domain time sync changed beyond 2 weeks automatically
We have a windows 2008 R2 domain with a physical domain controller server(HP DL380) acting as ntp role for the domain. This is setup to sync externally with 0.uk.pool.ntp.org, 1.uk.pool.ntp.org, 2.uk.pool.ntp.org, 3.uk.pool.ntp.org,
Recently the date and time jumped ahead just over 2 weeks causing various problems, mainly stopping users logging on and kicking existing users off the network. The only way I could fix the problem was by manually setting the time back and then running the command to test and auto update time sync which worked fine once the date/time was set back within the 2 week limit.
My concern is I still do not know what caused the date/time to change, I have checked event viewer etc and can see the date time changed gradually within a couple of hours.
I contacted ntp.pool.org and they confirmed no issues and also confirmed not heard of before so I am left puzzled and concerned that this could happen again at any time but more importantly i need to know what the root cause was.
any help appreciated, also I am aware similar issue can happen in virtual servers with host etc but my server is physical.
thanks
Recently the date and time jumped ahead just over 2 weeks causing various problems, mainly stopping users logging on and kicking existing users off the network. The only way I could fix the problem was by manually setting the time back and then running the command to test and auto update time sync which worked fine once the date/time was set back within the 2 week limit.
My concern is I still do not know what caused the date/time to change, I have checked event viewer etc and can see the date time changed gradually within a couple of hours.
I contacted ntp.pool.org and they confirmed no issues and also confirmed not heard of before so I am left puzzled and concerned that this could happen again at any time but more importantly i need to know what the root cause was.
any help appreciated, also I am aware similar issue can happen in virtual servers with host etc but my server is physical.
thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hmmm ... I presume that "ntp role" depicts W32time service in NTP mode. I experienced enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.
I presume that one of the time servers which pool.ntp.org was pointing to at that time got crazy and dragged your DC behind, or probably the BIOS clock is low on battery and drifted off (but that would usually cause the clock to loose ticks - aka slowing down). I'm astonished that your clients didn't simply followed that course, but maybe it drifted off of the road too fast.
A common source of erratic time behaviour is havin' two timekeeping services fiddling around with time in parallel. So you should check for that.
For a mature timekeeping service with well documented behaviour, I'd recommend this:
Use a Windows port of the classic *ix NTP service on your DC VMs, and sync 'em with NTP time sources from pool.ntp.org. Ensure to disable the time sync features of VMware (to timekeeping services on one clock will cause time chaos). The NTP service software is free. Easy to install and configure, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting.
See my article on NTP basics for the "How To".
The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.
If securtity is an issue, you might as well use local radio controlled clock appliances (see the article for that, too) in your LAN who serve times very reliable and precise.
I presume that one of the time servers which pool.ntp.org was pointing to at that time got crazy and dragged your DC behind, or probably the BIOS clock is low on battery and drifted off (but that would usually cause the clock to loose ticks - aka slowing down). I'm astonished that your clients didn't simply followed that course, but maybe it drifted off of the road too fast.
A common source of erratic time behaviour is havin' two timekeeping services fiddling around with time in parallel. So you should check for that.
For a mature timekeeping service with well documented behaviour, I'd recommend this:
Use a Windows port of the classic *ix NTP service on your DC VMs, and sync 'em with NTP time sources from pool.ntp.org. Ensure to disable the time sync features of VMware (to timekeeping services on one clock will cause time chaos). The NTP service software is free. Easy to install and configure, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting.
See my article on NTP basics for the "How To".
The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.
If securtity is an issue, you might as well use local radio controlled clock appliances (see the article for that, too) in your LAN who serve times very reliable and precise.
ASKER
thanks for help on this. I am going to monitor and log ntp as can find no real root cause so I am going to monitor and see if it goes again after 110 days which is what happened the second time
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thankyou frankhelk, very useful info, at least i can monitor ntp servers and see if/any clues may be given around the time i have calculated it may happen again if it does.;
thanks
thanks
You're welcome ;-)
Besides of writing some own script stuff, which relates on the output of ntpq (which I've done for some *ux machines), the mentioned tool is the best tool I've seen yet. Less the nasty habit of only providing the last 1000 minutes for analysis ...
Besides of writing some own script stuff, which relates on the output of ntpq (which I've done for some *ux machines), the mentioned tool is the best tool I've seen yet. Less the nasty habit of only providing the last 1000 minutes for analysis ...
ASKER
i will checkout the atomic clock
thanks