Solved

NTP Server Providers

Posted on 2015-02-18
4
407 Views
Last Modified: 2015-02-24
I just finished adding a new Windows 2012 Server as a new DC as a VM.  I have another Windows 2012 Server DC as a physical server, and finally one Windows 2003 Server R2.  I transferred all (5) FSMO roles from the 2003 DC to the Windows 2012 Server that is on the  physical without issue, and all appears to be working well.    

Server Manager on the Windows 2012 Server that holds all the FSMO indicates a problem with BPA results:  Error The PDF Emulator master "servername" in this forest should be configured to correctly synchronize time from a valid time source.

I ran the following command on the pdc emulator:

w32tm /config /computer:"servername" /manualpeerlist:time.windows.com /syncfromflags: manual /reliable:yes /update

On the other two DCs I ran w32tm /config /syncfromflags:domhier /update

My first question is whether time.windows.com is the best NTP selection period?  We are on the east coast if that matters.  I thought I remember there was a problem using this NTP server in the past.  I am not entirely sure that was the case, so that is why I ask.

The second question is if the above commands are all that's needed to configure our PDC Emulator to sync time with a credible external time source, and have all other servers and client workstations sync time with the PDF Emulator.
0
Comment
Question by:cmp119
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 14

Assisted Solution

by:frankhelk
frankhelk earned 250 total points
ID: 40617345
First, I would recommend to configure NTP to use more than one source - to gain reiability and stability. The best source I know is pool.ntp.org, they provide a good selection of public NTP servers that could be finetuned i.e. to region or country.

Second ... I would avoid W32time in NTP mode whenever I could. That piece of crap has cost me hours and hours of nasty troubleshooting. I'd recommend to use the real thing - a Windows port of the classic Unix NTP client. Easy to install & configure, works like a charm, is mature as my grandpa and stable as a rock, and it is much easier to handle when it comes to the rare cases of troubleshooting.

See my article on NTP for details on both the NTP client and pool.ntp.org. And don't hesitate to ask if I left any question open.
0
 

Accepted Solution

by:
cmp119 earned 0 total points
ID: 40618960
Frankhelk - I read your article, and it was great.  However, I also used the following article and found it to be more precise in assisting me.  This article has all that I needed to resolve the issue, and it included sample commands as reference.  

http://binarynature.blogspot.com/2012/04/configure-active-directory.html
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 40619562
Thanks ...

no problem - I know that my answer is a bit abroad of the AD topic - I'm happy that your problem is solved anyhow. Nevertheless I prefer the classic NTP client, and I still recommend it.

May you have always good times :-)
0
 

Author Closing Comment

by:cmp119
ID: 40627757
frankhelk confirmed using pool.ntp.org is the best NTP source, but his article lacked detailed instructions on how to do this on a Windows Server.  I found an article that gave me this precise information.  I appreciate the help!!!
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question