Windows 2012 Domain Time Sync Issues

Windows 2012 R2 Standard
Windows 2008 R2 Standard
Windows 7 Pro
Windows 8.1 Pro
Windows Vista 32 bit yes still have some

Today I Demoted my Last Windows 2003 Server on the network it was a Domain controller Also all network computers pointed to this server for NTP I am using a GPO.
I have a DNS  A record NTP.FQDN  pointing to that ip address on the server
All worked well time was sync'd no issues.

After demoting the server I rebuilt it as a Windows 2012 R2 Standard DC.
Now I have two Windows 2012 DC servers running

Now I am getting Event Id 50 from the Windows 2008 servers
Event Id 142 144  from DC1

For the 142 error  I tried this

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.

C:\net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.


C:\w32tm /unregister
W32Time successfully unregistered.

C:\w32tm /register
W32Time successfully registered.

C:\net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.


C:\w32tm /resync
Sending resync command to local computer
The computer did not resync because only stale time data was available.

C:\

This get resync error

ON DC2  

I followed these instructions
http://www.experts-exchange.com/videos/511/Windows-Server-2012-Configuring-NTP-Servers-for-Time-Synchronization.html
good article

Event Id 24 and 129


ran this
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\w32tm /resync
Sending resync command to local computer
The command completed successfully.

C:\w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 3 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0801686s
Root Dispersion: 7.8289405s
ReferenceId: 0x454048EE (source IP:  69.64.72.238)
Last Successful Sync Time: 6/27/2015 7:58:32 PM
Source: pool.ntp.org,0x1
Poll Interval: 6 (64s)


C:\net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.


C:\w32tm /config /syncfromflags:manual /manualpeerlist:"
0.north-america.pool.ntp.org, 1.north-america.pool.ntp.org, 2.north-america.pool
.ntp.org,3.north-america.pool.ntp.org"
The following arguments were unexpected:
 1.north-america.pool.ntp.org, 2.north-america.pool.ntp.org,3.north-america.pool
.ntp.org"

C:\w32tm /config /reliable:yes
The command completed successfully.

C:\net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.


C:\w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: AllSync (Local)
NtpServer: pool.ntp.org,0x1 (Local)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 0 (Local)
InputProvider: 1 (Local)


C:\

Any thoughts?

Do I need to run the same process as in the article above on all servers and point the other servers to DC2 for NTP?

Thanks

Tom
Event-ID-50-Time-Service.txt
Event-ID-142-Time-Service.txt
Event-ID-144-Time-Service.txt
Event-ID-24-Time-Service.txt
Event-ID-129-Time-Service.txt
LVL 23
Thomas GrassiSystems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
you have an error in your .config.. you probably had word wrap turned on in notepad it should have all been on 1 line

C:\w32tm /config /syncfromflags:manual /manualpeerlist:"
0.north-america.pool.ntp.org, 1.north-america.pool.ntp.org, 2.north-america.pool
.ntp.org,3.north-america.pool.ntp.org"
The following arguments were unexpected:
 1.north-america.pool.ntp.org, 2.north-america.pool.ntp.org,3.north-america.pool
.ntp.org"

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas GrassiSystems AdministratorAuthor Commented:
Dave

Good catch nice to have another pair of eyes.

Ok
I got the commands to work.

Now will this DC2 distribute the time to all  my network computers?

They all have a Policy defined pointing to this DC2 ip address for NTP

Thoughts?
David Johnson, CD, MVPOwnerCommented:
if dc2 is the pdc then you don't have to do anything.. as all systems will sync with the PDC
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Thomas GrassiSystems AdministratorAuthor Commented:
Dave

I was thinking that

DC1 owns all the roles

Can I just make DC2 the PDC or should it have some roles?
Will SzymkowskiSenior Solution ArchitectCommented:
First off, if you have a GPO setup pointing to the PDC which is no longer there then you are going to have to change the GPO to point to the new PDC role holder.

However Time Source should work out of the box when you add machines to the domain. The hierarchy is below for time source...
- external time source
- pdc
- all other dc

So that being said, you do not even need to configure a GPO for your clients to point to the PDC specifically. All of your domain controllers get there Time source from the PDC based on the Hierarchy and then they can distribute the time to the clients.

I tend to not have ALL clients pointing to the PDC as it puts more load on the PDC and also if you have sites that are geographically far away I would not want all of my clients pointing to this PDC I would just want my DC to point to it and then distribute the Time to the clients in the default site.

Will.
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Hello and thanks for chiming in

My GPO uses a DNS A record I created to point to the server that is the NTP Server this way if anything happens I just change the DNS record.

I do not have any remote sites all network computer are internal

I just upgraded my two DC's to Windows 2012

DC2 held all FSMO roles and was the PDC and was the NTP Server
So I demoted DC1 first
Now DC1 is a Windows 2012 R2 AD DC
I moved all FSMO roles from DC2 to DC1 and DC1 is now the PDC
I also migrated Active Directory Certificate Service from DC2 to DC1
Found that out when I tried to demote DC2 it failed because Certificate Services was still running
So now DC1 has all FSMO Roles is the PDC and runs ADCS
Demoted DC2
Installed Windows 2012 R2 Standard and made it a Active Directory Domain Controller


I can move all the FSMO roles back to DC2 and make it the PDC again

Is running Certificate Services ok then on DC1 if I remove all the FSMO roles and make DC2 that owner and PDC?


Thoughts
Will SzymkowskiSenior Solution ArchitectCommented:
FSMO roles should be on the DC that has the best computing power (RAM/CPU/etc), this is so that it can perform optimally as it holds additional roles which require more resources.

So if DC1 has more resources, then leave it.

However, ADCS is not required to be installed on a Domain Controller. Personally I would never install ADCS on a DC because that makes it more difficult if you have to demote this DC if it  runs into any issues.

I always install ADCS on members servers. where this server is dedicated to ADCS only.

Will.
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Thanks for that info.

Both DC1 and DC2 are identical servers RAM/CPU/etc are the same.


I have not had any Time Service Events on any of the server since I fixed my syntax error from above.

As long as NTP source is on an DC then it should be ok not being the PDC

I am good with that

Thoughts
Will SzymkowskiSenior Solution ArchitectCommented:
Yes then you should be fine.

However a DNS record is not required as the client machines will use the NTP hierarchy as I stated above.

But as this is working for you already I would just leave it.

Will.
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Thanks

I am going to give it another 24 hours see how it goes.
Thomas GrassiSystems AdministratorAuthor Commented:
Thanks

After fixing the syntax time services are running as expected on all network computers.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.