Net Time Command Question

Good Morning....
I am trying to get a handle on how the Windows time service actually does what it does. From what I can gather by reading Technet posts and hands on experience, the time service is Ok, not the best way to synchronize time but it does work. Here is what I am faced with and why it is a bit confusing.  
In my environment, I have a Windows AD domain, the primary DC gets it time from the internet. The subordinate DCs, which are located across various remote offices, get their time from the primary DC. The client PCs get their time from the subordinate DCs. (A fairly straight forward setup)
What has me baffled is this, I set the client PCs to look at the subordinate DC via a registry setting.  (HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer XXX.XXX.XXX.XXX, 0x1)
Most of the client PCs will return the correct server name when I run the "Net Time" command as well as the correct IP address when I run "Net Time /querysntp" command.
These systems all run Embedded Windows XP
A fair amount of the client PCs will NOT return the correct server host name when I run the "Net Time" command but they all will return the correct IP address when I run the "Net Time /querysntp" command. The ones that do not report the correct server will report another client PCs host name on the same network segment, NOT their own host name.
I can't find a good reason why this issue occurs.

So my question is this, is this normal behavior for this service and if not how should I go about getting all the client PCs to act in a similar manner and return the correct server name as well as the correct IP?

Thank you in advance....

-Bob
Bob ConklinConfiguration/TEST TechnicianAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
Just forget about the "net time" command altogether. It dates back to NetBIOS. It's so old, it's not even deprecated anymore, it's desiccated and turned to dust. Just ... forget it. Don't use it. Strike it from your memory, never to be used anymore. At all. Bury it under more useful information, may it rest in peace. Don't issue that command, and if you do, ignore what it shows. (Unless you happen to sit at an NT4 machine, which you don't, and probably never will anymore).
Use w32tm.exe instead.
And what do you mean with "I set the client PCs to look at the subordinate DC via a registry setting.  (HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer XXX.XXX.XXX.XXX, 0x1)"?
If these clients are domain members: don't configure anything related to the time service. Windows does it automatically, correctly, all by itself, since Windows 2000 (because time synchronization is a vital part of the AD logon), The REG_SZ value "Type" in this key should be "NT5DS" (which is the default once joined to a domain), and should stay at that on all domain members, except obviously for the DC that syncs with the external source.
There is usually no need at all to interfere with the time service on domain members.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bob ConklinConfiguration/TEST TechnicianAuthor Commented:
Hi oBdA

When I started this job, I was instructed to modify the registry key with the settings indicated, these instructions came from the AD domain administrators.
Currently in this setup, I have 14 network VLANs that report back to the primary DC. Yes all the client PCs are domain members. Why I was told to modify the key with the local DCs IP I am not sure.
Just following orders, these client PCs use the same user account to log in to the domain as they are job specific and not user specific.
In our case the type is set to NTP, not to NT5DS.

BTW...we still have NT4.0 systems in our environment too :)
Along with QNX, Linux and a smattering of Apple machines.

-Bob
it_saigeDeveloperCommented:
Respectfully, your AD Domain Administrators are incorrect.  As stated by oBda, *everything* except the DC with the PDC Emulator role should point to NT5DS a.k.a DOMHIER.  In AD, *by default*, windows time services are configured to synchronize their time with the Domain Hierarchy.  For DC's this means they synchronize with the PDC Emulator Role holder, for member servers they synchronize with *any* DC and for clients they synchronize with *any* DC.

Here is a previous EE_PAQ that has instructions on how to configure a GPO for just the PDCe: https:/Q_28597899.html/#a40553961

And this previous EE_PAQ has a good discussion concerning Time Synchronization in AD: https:/Q_28646908.html

The discussion thread also includes a post that describes how to clean the NTP slate, as it were: https:/Q_28646908.html#a40698381

-saige-
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

oBdACommented:
In our case the type is set to NTP, not to NT5DS.
It totally escapes me why so many "administrators" feel the urge to mess with the time service (yes, I intentionally did not use "configure").
The time service comes correctly configured out of the box in the vast majority of cases. The default sync hierarchy Microsoft implemented is easy enough to google.
What your administrators are doing there is pointless. A domain member will sync its time with the DC that authenticated them. By default. Out of the box. All by itself. Just like that. It's magic. At least until an "administrator" intervenes and tells the client to, please, stop working automatically, I want to tell you what to do, even if it's way not as good as what you did before. Micro management at its worst.
If that DC happens to go offline at some point, the default client will happily search another DC to sync its time with. Something that will not happen if the one from a static entry goes down. So where's the benefit? To prove that someone knows the registry key where the time service is configured?
One exception where the time service would need to be reconfigured (and that's what w32tm.exe is for, not the registry) are notebooks that don't connect to AD for extended periods of time. These should be set to "/syncfromflags:ALL" (Type "AllSync" for the registry addicts); this will make the time service search for a DC first, and if none is available, use the ntp server specified. I don't think that feature existed in XP, though.
The NT4 Resource Kit had a time service that could/should be installed on on the machines to automatically sync the time, btw.
Bob ConklinConfiguration/TEST TechnicianAuthor Commented:
I get what you are telling me, but it is not in my power to correct their "standards", as a technician on the front lines , all I can do is follow instructions and do my best.

I will read the attached PAQs for the information they contain. I really appreciate the links.

So the take away from this discussion is that the Net Time command returns less than accurate information, is DOA and should be totally ignored.

That is something I can do :)

I use the W32tm commands on our Win7 embedded systems to view their sync status to the domain, especially when we are seeing time issues in our software.

-Bob
Bob ConklinConfiguration/TEST TechnicianAuthor Commented:
Thank you both for your insights and information, as an aside to oBdA, I mentioned my thoughts based on the information gleaned from this topic  to the DAs and my suggestions was summarily dismissed.
Cheers !!

-Bob
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.