Windows 2012 Domain Time Sync Issues
Windows 2012 R2 Standard
Windows 2008 R2 Standard
Windows 7 Pro
Windows 8.1 Pro
Windows Vista 32 bit yes still have some
Today I Demoted my Last Windows 2003 Server on the network it was a Domain controller Also all network computers pointed to this server for NTP I am using a GPO.
I have a DNS A record NTP.FQDN pointing to that ip address on the server
All worked well time was sync'd no issues.
After demoting the server I rebuilt it as a Windows 2012 R2 Standard DC.
Now I have two Windows 2012 DC servers running
Now I am getting Event Id 50 from the Windows 2008 servers
Event Id 142 144 from DC1
For the 142 error I tried this
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.
C:\net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.
C:\w32tm /unregister
W32Time successfully unregistered.
C:\w32tm /register
W32Time successfully registered.
C:\net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.
C:\w32tm /resync
Sending resync command to local computer
The computer did not resync because only stale time data was available.
C:\
This get resync error
ON DC2
I followed these instructions
https://www.experts-exchange.com/videos/511/Windows-Server-2012-Configuring-NTP-Servers-for-Time-Synchronization.html
good article
Event Id 24 and 129
ran this
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\w32tm /resync
Sending resync command to local computer
The command completed successfully.
C:\w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 3 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0801686s
Root Dispersion: 7.8289405s
ReferenceId: 0x454048EE (source IP: 69.64.72.238)
Last Successful Sync Time: 6/27/2015 7:58:32 PM
Source: pool.ntp.org,0x1
Poll Interval: 6 (64s)
C:\net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.
C:\w32tm /config /syncfromflags:manual /manualpeerlist:"
0.north-america.pool.ntp.o
.ntp.org,3.north-america.p
The following arguments were unexpected:
1.north-america.pool.ntp.o
.ntp.org"
C:\w32tm /config /reliable:yes
The command completed successfully.
C:\net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.
C:\w32tm /query /configuration
[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombin
ResolvePeerBackoffMinutes:
ResolvePeerBackoffMaxTimes
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: AllSync (Local)
NtpServer: pool.ntp.org,0x1 (Local)
NtpServer (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombin
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmicti
Enabled: 0 (Local)
InputProvider: 1 (Local)
C:\
Any thoughts?
Do I need to run the same process as in the article above on all servers and point the other servers to DC2 for NTP?
Thanks
Tom
Event-ID-50-Time-Service.txt
Event-ID-142-Time-Service.txt
Event-ID-144-Time-Service.txt
Event-ID-24-Time-Service.txt
Event-ID-129-Time-Service.txt
Windows 2008 R2 Standard
Windows 7 Pro
Windows 8.1 Pro
Windows Vista 32 bit yes still have some
Today I Demoted my Last Windows 2003 Server on the network it was a Domain controller Also all network computers pointed to this server for NTP I am using a GPO.
I have a DNS A record NTP.FQDN pointing to that ip address on the server
All worked well time was sync'd no issues.
After demoting the server I rebuilt it as a Windows 2012 R2 Standard DC.
Now I have two Windows 2012 DC servers running
Now I am getting Event Id 50 from the Windows 2008 servers
Event Id 142 144 from DC1
For the 142 error I tried this
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.
C:\net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.
C:\w32tm /unregister
W32Time successfully unregistered.
C:\w32tm /register
W32Time successfully registered.
C:\net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.
C:\w32tm /resync
Sending resync command to local computer
The computer did not resync because only stale time data was available.
C:\
This get resync error
ON DC2
I followed these instructions
https://www.experts-exchange.com/videos/511/Windows-Server-2012-Configuring-NTP-Servers-for-Time-Synchronization.html
good article
Event Id 24 and 129
ran this
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\w32tm /resync
Sending resync command to local computer
The command completed successfully.
C:\w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 3 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0801686s
Root Dispersion: 7.8289405s
ReferenceId: 0x454048EE (source IP: 69.64.72.238)
Last Successful Sync Time: 6/27/2015 7:58:32 PM
Source: pool.ntp.org,0x1
Poll Interval: 6 (64s)
C:\net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.
C:\w32tm /config /syncfromflags:manual /manualpeerlist:"
0.north-america.pool.ntp.o
.ntp.org,3.north-america.p
The following arguments were unexpected:
1.north-america.pool.ntp.o
.ntp.org"
C:\w32tm /config /reliable:yes
The command completed successfully.
C:\net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.
C:\w32tm /query /configuration
[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombin
ResolvePeerBackoffMinutes:
ResolvePeerBackoffMaxTimes
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: AllSync (Local)
NtpServer: pool.ntp.org,0x1 (Local)
NtpServer (Local)
DllName: C:\Windows\system32\w32tim
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombin
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmicti
Enabled: 0 (Local)
InputProvider: 1 (Local)
C:\
Any thoughts?
Do I need to run the same process as in the article above on all servers and point the other servers to DC2 for NTP?
