Solved

Problem with time server configuration.

Posted on 2016-07-22
8
95 Views
Last Modified: 2016-07-22
We have a Windows 2008 server which is reporting a lot of errors regarding the time service as detailed below.  This server is configured as a DC.  Notice the time is constantly being adjusted and the server is regularly stopping itself advertising as a time server

Event Log
This server is hosted on the cloud and is configured to sync time with the primary DC on our local site.  This local primary DC uses references time.windows.com.

Time Config

What is causing these time events and how should we fix it?
0
Comment
Question by:canuckconsulting
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 11

Expert Comment

by:Old User
ID: 41724268
This points to a communication issue with the time source, ie unable to update time from 10.1.1.250.

you need to resolve the communication issue or set that server to use an external time source.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 300 total points
ID: 41724278
If your cloud server is virtual (most likely) then you need to disable a key in the registry that forces it to sync with it's host machine no matter what else you have added to direct it to sync with your on-premise DC.

Look for this key:
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\

Then set "Enabled" to "0"

After you do that, restart the time service:

net stop w32time
net start w32time

Also, I'd suggest that you don't use time.windows.com, if the server cannot reach it for some reason (which happens a lot) then you'll get those type of errors.

Instead use the ntp.org servers -- and to change to those run the following commands on your PDC:

w32tm /config /manualpeerlist:"0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8" /syncfromflags:MANUAL
w32tm /config /update
net stop w32time
net start w32time
w32tm /resync /nowait
0
 

Author Comment

by:canuckconsulting
ID: 41724515
Jeffrey Kane: Thanks

I found this from ntp.org.  It suggests that this is not the right path for servers on an AD network.  Can you please advise?  I should mention that I made your changes prior to find this article so am a bit nervous now as I'm unsure how to rollback!

An example configuration, suitable for a Windows 2003 standalone server or Primary Domain Controller Emulator in a Active Directory domain:
C:\>w32tm /config /update /manualpeerlist:"0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8 3.pool.ntp.org,0x8" /syncfromflags:MANUAL
The above configuration tells Windows Time Service to use four servers from the NTP Pool, and use a client-mode association (identified by the ,0x8 after each server name) to contact them. This configuration is analgous to server directives in the configuration file for ntpd. Note that this configuration should not be used on Windows servers or clients that are members of an Active Directory domain, unless you absolutely want them to ignore time from Active Directory domain controllers on the network.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:canuckconsulting
ID: 41724549
Dave Preston: Thanks for the input.

The server with this errors is hosted remotely at hosting.com on the cloud while 10.1.1.250 is based at our local site.  They are both DCs.  Could the remote server be failing due to delays associated with this configuration.  Should instead both DCs be configured to sync with the same external time server like ntp.org?
0
 
LVL 11

Assisted Solution

by:Old User
Old User earned 200 total points
ID: 41724556
Yes I would configure both to sync from the same time source. I too use ntp.org.
If you go to their site there are very good instructions on how to configure a Windows server to use their pool of ntp servers
0
 

Author Comment

by:canuckconsulting
ID: 41724559
Thanks Dave.

I reread my post to Jeffrey above and think I missed the point.  Presumably the bit in bold refers to non-DCs.  Is that your chaps take as well?
0
 
LVL 11

Expert Comment

by:Old User
ID: 41724562
It is okay to use external time source on a DC, but better to let clients and member servers use th DC as their time source
0
 

Author Closing Comment

by:canuckconsulting
ID: 41724577
Thanks guys!
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question