Re: Windows Time Service: What if the PDC-role is moved?

The registry Value "Type" in

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

determines whether the computer will use the time servers specified in the Value NtpServer or the domain hierarchy.

Possible values for Type are:

NTP - use the time source specified in the NtpServer Value
NT5DS - determine the time source to use from the domain time synchronization hierarchy

I suggest using the w32tm command for modifying the time service parameters rather than directly modifying the registry entries. See for example, this quote from the "Windows Time Service Registry Entries" section of http://technet2.microsoft.com/windowsserver/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true.
"Many of the values in the W32Time section of the registry are used internally by W32Time to store information. These values should not be manually changed at any time. Do not modify any of the settings in this section unless you are familiar with the setting and are certain that the new value will work as expected."

To set the time source, use the commands:

w32tm /config /syncfromflags:domhier
or
w32tm /config /syncfromflags:maual /manualpeerlist:DNS name of time server
e.g.
w32tm /config /syncfromflags:manual /manualpeerlist:time.nrc.ca

The following command tells the time service to start using the new configuration settings:

w32tm /config /update

To force a time synchronization, use the command:

w32tm /resync /rediscover

To find out what time source a particular computer is actually using, I suggest looking in the System Event Log for an event with:

Source: W32Time
Event ID: 35 and 37

These are created when the Time Service starts and after a time synchronization forced using the w32tm /resync /rediscover command.

For an explanation of how the Time Service and the domain time synchronization hierarchy works, see http://technet2.microsoft.com/windowsserver/en/library/71e76587-28f4-4272-a3d7-7f44ca50c0181033.mspx?mfr=true.

See the following for lists of known, public, time sources
http://tf.nist.gov/service/time-servers.html,
http://support.ntp.org/bin/view/Servers/StratumTwoTimeServers or
http://support.ntp.org/bin/view/Servers/WebHome

(Note: as reported elsewhere, time.nist.gov appears to be having network congestion problems, so I suggest avoiding this one, at least for the time being).
--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message news:uKjpnj7xHHA.4276@xxxxxxxxxxxxxxxxxxxxxxx
I have not combed the reg keys to see just how the directives are
persisted; however, I was under impression that it is a different
switch that takes priority and tells it to acquire NTP server info
from domain membership (with the time.windows.com however
changed there to kick in if disjoined).
Use w32tm or net time to see the current effective settings.

"jeutix" <jeutix@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:02C5DBC4-570E-42A7-9A95-1ACD907E70ED@xxxxxxxxxxxxxxxx
And it has nothing to mean that the client still has "time.windows.com,0x1"
in the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
regkey?

Doesn't he has to have the PDC DNS-name or IP-address in it?
--
Greetings
Udo
MCSE / CCA


"Roger Abell [MVP]" wrote:

Behaviors depend on whether you have left things at default or not.

The is an SRV resource record in DNS for the domain that any
machine with access to that DNS zone may query (the PDC record).
Left at default settings a domain member will locate its timeserver
by use of query to DNS for this record.

If you client is not following the move of the PDC FSMO to a
different DC then a) the client is configured to use a specific
timeserver, b) DNS is not getting updated to reflect the PDC
move, or c) the wrong DNS server(s) is(are) being used
- or perhaps something else.

Also, in your post you mentioned configuring the new PDC
FSMO holding DC to use an external time source. One should
not be doing that unless the DC is in the forestroot domain.
Other domains' PDC FSMO holder will locate and use the PDC
FSMO of the forestroot domain if you leave things at install
defaults (so keeping the whole forest in sync).

Roger

"jeutix" <jeutix@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F0DD3626-4CC9-413E-9BCB-E98FC9D33C49@xxxxxxxxxxxxxxxx
> We've done this and configured the new server with an IP-address of a
> Internet-time-server.
>
> But if I execute "net time" on a client, then the old PDC is shown in > the
> result line.
>
> But the old one doesn't have this config any longer, so I ask myself > why
> the
> client still shows the older one?
>
> -- > Greetings
> Udo
> MCSE / CCA
>
>
> "Florian Frommherz [MVP]" wrote:
>
>> Howdie!
>>
>> jeutix schrieb:
>> > I'read that normally the first DC in the domain which holds the
>> > PDC-role is
>> > also the authoritive time server. So this one should catch the time
>> > from the
>> > internet and serve it to the clients in the domain.
>> >
>> > What is, if the PDC role is moved from the first DC in the domain >> > to
>> > another
>> > DC? Will the first server be still the time server or will the new
>> > server be
>> > the one?
>>
>> As of my knowledge, if you move the PDC-emulator-role to another DC, >> the
>> new PDC will be the authoritive time source for all other domain
>> controllers - and they will propagate the time to all authenticating
>> clients.
>>
>> So if you move the PDC role be sure to have the new-to-be-PDC >> configured
>> to sync the time with a reliable source.
>>
>> cheers,
>>
>> Florian
>> -- >> Microsoft MVP - Windows Server - Group Policy.
>> eMail: prename [at] frickelsoft [dot] net.
>> blog: http://www.frickelsoft.net/blog.
>>






.

Relevant Pages

  • Re: Time server
    ... I'm getting a bit confused but, you have to be setting the time on the pdc ... Re-Enter external time source after port 123 is found to be open ... > and this server seems to be syncing externally fine. ... which provides the NIST Network Time service. ...
    (microsoft.public.windows.server.active_directory)
  • Re: wrong time server
    ... It does not query what the local machine's time service is set to use with the domain hierarchy. ... It's rather useless trying to use it to find which server is the client's time service. ... All client desktops select an authenticating domain controller ) as their time source. ... The PDC of the current domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows Time Service
    ... is your PDC not connected to the internet? ... server through your firewall and configure the service to synch with it ... some routes can act as an NTP time source and you can configure your ... Configure your system to synch with that NTP server (the articles you ...
    (microsoft.public.windows.server.setup)
  • Re: Windows Time Server
    ... On the PDC emulator, right-click the NoSync.reg file and press Merge, or run regedit /s NoSync.reg. ... This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to ... Schedule a batch job on the PDC emulator that syncs with your time server, ...
    (microsoft.public.windows.server.general)
  • Cant join domain: Network path was not found
    ... trying to join the domain 'hq.infotouchsys.com': Network path not ... I have a single server running as the primary domain controller (PDC) ... the registry tweaked to allow joining a domain.) ...
    (microsoft.public.windows.server.active_directory)
Loading