Thanks
Tom
Event-ID-50-Time-Service.txt
Event-ID-142-Time-Service.txt
Event-ID-144-Time-Service.txt
Event-ID-24-Time-Service.txt
Event-ID-129-Time-Service.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if dc2 is the pdc then you don't have to do anything.. as all systems will sync with the PDC
ASKER
Dave
I was thinking that
DC1 owns all the roles
Can I just make DC2 the PDC or should it have some roles?
I was thinking that
DC1 owns all the roles
Can I just make DC2 the PDC or should it have some roles?
First off, if you have a GPO setup pointing to the PDC which is no longer there then you are going to have to change the GPO to point to the new PDC role holder.
However Time Source should work out of the box when you add machines to the domain. The hierarchy is below for time source...
- external time source
- pdc
- all other dc
So that being said, you do not even need to configure a GPO for your clients to point to the PDC specifically. All of your domain controllers get there Time source from the PDC based on the Hierarchy and then they can distribute the time to the clients.
I tend to not have ALL clients pointing to the PDC as it puts more load on the PDC and also if you have sites that are geographically far away I would not want all of my clients pointing to this PDC I would just want my DC to point to it and then distribute the Time to the clients in the default site.
Will.
However Time Source should work out of the box when you add machines to the domain. The hierarchy is below for time source...
- external time source
- pdc
- all other dc
So that being said, you do not even need to configure a GPO for your clients to point to the PDC specifically. All of your domain controllers get there Time source from the PDC based on the Hierarchy and then they can distribute the time to the clients.
I tend to not have ALL clients pointing to the PDC as it puts more load on the PDC and also if you have sites that are geographically far away I would not want all of my clients pointing to this PDC I would just want my DC to point to it and then distribute the Time to the clients in the default site.
Will.
ASKER
Will
Hello and thanks for chiming in
My GPO uses a DNS A record I created to point to the server that is the NTP Server this way if anything happens I just change the DNS record.
I do not have any remote sites all network computer are internal
I just upgraded my two DC's to Windows 2012
DC2 held all FSMO roles and was the PDC and was the NTP Server
So I demoted DC1 first
Now DC1 is a Windows 2012 R2 AD DC
I moved all FSMO roles from DC2 to DC1 and DC1 is now the PDC
I also migrated Active Directory Certificate Service from DC2 to DC1
Found that out when I tried to demote DC2 it failed because Certificate Services was still running
So now DC1 has all FSMO Roles is the PDC and runs ADCS
Demoted DC2
Installed Windows 2012 R2 Standard and made it a Active Directory Domain Controller
I can move all the FSMO roles back to DC2 and make it the PDC again
Is running Certificate Services ok then on DC1 if I remove all the FSMO roles and make DC2 that owner and PDC?
Thoughts
Hello and thanks for chiming in
My GPO uses a DNS A record I created to point to the server that is the NTP Server this way if anything happens I just change the DNS record.
I do not have any remote sites all network computer are internal
I just upgraded my two DC's to Windows 2012
DC2 held all FSMO roles and was the PDC and was the NTP Server
So I demoted DC1 first
Now DC1 is a Windows 2012 R2 AD DC
I moved all FSMO roles from DC2 to DC1 and DC1 is now the PDC
I also migrated Active Directory Certificate Service from DC2 to DC1
Found that out when I tried to demote DC2 it failed because Certificate Services was still running
So now DC1 has all FSMO Roles is the PDC and runs ADCS
Demoted DC2
Installed Windows 2012 R2 Standard and made it a Active Directory Domain Controller
I can move all the FSMO roles back to DC2 and make it the PDC again
Is running Certificate Services ok then on DC1 if I remove all the FSMO roles and make DC2 that owner and PDC?
Thoughts
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Will
Thanks for that info.
Both DC1 and DC2 are identical servers RAM/CPU/etc are the same.
I have not had any Time Service Events on any of the server since I fixed my syntax error from above.
As long as NTP source is on an DC then it should be ok not being the PDC
I am good with that
Thoughts
Thanks for that info.
Both DC1 and DC2 are identical servers RAM/CPU/etc are the same.
I have not had any Time Service Events on any of the server since I fixed my syntax error from above.
As long as NTP source is on an DC then it should be ok not being the PDC
I am good with that
Thoughts
Yes then you should be fine.
However a DNS record is not required as the client machines will use the NTP hierarchy as I stated above.
But as this is working for you already I would just leave it.
Will.
However a DNS record is not required as the client machines will use the NTP hierarchy as I stated above.
But as this is working for you already I would just leave it.
Will.
ASKER
Will
Thanks
I am going to give it another 24 hours see how it goes.
Thanks
I am going to give it another 24 hours see how it goes.
ASKER
Thanks
After fixing the syntax time services are running as expected on all network computers.
After fixing the syntax time services are running as expected on all network computers.
ASKER
Good catch nice to have another pair of eyes.
Ok
I got the commands to work.
Now will this DC2 distribute the time to all my network computers?
They all have a Policy defined pointing to this DC2 ip address for NTP
Thoughts?