We help IT Professionals succeed at work.

Incorrect Network Time

76 Views
Last Modified: 2018-11-13
Our network time is 2 minutes faster than the NIST time so I tried to find
who is the time server on our network using the command:

w32tm /query /source

After that, I got into the time server and ran the same command to confirm
whether the time server thinks that it is the time server for our network and
got the result:

"Free-Running System Clock"

Then I adjusted the time by setting it two minutes slower to match the NIST time.
All the Servers and PCs synced to the new time after about 5 or 10 minutes and
I thought everything's set but it isn't.

After about 12 hours, every single Server and PC's time are back to the the old time
(2 minutes faster) including the time server mentioned above.

Is there something on our network that has higher authority than the time server
mentioned above?  

Thank you for your time!
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Use the following method to set your domain controller to authenticate to an external time source (NTP) server :

Step 1: Logon to Domain Controller (with PDC role) with Administrator account and open elevated command prompt.
If you have multiple domain controller and don't know which DC holds PDC role then use following command:
netdom /query fsmo

Step 2: Type following commands on elevated command prompt

Step 3: w32tm /config /manualpeerlist:"0.uk.pool.ntp.org,0x1 1.uk.pool.ntp.org,0x1 2.uk.pool.ntp.org,0x1 3.uk.pool.ntp.org,0x1"
Configure external time sources

Step 4: w32tm /config /reliable:yes
Make this DC a reliable time source for the clients.

Step 5: net stop w32time && net start w32time
restart w32 time server, now DC should synchronize time with uk.pool.ntp.org time servers.
If the DC is not synchronizing time with the external NTP server then check the event logs (Event Viewer >> System). Normally event id 47 which means it is unable to reach the external NTP server, check the firewall to make sure port 123 is open.

Step 6: Some helpful w32tm commands:
Force synchronizing the time asap
w32tm /resync /nowait
Check NTP configuration
w32tm /query /configuration
w32tm /query /source
Display time source
w32tm /query /peers
Display list of all configured NTP servers and their status
w32tm /query /status
Display time service status i.e whether it is getting time from local cmso clock/external NTP server

Step 7: Force domain computers to synchronize the time with the DC; use elevated command prompt
w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time

Step 8: Following commands will reset the time service to default.
net stop w32time
w32tm /unregister
w32tm /register
net start w32time

reference  : https://community.spiceworks.com/how_to/65413-configure-dc-to-synchronize-time-with-external-ntp-server
CERTIFIED EXPERT
Top Expert 2016

Commented:
Is there something on our network that has higher authority than the time server
mentioned above?

if it is 2 minutes faster, it can't be a time server from internet or satellite because those would be accurate or at most have a little delay (actually time services from internet do a measure of the delays for a significant number of times by sending the received time back to the server. that way the system time they finally use is a very good approximation of the real time).

i would guess that there is a second time server in your LAN which is responsible for the wrong time. check the event log of the time server where you corrected the gap. there should be an entry when the time was reset to the faster time which might give you a clue which is the master that provides the wrong time.

Sara

Author

Commented:
Thank you for your response.  Below are the two time related events found in the event log of the time server.
Event #1 states that "there is no machine above it in the domain hierarchy to use as a time source".
Based on that, if I adjust the time to two minutes slower on this server, the time should not change for any reason
and it is confirmed by "The time service will not update the local system time until it is able to synchronize with a time source"
as shown in Event #2.  However; it kept adjusting the time automatically later on, to the time that two minutes faster and
the time update action is not shown in the event log.  Can you please advise what I should do next? Thanks!

Event #1
"Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient."

Event #2
"The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization."
Philip ElderTechnical Architect - HA/Compute/Storage
CERTIFIED EXPERT

Commented:
If the DC(s) is/are virtual then make sure to disconnect time sync with the host.

Then, run the instructions in this blog post to set up the PDCe and the other DCs on the network for a domain time architecture.
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.