Solved

The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time

Posted on 2016-07-19
7
123 Views
Last Modified: 2016-08-04
Hi All,
Can anyone help me with tis error message? Its from a windows server 2008 r2 server  & we found in the event logs

thank you in advance
0
Comment
Question by:MarK PercY
7 Comments
 
LVL 8

Expert Comment

by:Stolsie
ID: 41719297
Hello

the error messages says you are not getting useable information from what you have set.
what have you got set on the server for time keeping?
0
 
LVL 29

Accepted Solution

by:
ScottCha earned 500 total points
ID: 41719332
Here are my notes on time synchronization:

From MS with my own customizations in it.

How to configure an authoritative time server in Windows Server

Wednesday, July 13, 2016
8:01 AM

INTRODUCTION
Windows Server includes W32Time, the Time Service tool that is required by the Kerberos authentication protocol. The Windows Time service makes sure that all computers in an organization that are running the Microsoft Windows 2000 Server operating system or later versions use a common time.

To guarantee appropriate common time usage, the Windows Time service uses a hierarchical relationship that controls authority, and the Windows Time service does not allow for loops. By default, Windows-based computers use the following hierarchy:
• All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
• All member servers follow the same process that client desktop computers follow.
• All domain controllers in a domain nominate the primary domain controller (PDC) operations master as their in-bound time partner.
• All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner.
In this hierarchy, the PDC operations master at the root of the forest becomes authoritative for the organization. We highly recommend that you configure the authoritative time server to obtain the time from a hardware source. When you configure the authoritative time server to sync with an Internet time source, there is no authentication. We also recommend that you reduce your time correction settings for your servers and stand-alone clients. These recommendations provide more accuracy and security to your domain.

Configuring the Windows Time service to use an external time source

To configure an internal time server to synchronize with an external time source, follow these steps:
1. Change the server type to NTP. To do this, follow these steps:
            a. Click Start, click Run, type regedit, and then click OK.
            b. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
            c. In the pane on the right, right-click Type, and then click Modify.
            d. In Edit Value, type NTP in the Value data box, and then click OK.
2. Set AnnounceFlags to 0xA. To do this, follow these steps:
            a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
            b. In the pane on the right, right-click AnnounceFlags, and then click Modify.
            c. In Edit DWORD Value, type 5 in the Value data box, and then click OK.

      
      Notes
      • If an authoritative time server that is configured to use an AnnounceFlag value of 0x5 does not synchronize with an upstream time server, a client server may not correctly synchronize with the authoritative time server when the time synchronization between the authoritative time server and the upstream time server resumes. Therefore, if you have a poor network connection or other concerns that may cause time synchronization failure of the authoritative server to an upstream server, set the AnnounceFlag value to 0xA instead of to 0x5.
      • If an authoritative time server that is configured to use an AnnounceFlag value of 0x5 and to synchronize with an upstream time server at a fixed interval that is specified in SpecialPollInterval, a client server may not correctly synchronize with the authoritative time server after the authoritative time server restarts. Therefore, if you configure your authoritative time server to synchronize with an upstream NTP server at a fixed interval that is specified in SpecialPollInterval, set the AnnounceFlag value to 0xA instead of 0x5.
3. Enable NTPServer. To do this, follow these steps:
            a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
            b. In the pane on the right, right-click Enabled, and then click Modify.
            c. In Edit DWORD Value, type 1 in the Value data box, and then click OK.
4. Specify the time sources. To do this, follow these steps:
            a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
            b. In the pane on the right, right-click NtpServer, and then click Modify.
            c. In Edit Value, type ‘time.nist.gov,0x1’ (no quotes, 0x1 must be there) in the Value data box, and then click OK.

Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes that you make in step 5 will not take effect.
5. Select the poll interval. To do this, follow these steps:
            a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
            b. In the pane on the right, right-click SpecialPollInterval, and then click Modify.
            c. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
            d. 900 (decimal)

Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 (decimal). This value configures the Time Server to poll every 15 minutes.
6. Configure the time correction settings. To do this, follow these steps:
            a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
            b. In the pane on the right, right-click MaxPosPhaseCorrection, and then click Modify.
            c. In Edit DWORD Value, click to select Decimal in the Base box.
            d. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
            e. 3600 (decimal)
      
      Note
      • TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend on the poll interval, network condition, and external time source. 
      • The default value of MaxPosPhaseCorrection is 48 hours in Windows Server 2008 R2 or later.
            e. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
            f. In the pane on the right, right-click MaxNegPhaseCorrection, and then click Modify.
            g. In Edit DWORD Value, click to select Decimal in the Base box.
            h. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
            i. 3600 (decimal)

Note
      • TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend on the poll interval, network condition, and external time source. 
      • The default value of MaxNegPhaseCorrection is 48 hours in Windows Server 2008 R2 or later.
7. Close Registry Editor.
8. At the command prompt, type the following command to restart the Windows Time service, and then press Enter:
net stop w32time && net start w32time
check using:
 
w32tm /query /configuration
w32tm /query /status
w32tm /query /peers
w32tm /monitor

All domain controllers should be set to the same NTP time source.  All other servers should be set using:
 
w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time
 
Which will set the device to get time from the domain.


Note For a list of available time servers, see Microsoft Knowledge Base article 262680: A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet

Troubleshooting
For the Windows Time service to function correctly, the networking infrastructure must function correctly. The most common problems that affect the Windows Time service include the following:
• There is a problem with TCP/IP connectivity, such as a dead gateway.
• The Name Resolution service is not working correctly.
• The network is experiencing high volume delays, especially when synchronization occurs over high-latency wide area network (WAN) links.
• The Windows Time service is trying to synchronize with inaccurate time sources.
We recommend that you use the Netdiag.exe utility to troubleshoot network-related issues. Netdiag.exe is part of the Windows Server 2003 Support Tools package. See Tools Help for a complete list of command-line parameters that you can use with Netdiag.exe. If your problem is still not solved, you can turn on the Windows Time service debug log. Because the debug log can contain very detailed information, we recommend that you contact Microsoft Customer Support Services when you turn on the Windows Time service debug log.


From <https://support.microsoft.com/en-us/kb/816042>
0
 
LVL 8

Expert Comment

by:Stolsie
ID: 41719350
lol ask a question get a book thrown at you.... I'm out
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:MarK PercY
ID: 41719424
Thank you so much for your response & your notes
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 41719693
Hmmm ... W32time, the timekeeping service in Windows. I experienced enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.

For a mature timekeeping service with well documented behaviour, I'd recommend this:

Use a Windows port of the classic *ix NTP service on your DC VMs, and sync 'em with NTP time sources from pool.ntp.org. Ensure to disable the time sync features of VMware (to timekeeping services on one clock will cause time chaos). The NTP service software is free. Easy to install and configure, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting.

See my article on NTP basics for the "How To".

The "classic" NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.

If securtity is an issue, you might as well use local radio controlled clock appliances (see the article for that, too) in your LAN who serve times very reliable and precise.
0
 
LVL 10

Expert Comment

by:Scott Silva
ID: 41719939
I would manually have a look at the date and time on the server to make sure it is somewhere close.... It is common for older servers to have a dead CMOS battery and after reboot the clock starts from a set base in the bios. If the time is way off ( more than a few hours) the time service can error out...

Next look at firewall blocking from that server on port UDP 123 .
0
 

Author Closing Comment

by:MarK PercY
ID: 41742312
thank you
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question