Solved

Time synchronization for Domain Controllers

Posted on 2016-07-29
10
39 Views
Last Modified: 2016-08-28
Hello,

I am experiencing an issue where all the clocks on our domain controllers become out of sync. We currently have 8 DCs on our network and for some reason, the clocks become out of sync, causing anomalies on our network (exchange in particular).

Is there a reason this may be happening and is there a fix for this? Perhaps a way to connect to an external clock?

Thanks in advance
0
Comment
Question by:zito2000
10 Comments
 
LVL 12

Assisted Solution

by:Dustin Saunders
Dustin Saunders earned 167 total points (awarded by participants)
ID: 41734892
I've always used the pool.ntp servers for our TIme service.  This link shows how to set them as your NTP server.
0
 
LVL 14

Assisted Solution

by:Todd Nelson
Todd Nelson earned 167 total points (awarded by participants)
ID: 41734896
If you have not configured an authoritative time server for your domain then each of the servers will attempt to set their time from Microsoft--which isn't always a reliable source.

When you configure an authoritative time server, you want to configure the PDC emulator to access a reliable external time service (http://www.pool.ntp.org/en/) from which it will set its time.  Then all other internal servers should get their time from the PDC emulator.

Utilize these two references to configure time synching for your Windows domain.

How to configure an authoritative time server in Windows Server ... https://support.microsoft.com/en-us/kb/816042

Configure a client computer for automatic domain time synchronization ... https://technet.microsoft.com/en-us/library/cc758905%28WS.10%29.aspx?f=255&MSPPError=-2147217396

Good luck.
0
 
LVL 14

Assisted Solution

by:frankhelk
frankhelk earned 166 total points (awarded by participants)
ID: 41737017
Hmmm ... W32time, the timekeeping service in Windows. I experienced enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.

For a mature timekeeping service with well documented behaviour, I'd recommend this:

Use a Windows port of the classic *ix NTP service on your DCs, and sync 'em with NTP time sources from pool.ntp.org. Sync the clients with your DCs to keep 'em in sync in case of network failure. Ensure to disable the time sync features of VMware (to timekeeping services on one clock will cause time chaos). The NTP service software is free. Easy to install and configure, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting.

See my article on NTP basics for the "How To".

The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.

If securtity is an issue, you might as well use local radio controlled clock appliances (see the article for that, too) in your LAN who serve times very reliable and precise.
0
 

Author Comment

by:zito2000
ID: 41737478
Thank you everyone for the help.

I prefer synchronizing with an external so I will try that solution first.

If no luck, I will explore other avenues to achieve the synchronization.

thank you
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:zito2000
ID: 41737481
I forgot to ask,

Dustin, do I need to do this for every DC, or just the roots?
0
 
LVL 12

Accepted Solution

by:
Dustin Saunders earned 167 total points (awarded by participants)
ID: 41737491
Microsoft states that it only needs to be done on the PDC that is the operations master.
0
 

Author Comment

by:zito2000
ID: 41737505
Ok cool,

that would be one of our roots
0
 
LVL 12

Expert Comment

by:Dustin Saunders
ID: 41748958
@Zito2000

When a question is resolved, simply select an answer(s) that most helped you lead to your resolution.  The question will be closed and points will be awarded to the expert(s) who helped you.
1
 
LVL 12

Expert Comment

by:Dustin Saunders
ID: 41773565
All three experts helped asker reach desired solution with good answers.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now