Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

NTP Server Providers

Posted on 2015-02-18
4
Medium Priority
?
429 Views
Last Modified: 2015-02-24
I just finished adding a new Windows 2012 Server as a new DC as a VM.  I have another Windows 2012 Server DC as a physical server, and finally one Windows 2003 Server R2.  I transferred all (5) FSMO roles from the 2003 DC to the Windows 2012 Server that is on the  physical without issue, and all appears to be working well.    

Server Manager on the Windows 2012 Server that holds all the FSMO indicates a problem with BPA results:  Error The PDF Emulator master "servername" in this forest should be configured to correctly synchronize time from a valid time source.

I ran the following command on the pdc emulator:

w32tm /config /computer:"servername" /manualpeerlist:time.windows.com /syncfromflags: manual /reliable:yes /update

On the other two DCs I ran w32tm /config /syncfromflags:domhier /update

My first question is whether time.windows.com is the best NTP selection period?  We are on the east coast if that matters.  I thought I remember there was a problem using this NTP server in the past.  I am not entirely sure that was the case, so that is why I ask.

The second question is if the above commands are all that's needed to configure our PDC Emulator to sync time with a credible external time source, and have all other servers and client workstations sync time with the PDF Emulator.
0
Comment
Question by:cmp119
  • 2
  • 2
4 Comments
 
LVL 14

Assisted Solution

by:frankhelk
frankhelk earned 750 total points
ID: 40617345
First, I would recommend to configure NTP to use more than one source - to gain reiability and stability. The best source I know is pool.ntp.org, they provide a good selection of public NTP servers that could be finetuned i.e. to region or country.

Second ... I would avoid W32time in NTP mode whenever I could. That piece of crap has cost me hours and hours of nasty troubleshooting. I'd recommend to use the real thing - a Windows port of the classic Unix NTP client. Easy to install & configure, works like a charm, is mature as my grandpa and stable as a rock, and it is much easier to handle when it comes to the rare cases of troubleshooting.

See my article on NTP for details on both the NTP client and pool.ntp.org. And don't hesitate to ask if I left any question open.
0
 

Accepted Solution

by:
cmp119 earned 0 total points
ID: 40618960
Frankhelk - I read your article, and it was great.  However, I also used the following article and found it to be more precise in assisting me.  This article has all that I needed to resolve the issue, and it included sample commands as reference.  

http://binarynature.blogspot.com/2012/04/configure-active-directory.html
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 40619562
Thanks ...

no problem - I know that my answer is a bit abroad of the AD topic - I'm happy that your problem is solved anyhow. Nevertheless I prefer the classic NTP client, and I still recommend it.

May you have always good times :-)
0
 

Author Closing Comment

by:cmp119
ID: 40627757
frankhelk confirmed using pool.ntp.org is the best NTP source, but his article lacked detailed instructions on how to do this on a Windows Server.  I found an article that gave me this precise information.  I appreciate the help!!!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question