RE: Replication Problems with Win2k AD and W32time

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: David Pharr [MSFT] (dpharr_at_microsoft.com)
Date: 07/20/04 

Date: Tue, 20 Jul 2004 15:37:55 GMT

The Windows Time Service does not require you to point any of your DCs to
the root as an authoritative time server. The default W32Time Type setting
of Nt5DS will cause each domain member to use its authenticating domain
controller as the time server and the domain controllers will use a stratum
algorithm to determine their status within the hierarchy. The PDC Emulator
at the root of the forest is the authoritative time server and is the only
DC that you should configure manually. It's not critical that you
configure your time to be accurate with an outside source - as long as all
your machines agree on the time (even if their actual time is incorrect)
then they will be able to communicate with one another.

The following documents should prove useful regarding Windows Time:

Windows Time Service Whitepaper
http://www.microsoft.com/windows2000/techinfo/howitworks/security/wintimeser
v.asp

216734 How to Configure an Authoritative Time Server in Windows 2000
http://support.microsoft.com/?id=216734

224799 Basic Operation of the Windows Time Service
http://support.microsoft.com/?id=224799

223184 Registry Entries for the W32Time Service
http://support.microsoft.com/?id=223184

262680 A List of the Simple Network Time Protocol Time Servers That Are
http://support.microsoft.com/?id=262680

As far as the accounts that are not being authenticated, the problem may
lie elsewhere.
What exact error do they get when they attempt to login?
Does the problem happen for the same set of user accounts, are they all on
the same subnets, anything in common about these users?
Is the problem consistently reproduceable?

David Pharr, dpharr@online.microsoft.com

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Replication Problems with Win2k AD and W32time
| thread-index: AcRtowfT8DfFM6klRoOc35MUDQer6g==
| X-WBNR-Posting-Host: 66.99.92.22
| From: =?Utf-8?B?TWljaGFlbCBwcml6YW50?=
<Michaelprizant@discussions.microsoft.com>
| Subject: Replication Problems with Win2k AD and W32time
| Date: Mon, 19 Jul 2004 08:14:05 -0700
| Lines: 5
| Message-ID: <E16B19C1-C746-49B6-8526-3AE2A86A2FE1@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:81855
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| I have a client with a very basic 7 site Windows 2000 SP4 Network running
Active Directory. There is one DC in each Site, and each one is running
Win2k SP4. The problem is that there are times when certain accounts cannot
be authenticated by AD. I have run DCDIAG and for the most part the results
are clean, with the exception that I'm getting an Error 64 and 54 on the
Root DC. I have manually setup the Root DC as the Authoritative Time
Server, and gone to each DC and pointed them to the Root DC as the ATS. The
error that I get back is that the Authoratative Time server is not
responding, and that the DC cannot find a DC to sync with. The connections
are full point to point T1s, and I'm not showing any problems with network
connectivity. I'm able to browse to and ping the Root DC from each site
just fine.
|
| Any ideas? I'm at a total loss here.
|
| Michael Prizant
|

Relevant Pages

  • RE: Replication Problems with Win2k AD and W32time
    ... > the root as an authoritative time server. ... > at the root of the forest is the authoritative time server and is the only ... > | Michael Prizant ...
    (microsoft.public.win2000.active_directory)
  • Re: Auto Time Sync not working
    ... Then the computer sync 'd with the time server BUT when I hit the ... To restore the Windows Time Service if it has been broken. ... net stop W32Time hit your Enter key. ... net start W32Time hit your Enter key. ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Auto Time Sync not working
    ... A recent Windows Update has messed this up. ... Click on the Internet Time Tab. ... [[Enables you to select the Internet time server with which you want to ... To restore the Windows Time Service if it has been broken. ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: dcdiag failed - PDC is down
    ... Make sure the Windows Time Service is running on this DC. ... Locator Flags: 0xe00003fc ... The server holding the PDC role is down. ... Preferred Time Server Name: \\dbsvr.mydomain.net ...
    (microsoft.public.win2000.active_directory)
  • RE: Configuring Windows Time Service on windows Server 2003
    ... master to configure with synchronizing with the external time server ... Set the time service configuration update. ... configure the authoritative time server to gather the time from a reliable ... For your concern about using Group Policy to alter the Windows Time ...
    (microsoft.public.windows.server.setup)