Time sync with domain controller isn´t working

Hi,

we have the problem that some clients have wrong time (few minutes) to each other. In the event protocol it says, that there was no answer from domaincotroller and it wouldn´t be used as timeserver anymore.
Time-Service is running on the server and there is no Firewall active.

If i use "w32tm /monitor" on a client, it gives the following warning:
Reverse name resolution is best effort. It may not be
correct since RefID field in time packets differs across
NTP implementations and may not be using IP addresses

What does this warning mean ?

We have a server 2012 and win7-Clients.

Thanks in advance.
loosainAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
did you enable reverse dns zones?
Will SzymkowskiSenior Solution ArchitectCommented:
Time sync for workstations is automatic. When a machine is on the domain it will get its Time from the PDC (if you have a GPO which points to this DC directly) or it will use the domain time sync hierarchy (any domain controllers in the domain). These domain controllers get their time from the PDC so this scenario also works (and this is my preferred method).

Is this happening to ALL clients? If so, i have seen issues like this when computers/servers have not be Syspreped properly.

Are you getting any errors on the domain controllers themselves?

Will.
asavenerCommented:
If i use "w32tm /monitor" on a client, it gives the following warning:
Reverse name resolution is best effort. It may not be
correct since RefID field in time packets differs across
NTP implementations and may not be using IP addresses

What does this warning mean ?

It means that reverse DNS resolution may not work, but it probably has nothing to do with resolving the time servers themselves.  What's the rest of the output look like?
asavenerCommented:
Re-read your post and saw this part:  
In the event protocol it says, that there was no answer from domaincotroller and it wouldn´t be used as timeserver anymore.

OK, the client is trying to communicate with a time server, but it is not getting a reply.

Possible causes are:  resolving to the wrong IP address, traffic is blocked or dropped by a firewall somewhere along the path, or the time service on the domain controller is stopped or unresponsive.

First, check the windows time service on the domain controller.  Next, check the DNS settings on the client.  Third, check if the Windows firewall is enabled on either of the machines.  Finally, check if some network firewall is blocking the traffic.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
loosainAuthor Commented:
The antivirus (firewall) was the problem...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.