We help IT Professionals succeed at work.

NTP problem

669 Views
Last Modified: 2017-03-23
I have 3 DCs, 2 are VMs and 1 is a physical.  I have 4 Host servers running hyper V.
I have tried everything under the sun to get the NTP working, but I still can't get it to work.

All my Host servers and DCs are running win2012R2.

I have followed these guides:
http://www.sysadminlab.net/windows/configuring-ntp-on-windows-server-2012
http://www.sysadminlab.net/windows/configuring-ntp-on-windows-using-gpo

And have ran the commands on all of my DCs, but it's still not working, the time is still off.

Any ideas what I'm missing?
Comment
Watch Question

Dr. KlahnPrincipal Software Engineer
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
AntzsInfrastructure Services
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Isn't this the same question you've already asked and have mot closed here?

https://www.experts-exchange.com/questions/29006344/configuring-windows-time-via-Group-Policy.html
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
if you could explain what exactly you have run / configured so far from server side and client side, we can help
Satish AutiSenior System Administrator
CERTIFIED EXPERT

Commented:
Please let us know current NTP configuration.

Normally when you promote the DC it has the capability to act as NTP server. It is recommended to have this role installed on PDC role holder server.

Also if you have VM in place you should disable the time sync with esxi server  as there are some issues with time synchronization.
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2075424

Then you can configure the authoritative time server in your environment. Please follw steps under "Configuring the Windows Time service to use an external time source" as your NTP server must sync time with external time source and update in domain accordingly. Need to configure NTP valure in registry.

https://support.microsoft.com/en-in/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server.

for other domain servers in your network you can configure nt5ds value which will get sync time with your NTP server.
Satish AutiSenior System Administrator
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
Even while here's a lot of hints and links already, I'll try to throw in my article on NTP, too. It's on NTP basics mainly, but it contains a lot of trouble evasion hints, too.

You don't have stated what you're using to sync to the NTP time source, but
And have ran the commands on all of my DCs (...)
implies to me that you're wrestling around with W32time, the Windows on-board timekeeper service. I've had enough hassle with that piece of crap in NTP mode to avoid it whenever I have a chance to.

I'd recommend to switch over to something stable and mature: Use a Windows port of the classic *ux NTP client.
DanNetwork Engineer

Author

Commented:
I think my issue might be that my 3 DCs are trying to be the internal NTP server.
 I just used the pool.ntp.org

I ran these on all my DCs. These are all the different commands I ran.
w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL
w32tm /resync
w32tm.exe /resync /rediscover /nowait
w32tm /query /peers
w32tm /query /source
w32tm /query /status


Should I just run this command on 2 of my servers:
w32tm /unregister

And then just run this command on only one of my DCs?:
w32tm /config /manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org” /syncfromflags:MANUAL


This question is not exactly the same as my other question, as after I can figure out the NTP problem on my server, then I do want all my PCs to get the time from my internal NTP server, so I'm guessing it's a different question.

On my firewall, I did open up the port NTP uses, so that should be good.
I guess I should check the windows server firewall to see if that port is open as well?

Dr Klahn, how did you get to that screen, as i'm on windows 10 and I can't get to that screen?

I ran this command:
C:\Windows\System32>w32tm /query /source
DC2.mydomain.org

Is there a way to see all of the NTP configured servers in my domain?

Here's the configuration for all my 3 DCs.

DC1

C:\Windows\system32>w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Policy)
AnnounceFlags: 10 (Policy)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 10 (Policy)
MaxPollInterval: 15 (Policy)
MaxNegPhaseCorrection: 54000 (Policy)
MaxPosPhaseCorrection: 54000 (Policy)
MaxAllowedPhaseOffset: 300 (Policy)

FrequencyCorrectRate: 4 (Policy)
PollAdjustFactor: 5 (Policy)
LargePhaseOffset: 1280000 (Policy)
SpikeWatchPeriod: 90 (Policy)
LocalClockDispersion: 10 (Policy)
HoldPeriod: 5 (Policy)
PhaseCorrectRate: 1 (Policy)
UpdateInterval: 30000 (Policy)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Policy)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Policy)
ResolvePeerBackoffMaxTimes: 7 (Policy)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 3 (Policy)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Policy)
Type: NT5DS (Policy)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 0 (Local)
InputProvider: 1 (Local)


