Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.
Synchronizing Time In a Domain
I have two domain servers (2016) in a virtual environment. I would like to have one server sync to an external time server. I would also like to create a group policy that would force all servers/workstations on the network to sync their time with the primary domain controller. I have read several articles, but through many complicated steps, it doesn't appear to give me what I perceive to be a simple task.
Can anyone advise on the straight forward steps needed to complete this?
Thanks,
Can anyone advise on the straight forward steps needed to complete this?
Thanks,
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
That doesn't seem to be happening like you describe. I have workstations with different times as well as servers. When I query the time service on my workstation, it claims the source as "Free-Running System Clock"
Attached is what my DC currently returns on query.
Attached is what my DC currently returns on query.
Is your DNS set properly? On the workstations and the servers? Rather than trying to re-invent the wheel, I would start troubleshooting. Best place to start is the event logs on both the server and a problematic client. (DNS is the obvious issue, but if that's not it, go to the event logs!)
So when I googled "Free-running system clock" - I got what I cautioned you about - Disable time sync with the hardware. Reference:
https://blogs.vmware.com/apps/2016/01/completely-disable-time-synchronization-for-your-vm.html
https://blogs.vmware.com/apps/2016/01/completely-disable-time-synchronization-for-your-vm.html
Lee's comment about disabling time syncing with the host is appropriate, but his link assumes you are using VMWare. If you happen to be using Hyper-V, you would want to do the same thing, but slightly differently: https://support.microsoft.com/en-us/help/976924/you-receive-windows-time-service-event-ids-24-29-and-38-on-a-virtualiz
Basically, un-check Time Synchronization in Integration Services for the particular VM, then restart the VM.
Basically, un-check Time Synchronization in Integration Services for the particular VM, then restart the VM.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Thank you for your advice.
I disabled the Hyper-V integration and then re-ran the w32tm command on my DC.
After I ran command "w32tm /config /manualpeerlist:"0.time.wi
Thanks for the advice!
I disabled the Hyper-V integration and then re-ran the w32tm command on my DC.
After I ran command "w32tm /config /manualpeerlist:"0.time.wi
Thanks for the advice!
Thanks for the points, but I think they should be split with Lee. He had the correct answer first, but focused on VMWare and not Hyper-V. The original post didn't mention which hypervisor was being used.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
Kerberos is the authentication protocol used by Active Directory. It REQUIRES time to be close or it won't authenticate you. As such, by default the PDC emulator is the authoritative time source for the time. And all machines should automatically sync with it on a regular basis (once a week by default).
You should use w32time to set the NTP source for the PDC emulator, but you don't need a group policy to enforce the time - it's built in.
Reference:
https://support.microsoft.com/en-us/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server
NOTE: you said a virtual environment - MAKE SURE you are not syncing the time with the host in the properties of the VM! That will override the NTP time retrieved by the PDC emulator!