Link to home
Start Free TrialLog in
Avatar of COCO3515

asked on

Incorrect Network Time

Our network time is 2 minutes faster than the NIST time so I tried to find
who is the time server on our network using the command:

w32tm /query /source

After that, I got into the time server and ran the same command to confirm
whether the time server thinks that it is the time server for our network and
got the result:

"Free-Running System Clock"

Then I adjusted the time by setting it two minutes slower to match the NIST time.
All the Servers and PCs synced to the new time after about 5 or 10 minutes and
I thought everything's set but it isn't.

After about 12 hours, every single Server and PC's time are back to the the old time
(2 minutes faster) including the time server mentioned above.

Is there something on our network that has higher authority than the time server
mentioned above?  

Thank you for your time!
Avatar of ITguy565
Flag of United States of America image

Use the following method to set your domain controller to authenticate to an external time source (NTP) server :

Step 1: Logon to Domain Controller (with PDC role) with Administrator account and open elevated command prompt.
If you have multiple domain controller and don't know which DC holds PDC role then use following command:
netdom /query fsmo

Step 2: Type following commands on elevated command prompt

Step 3: w32tm /config /manualpeerlist:",0x1,0x1,0x1,0x1"
Configure external time sources

Step 4: w32tm /config /reliable:yes
Make this DC a reliable time source for the clients.

Step 5: net stop w32time && net start w32time
restart w32 time server, now DC should synchronize time with time servers.
If the DC is not synchronizing time with the external NTP server then check the event logs (Event Viewer >> System). Normally event id 47 which means it is unable to reach the external NTP server, check the firewall to make sure port 123 is open.

Step 6: Some helpful w32tm commands:
Force synchronizing the time asap
w32tm /resync /nowait
Check NTP configuration
w32tm /query /configuration
w32tm /query /source
Display time source
w32tm /query /peers
Display list of all configured NTP servers and their status
w32tm /query /status
Display time service status i.e whether it is getting time from local cmso clock/external NTP server

Step 7: Force domain computers to synchronize the time with the DC; use elevated command prompt
w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time

Step 8: Following commands will reset the time service to default.
net stop w32time
w32tm /unregister
w32tm /register
net start w32time

reference  :
Is there something on our network that has higher authority than the time server
mentioned above?

if it is 2 minutes faster, it can't be a time server from internet or satellite because those would be accurate or at most have a little delay (actually time services from internet do a measure of the delays for a significant number of times by sending the received time back to the server. that way the system time they finally use is a very good approximation of the real time).

i would guess that there is a second time server in your LAN which is responsible for the wrong time. check the event log of the time server where you corrected the gap. there should be an entry when the time was reset to the faster time which might give you a clue which is the master that provides the wrong time.

Avatar of COCO3515


Thank you for your response.  Below are the two time related events found in the event log of the time server.
Event #1 states that "there is no machine above it in the domain hierarchy to use as a time source".
Based on that, if I adjust the time to two minutes slower on this server, the time should not change for any reason
and it is confirmed by "The time service will not update the local system time until it is able to synchronize with a time source"
as shown in Event #2.  However; it kept adjusting the time automatically later on, to the time that two minutes faster and
the time update action is not shown in the event log.  Can you please advise what I should do next? Thanks!

Event #1
"Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient."

Event #2
"The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization."
If the DC(s) is/are virtual then make sure to disconnect time sync with the host.

Then, run the instructions in this blog post to set up the PDCe and the other DCs on the network for a domain time architecture.
Avatar of COCO3515

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial