Incorrect Network Time

Our network time is 2 minutes faster than the NIST time so I tried to find
who is the time server on our network using the command:

w32tm /query /source

After that, I got into the time server and ran the same command to confirm
whether the time server thinks that it is the time server for our network and
got the result:

"Free-Running System Clock"

Then I adjusted the time by setting it two minutes slower to match the NIST time.
All the Servers and PCs synced to the new time after about 5 or 10 minutes and
I thought everything's set but it isn't.

After about 12 hours, every single Server and PC's time are back to the the old time
(2 minutes faster) including the time server mentioned above.

Is there something on our network that has higher authority than the time server
mentioned above?  

Thank you for your time!
COCO3515Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ITguy565Commented:
Use the following method to set your domain controller to authenticate to an external time source (NTP) server :

Step 1: Logon to Domain Controller (with PDC role) with Administrator account and open elevated command prompt.
If you have multiple domain controller and don't know which DC holds PDC role then use following command:
netdom /query fsmo

Step 2: Type following commands on elevated command prompt

Step 3: w32tm /config /manualpeerlist:"0.uk.pool.ntp.org,0x1 1.uk.pool.ntp.org,0x1 2.uk.pool.ntp.org,0x1 3.uk.pool.ntp.org,0x1"
Configure external time sources

Step 4: w32tm /config /reliable:yes
Make this DC a reliable time source for the clients.

Step 5: net stop w32time && net start w32time
restart w32 time server, now DC should synchronize time with uk.pool.ntp.org time servers.
If the DC is not synchronizing time with the external NTP server then check the event logs (Event Viewer >> System). Normally event id 47 which means it is unable to reach the external NTP server, check the firewall to make sure port 123 is open.

Step 6: Some helpful w32tm commands:
Force synchronizing the time asap
w32tm /resync /nowait
Check NTP configuration
w32tm /query /configuration
w32tm /query /source
Display time source
w32tm /query /peers
Display list of all configured NTP servers and their status
w32tm /query /status
Display time service status i.e whether it is getting time from local cmso clock/external NTP server

Step 7: Force domain computers to synchronize the time with the DC; use elevated command prompt
w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time

Step 8: Following commands will reset the time service to default.
net stop w32time
w32tm /unregister
w32tm /register
net start w32time

reference  : https://community.spiceworks.com/how_to/65413-configure-dc-to-synchronize-time-with-external-ntp-server
sarabandeCommented:
Is there something on our network that has higher authority than the time server
mentioned above?

if it is 2 minutes faster, it can't be a time server from internet or satellite because those would be accurate or at most have a little delay (actually time services from internet do a measure of the delays for a significant number of times by sending the received time back to the server. that way the system time they finally use is a very good approximation of the real time).

i would guess that there is a second time server in your LAN which is responsible for the wrong time. check the event log of the time server where you corrected the gap. there should be an entry when the time was reset to the faster time which might give you a clue which is the master that provides the wrong time.

Sara
COCO3515Author Commented:
Thank you for your response.  Below are the two time related events found in the event log of the time server.
Event #1 states that "there is no machine above it in the domain hierarchy to use as a time source".
Based on that, if I adjust the time to two minutes slower on this server, the time should not change for any reason
and it is confirmed by "The time service will not update the local system time until it is able to synchronize with a time source"
as shown in Event #2.  However; it kept adjusting the time automatically later on, to the time that two minutes faster and
the time update action is not shown in the event log.  Can you please advise what I should do next? Thanks!

Event #1
"Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient."

Event #2
"The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization."
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
If the DC(s) is/are virtual then make sure to disconnect time sync with the host.

Then, run the instructions in this blog post to set up the PDCe and the other DCs on the network for a domain time architecture.
COCO3515Author Commented:
I found this link below that worked.   Power shell was a must for my case.

http://jackstromberg.com/2013/10/configuring-external-time-source-on-your-primary-domain-controller/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.