Re: Time server

Previous info related to 2003/XP

I'm getting a bit confused but, you have to be setting the time on the pdc
emulator if you aren;t doing it there then that is where you need to start.

Make sure port 123 is open in your firewall (Otherwise it won't be able to
sync up)

Go to the pdc fsmo role holder
Stop the time service
net stop w32time
Query where it is getting its time source from
net time /querysntp
Re-Enter external time source after port 123 is found to be open
net time /setsntp: <-- insert external time source here
Start the time service
net start w32time


--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.




"connie" <connie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9FABD84F-DA94-4E9B-A2A6-1E18A2A7DC1C@xxxxxxxxxxxxxxxx
> Paul,
> Cheers for taking the time to answer.
>
> If I try to put the time on the DC that has a different time to all PC's
> and
> main server to a closer time range, it will revert away back to 7 minutes
> out
> again after a few hours. This seems to show that the DC acting as the PDC
> emulator is holding the wrong time as are all the PC's . The only machine
> holding the correct time is the machine that is not in sync with the rest,
> and this server seems to be syncing externally fine.
>
> The w32tm /config /syncfromflags....doesn't seem to run on the 2000
> server,
> but if I run
> w32tm -s
> I get
> RPC to local server returned 0x0
>
> Thanks for thinking about this
>
> I haven't had to fiddle with this but I would suggest you get the
> difference
> between the two, to less than 5 minutes. DC's need to protect themselves
> from things such as replay attacks.
>
> Go to the system tray, double click on the time and try adjusting the
> clock
> ahead three minutes and wait a day. See if after that time frame the two
> don't sync up.
>
> How to Synchronize an Internal Time Server with an External Source
> 1. Click Start, point to All Programs, point to Accessories, and then
> click Command Prompt.
> 2. Type the following line, where peerlist is a comma-separated list
> of Domain Name System (DNS) names or IP addresses of the appropriate time
> sources, and then press ENTER:
> w32tm /config /syncfromflags:manual /manualpeerlist:peerlist
> 3. Type w32tm /config /update, and then press ENTER.
> Notes: . The most common use of this procedure is to synchronize the
> internal network's authoritative time source with a very precise external
> time source. However, you can run this procedure on any Windows XP-based
> computer.
> . If the computer cannot reach the servers, the procedure does not
> succeed and an entry is written to the Event log.
> . You can use computers on the Internet to provide accurate time
> information. For example, use the National Institute of Standards and
> Technology (NIST), which provides the NIST Network Time service.
>
>
> --
>
>
>
> "Paul Bergson" wrote:
>
>> I haven't had to fiddle with this but I would suggest you get the
>> difference
>> between the two, to less than 5 minutes. DC's need to protect themselves
>> from things such as replay attacks.
>>
>> Go to the system tray, double click on the time and try adjusting the
>> clock
>> ahead three minutes and wait a day. See if after that time frame the two
>> don't sync up.
>>
>> How to Synchronize an Internal Time Server with an External Source
>> 1. Click Start, point to All Programs, point to Accessories, and
>> then
>> click Command Prompt.
>> 2. Type the following line, where peerlist is a comma-separated
>> list
>> of Domain Name System (DNS) names or IP addresses of the appropriate time
>> sources, and then press ENTER:
>> w32tm /config /syncfromflags:manual /manualpeerlist:peerlist
>> 3. Type w32tm /config /update, and then press ENTER.
>> Notes: . The most common use of this procedure is to synchronize the
>> internal network's authoritative time source with a very precise external
>> time source. However, you can run this procedure on any Windows XP-based
>> computer.
>> . If the computer cannot reach the servers, the procedure does not
>> succeed and an entry is written to the Event log.
>> . You can use computers on the Internet to provide accurate time
>> information. For example, use the National Institute of Standards and
>> Technology (NIST), which provides the NIST Network Time service.
>>
>>
>> --
>>
>>
>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> "connie" <connie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:DEED6191-85B3-4365-8332-EB0C337FA4BA@xxxxxxxxxxxxxxxx
>> >I wonder if anyone can help. I have 2 DC's in an windows 2000 active
>> > directory forest, both DC's have different times, 7 minutes apart. I am
>> > unable to get them to synchronise. The DC that holds the PDC fsmo has
>> > the
>> > incorrect time, as do all pc's on the domain. The other DC, which is
>> > holding
>> > no roles has the correct time.
>> > I have set the incorrect Dc to get it's time from the net using the
>> > following
>> > net time \\dc-name /setsntp :ntp.cs.tcd.ie
>> > This runs succesfully but the time does not correct itself,
>> >
>> > I have tried to syncronise the DC with the correct time, to the other
>> > DC
>> > by
>> > using the w32tm but it keeps the correct times.
>> > The DC with the PDC role is giving the following error
>> >
>> >
>> > Because of repeated network problems, the time service has not been
>> > able
>> > to
>> > find a domain controller to synchronize with for a long time. To reduce
>> > network traffic, the time service will wait 960 minutes before trying
>> > again.
>> > No synchronization will take place during this interval, even if
>> > network
>> > connectivity is restored. Accumulated time errors may cause certain
>> > network
>> > operations to fail. To tell the time service that network connectivity
>> > has
>> > been restored and that it should resynchronize, execute "w32tm /s" from
>> > the
>> > command line.
>> >
>> > The DC with the PDC role is giving the following error
>> >
>> >
>> > any help would be much appreciated
>>
>>
>>


.

Relevant Pages

  • Re: Time server
    ... and this server seems to be syncing externally fine. ... How to Synchronize an Internal Time Server with an External Source ... internal network's authoritative time source with a very precise external ... which provides the NIST Network Time service. ...
    (microsoft.public.windows.server.active_directory)
  • Re: wrong time server
    ... It does not query what the local machine's time service is set to use with the domain hierarchy. ... It's rather useless trying to use it to find which server is the client's time service. ... All client desktops select an authenticating domain controller ) as their time source. ... The PDC of the current domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows Time Service: What if the PDC-role is moved?
    ... NTP - use the time source specified in the NtpServer Value ... I suggest using the w32tm command for modifying the time service parameters rather than directly modifying the registry entries. ... switch that takes priority and tells it to acquire NTP server info ... Doesn't he has to have the PDC DNS-name or IP-address in it? ...
    (microsoft.public.windows.group_policy)
  • Re: Windows 2003 server DNS problems
    ... you would disconnect the BDC not the PDC from the network. ... > server was promoted as a PDC and the original PDC was promoted to a BDC. ... The DNS server is setup as a forwarder and is pointing ...
    (microsoft.public.windows.server.setup)
  • Re: ADMT TcpipClientSupport registry key NT 4.0 to AD
    ... I would take a network trace of the failure and see where it fails. ... > but I keep getting this error message "Either the source> domain's primary domain controller (PDC) has not been re-> started after setting the tcpipClientSupport registry key> to 1 or the PDC could not be contacted." ... > I have discarded the communication problem between the NT> 4.0 server and the Windows 2003 server because when I do> not select "Migrate user SIDs to target domain" the> migration is successful. ...
    (microsoft.public.win2000.active_directory)
Loading