DC2

C:\Users\exec>w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Policy)
AnnounceFlags: 10 (Policy)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 10 (Policy)
MaxPollInterval: 15 (Policy)
MaxNegPhaseCorrection: 54000 (Policy)
MaxPosPhaseCorrection: 54000 (Policy)
MaxAllowedPhaseOffset: 300 (Policy)

FrequencyCorrectRate: 4 (Policy)
PollAdjustFactor: 5 (Policy)
LargePhaseOffset: 1280000 (Policy)
SpikeWatchPeriod: 90 (Policy)
LocalClockDispersion: 10 (Policy)
HoldPeriod: 5 (Policy)
PhaseCorrectRate: 1 (Policy)
UpdateInterval: 30000 (Policy)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Policy)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Policy)
ResolvePeerBackoffMaxTimes: 7 (Policy)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 3 (Policy)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Policy)
Type: NT5DS (Policy)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)


DC3

C:\Windows\System32>w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Policy)
AnnounceFlags: 10 (Policy)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 10 (Policy)
MaxPollInterval: 15 (Policy)
MaxNegPhaseCorrection: 54000 (Policy)
MaxPosPhaseCorrection: 54000 (Policy)
MaxAllowedPhaseOffset: 300 (Policy)

FrequencyCorrectRate: 4 (Policy)
PollAdjustFactor: 5 (Policy)
LargePhaseOffset: 1280000 (Policy)
SpikeWatchPeriod: 90 (Policy)
LocalClockDispersion: 10 (Policy)
HoldPeriod: 5 (Policy)
PhaseCorrectRate: 1 (Policy)
UpdateInterval: 30000 (Policy)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Policy)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Policy)
ResolvePeerBackoffMaxTimes: 7 (Policy)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 3 (Policy)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Policy)
Type: NT5DS (Policy)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CERTIFIED EXPERT

Commented:
OK - I've been right: W32time.

So I repeat my advice: Kick W32time out and use a classic NTP client. Follow the guidlines in my article on NTP. Use all the 4 NTP server pointers from pool.ntp.org (preferably some in your region ... see http://www.pool.ntp.org for details on regional servers; klick on the region name on the right of the gage for directions).
Architect
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
DanNetwork Engineer

Author

Commented:
But I have 3 PDCs   So I have 3 domain controllers.  From what you're saying, I need to only configure one of them to be the time keeper.

How do I know if I have other servers that are configured to be the NTP server?
You had referenced asia.pool.etc...  I'm in the US, so wouldn't I want to use servers in the US?
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You don't have 3 PDCs, you are running how many domains?

Single domain single forest right?

U have only one server acting as PDC

Run "netdom query fsmo" on any one server and you will come to know which is the PDC

But obvious, you need to find pool.org servers at your location, that is what I told earlier
DanNetwork Engineer

Author

Commented:
yes, thanks, I figured out which DC is my PDC.

So my DCs are virtualized, will that be a problem?  I'm running a scale SAN.
DanNetwork Engineer

Author

Commented:
some places have 0x1, you list 0x8, whats the difference?
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Use this switch:
0x08 Automatic reliable time server

other switch meaning
0x01 - always time server

read below articles to clear the concept
https://technet.microsoft.com/windows-server-docs/identity/ad-ds/get-started/windows-time-service/windows-time-service-tools-and-settings
DanNetwork Engineer

Author

Commented:
thanks, I had googled it after I wrote the comment.

So I did the status and source and this is strange, is this correct?

time
DanNetwork Engineer

Author

Commented:
Then I checked the source on one of my servers, and it's not syncing to the DC, it looks like it's syncing with the local CMOS clock.
Isnt this wrong?  How do I get all the servers and PCs to sync with the PDC now?

time2
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
DanNetwork Engineer

Author

Commented:
looks like even my PDC is not working.  How do I overcome this problem?

time3
DanNetwork Engineer

Author

Commented:
some is wrong.
 here's everything I did and still not working.  It's still getting the time from the cmos clock

time4
DanNetwork Engineer

Author

Commented:
I stopped the hyperV integration syservices, so it's not getting the time from the HyperV host anymore, but now I can't get to sync with the correct online servers, it still says local CMOS clock
DanNetwork Engineer

Author

Commented:
I even configured GP as well with the same settings, nothing.
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
DanNetwork Engineer

Author

Commented:
Thanks everyone, got it figured out.  I had some GPs enabled that was over writing what I had configured.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions