallsIT
ID: 40578307
I agree in light of my new findings.  Thanks for your assistance.  I'm working on it now.  I will keep you informed.
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question