RE: W32time question
From: Abraham Cheng [MSFT] (v-abrahc_at_online.microsoft.com)
Date: 04/01/04
- Next message: Dominic Marsat: "Re: Terminal Services & Active Directory Error"
- Previous message: Olaf Berli: "Changing DNS name in AD"
- In reply to: JDTHREE [MVP]: "W32time question"
- Next in thread: Santhosh Sivarajan: "Re: W32time question"
- Reply: Santhosh Sivarajan: "Re: W32time question"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 01 Apr 2004 09:32:43 GMT
Hi John,
Thank you for posting here.
Based on your description, I understand you want to know if there are any
side effects after you have replaced the W32time service with a third party
time sync utility. If I have misunderstood your concerns, please let me
know.
As you know, Windows includes the W32Time Time service tool that is
required by the Kerberos authentication protocol. The purpose of the Time
service is to ensure that all computers that are running Windows 2000 or
later in an organization use a common time. The Time service uses a
hierarchical relationship that controls authority and does not permit loops
to ensure appropriate common time usage.
Windows-based computers use the following hierarchy by default:
- All client desktop computers nominate the authenticating domain
controller as their in-bound time partner.
- All member servers follow the same process as client desktop computers.
- Domain controllers may nominate the primary domain controller (PDC)
operations master as their in-bound time partner but may use a parent
domain controller based on stratum numbering.
- All PDC operations masters follow the hierarchy of domains in the
selection of their in-bound time partner.
Following this hierarchy, the PDC operations master at the root of the
forest becomes authoritative for the organization, and you should
configure the PDC operations master to gather the time from an external
source.
After you have replace the W32time service with a third-party time sync
utility, you must make sure that all the Windows-based computers in you
network can use the hierarchy mentioned above to nominate the new time
server. Otherwise, there will be some problems of Kerberos authentication
caused by the unsynchronized time.
Since only one of the Domain Controllers in your domain and an Exchange
server meet with the error outlined in KB830092, we can focus our attention
on the problematic computers.
To gather the information, please follow the next steps:
1. In the problematic computers, export the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters to
a TXT file.
2. Run eventvwr and check the system log in the Event Viewer. Check to see
if there is any information messages relate to the W32Time.
Send me an email with the information at v-abrahc@micorsoft.com.
If you have any questions or concerns regarding this issue, please do not
hesitate to let me know.
Thanks & regards,
Abraham Cheng [MSFT], MCSE 2000
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "JDTHREE [MVP]" <john@removeforspam.engagenet.com>
>Subject: W32time question
>Date: Wed, 31 Mar 2004 22:14:27 -0600
>Message-ID: <so5n60phbtft8716pd0gdjun3tnl0fofbl@4ax.com>
>X-Newsreader: Forte Agent 2.0/32.646
>MIME-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>Newsgroups: microsoft.public.win2000.active_directory
>NNTP-Posting-Host: cpe-24-160-254-81.wi.rr.com 24.160.254.81
>Lines: 1
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:71877
>X-Tomcat-NG: microsoft.public.win2000.active_directory
>
>After migrating my exchange from 5.5 to 2003, and upgrading my 2000 AD
>to 2003, I'm having w32time issues.
>
>I've called PSS to get the patch for Windows 2003 server to alleviate
>the known issue (KB830092) but it hasn't cleared it out for me on one
>DC and on my standalone 2003 exchange server.
>
>DCDIAGS run without any errors, as does NETDIAG.
>
>I have no errors for *anything*, not even warnings, in the event logs
>on any of the servers other than the w32time.
>
>I'm contemplating simply stopping the w32time service on the 2003
>servers, and installing a third party time sync util that will allow
>them to sync and to reply to queries from domain members.
>
>Just wanted to doublecheck that I'm not unaware of some requirement
>for the domain memebers to sync via w32time as opposed to any other
>time server software. Replacing the native time server with a third
>party won't hork up anything in AD or for the clients, will it? I.E.
>the AD client computers aren't looking for w32time specifically,
>they're simply querying the DC's to sync time, right? So any time
>program would work as long as it can respond to the query?
>
>Thanks for any information
>
>John
>
- Next message: Dominic Marsat: "Re: Terminal Services & Active Directory Error"
- Previous message: Olaf Berli: "Changing DNS name in AD"
- In reply to: JDTHREE [MVP]: "W32time question"
- Next in thread: Santhosh Sivarajan: "Re: W32time question"
- Reply: Santhosh Sivarajan: "Re: W32time question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
