If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.
PDC not syncing to external NTP!?
I'm trying to get my DC (with the PDC Emulator role) to sync its time to an external NTP server but it simply doesn't stick!? It simply continues to use the local CMOS clock as a source??
I've executed these commands: https://community.spiceworks.com/how_to/65413-configure-dc-to-synchronize-time-with-external-ntp-server
I've tested this: w32tm /stripchart /computer:NTPServerNameOrI
But the PDC simply doesn't keep the external NTP server as a source and thus doesn't synchronize the time correctly ... what's up with this!?
Thanks!
I've executed these commands: https://community.spiceworks.com/how_to/65413-configure-dc-to-synchronize-time-with-external-ntp-server
I've tested this: w32tm /stripchart /computer:NTPServerNameOrI
But the PDC simply doesn't keep the external NTP server as a source and thus doesn't synchronize the time correctly ... what's up with this!?
Thanks!
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
If you run the resync command do either of the correct Even ID's show up in the Event Log?
See my post here
Windows – Setting Domain Time
Pete
See my post here
Windows – Setting Domain Time
Pete
Pete:
I've done what's described on that page you've linked to and I get this in the event viewer:
EventID 12: Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
I've done what's described on that page you've linked to and I get this in the event viewer:
EventID 12: Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
And when I try this 'EasyFix' from Microsoft then it fails :/ https://support.microsoft.com/en-us/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server
>>I've done what's described on that page you've linked to and I get this in the event viewer:
is UDP port 123 open on your firewall? Did you see Event ID 37 and 35.
is UDP port 123 open on your firewall? Did you see Event ID 37 and 35.
Wait, I missed something ... after the resync command I get an error: 'the computer did not resync because no time data was available'.
UDP port 123 is open on the main firewall, will have to check on Windows firewall on the server ...
UDP port 123 is open on the main firewall, will have to check on Windows firewall on the server ...
I've added an inbound and an outbound rule for port 123 but that doesn't seem to help ...
Also, this still works: w32tm /stripchart /computer:NTPServerNameOrI
The problem seems to be that the DC doesn't know where to look for time data even though I have entered those other commands ...
Also, this still works: w32tm /stripchart /computer:NTPServerNameOrI
The problem seems to be that the DC doesn't know where to look for time data even though I have entered those other commands ...
>>I've added an inbound and an outbound rule for port 123 but that doesn't seem to help ...
You only need an outbound rule from the PDC, allow to anywhere (for now)
Then issue the same command I posted on my site including the NTP server (Manchester university - I always use this, its always up, and we can change it later if you like)
Then, Check the server server is not getting time settings from Group Policy (see link above)
You only need an outbound rule from the PDC, allow to anywhere (for now)
Then issue the same command I posted on my site including the NTP server (Manchester university - I always use this, its always up, and we can change it later if you like)
Then, Check the server server is not getting time settings from Group Policy (see link above)
I've executed w32tm /config /manualpeerlist:ntp2d.mcc.
But when I execute w32tm /query /configuration it is still pointing to local sources ...
Here's a log file though, maybe that'll help you?
Group Policy elements are on 'not configured'
w32time.log
But when I execute w32tm /query /configuration it is still pointing to local sources ...
Here's a log file though, maybe that'll help you?
Group Policy elements are on 'not configured'
w32time.log
I keep getting this error in the Event Viewer: Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
Is this a virtual server? Make sure either VMware tools or whatever the Microsoft equiv is called is NOT set to sync time from the Hypervisor.
lets make sure its set to defaults
Configure authorative time server on the PDC role holder server below is the KB article for the same.
http://support.microsoft.com/kb/816042
Make sure that below parameters are set correctly on PDC Server.
1.Change the server type to NTP
2.Set AnnounceFlags to 5
3.Enable NTPServer
4.Specify the time sources.eg time.windows.com,0x1 or pool.ntp.org,0x1
5Configure other paratmeters as well.
Restart the windows time service.Ran w32tm /resync /rediscover command.
Check the system log you will get event id 35 and 37 related to time sync.
lets make sure its set to defaults
Configure authorative time server on the PDC role holder server below is the KB article for the same.
http://support.microsoft.com/kb/816042
Make sure that below parameters are set correctly on PDC Server.
1.Change the server type to NTP
2.Set AnnounceFlags to 5
3.Enable NTPServer
4.Specify the time sources.eg time.windows.com,0x1 or pool.ntp.org,0x1
5Configure other paratmeters as well.
Restart the windows time service.Ran w32tm /resync /rediscover command.
Check the system log you will get event id 35 and 37 related to time sync.
I've done all of those things again ... I'm still getting the 'the computer did not resync because no data was available'.
w32tm /query /configuration still points to local sources ... not the external NTP servers!?
w32tm /query /configuration still points to local sources ... not the external NTP servers!?
Pete: that's what I'm getting when I use NTPTool!
But I still get the 'the computer did not resync because no time data was available' when trying to execute 'w32tm /resync' ...
But I still get the 'the computer did not resync because no time data was available' when trying to execute 'w32tm /resync' ...
I think I'll simply give up on this issue ... I've now enabled NTP Sync on the VMWare host and it's syncing its (correct!) time to the VMs of the Domain Controllers using VMWare tools.
Thats not a good solution one dodgy host CMOS battery and your Domain controllers can start tombstoning each other :(
If the NTP toms work and the w32Time service doesn't not then, either
1. its broken
2. Theres a GPO forcing incorrect settings.
3. Theres something in the registry that should not be there.
1. Its broken, OK transfer the PDC emulator role to another server, make sure NTP is also open for its IP address!.
2. Once you moved the rule, Start > Run > mmc.exe > file > add/Remove Snap-in >Resultant Set Of Policy > Gerneate new Data > This Computer > Current User
This will show you every policy that is being applied.
look under: Computer Configuration\Administrati
3. Registry settings usually come from GPOs in this case but just in case; Start >Regedit > Navigate to > HKEY_LOCAL_MACHINE\SYSTEM\
1. its broken
2. Theres a GPO forcing incorrect settings.
3. Theres something in the registry that should not be there.
1. Its broken, OK transfer the PDC emulator role to another server, make sure NTP is also open for its IP address!.
2. Once you moved the rule, Start > Run > mmc.exe > file > add/Remove Snap-in >Resultant Set Of Policy > Gerneate new Data > This Computer > Current User
This will show you every policy that is being applied.
look under: Computer Configuration\Administrati
3. Registry settings usually come from GPOs in this case but just in case; Start >Regedit > Navigate to > HKEY_LOCAL_MACHINE\SYSTEM\
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Yessssssssssss, it has finally worked! The problem was that there was a 'default group policy' that contained bad parameters for all that NTP stuff. I've removed those parameters and then applied your article and everything works fine now :)
Thanks again! That Resultant Set of Policy was key!
Thanks again! That Resultant Set of Policy was key!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012
From novice to tech pro — start learning today.
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 303 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 435 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 388 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 450 lessons
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
Does this happen while the system is still running, or after a reboot?
Have you examined the Registry after setting the server parameters to confirm that the Registry has been set?
Is the Windows Time Service set to run at startup?