Re: Time Sync Problem on AD 2003 domain
- From: "kabbott via WinServerKB.com" <u56473@uwe>
- Date: Thu, 03 Dec 2009 18:01:34 GMT
OK,
So that was an exceedingly bad idea.
I got a call early this morning saying many people were having trouble
logging on to the AD domain. They initially got a message stating their
profile was corrupted. After rebooting a couple of times most could get on,
but on 5 users, it replaced their profile and established a profile "logon.
000" We had to copy as much information as possible from their original
profile to the new profile, and remap network drives to get them back up.
Besides the gropu policy changes listed in the previous post, one other thing
I did -last night from home - is I ran scans on a group of about 70 PCs and
compared their local time to the PDCE time. If it was off, I executed a "net
time /setsntp:10.4.34.48 " (the PDCE) with a net stop and start w32time, on
the local machine. This occurred on maybe a dozen or so. On some, I also
executed a "w32tm /resync"
When the problem arose, I put the group policy settings back to where they
were (that was before I knew the policy was trashed). Of course this had no
effect on the user problems, and now my PDCE can't sync with the external
time source again.
Somewhere in all of this, between the GP change and the time commands
executed remotely on the local machine, is something that caused corrupted
profiles - some recoverable, some not. Does anyone see what did it? Looking
at one of the users that were unrecoverable, their application log records
the following errors chronologically:
first Userenv 1508 Detail is "The process cannot access the file because it
is being used by another process for C:\documents and settings\'logon'\ntuser.
dat"
1502
1515
1511
Another strange thing is that not every PC on the domain was affected - tho
many were. Some folk logged in and had no trouble.
The ip addresses of the 5 heavily affected users did not match IPs of those I
executed the groups of commands on - but we're DHCP so there is a small (very)
chance that all of them could have got new IP's between last night and this
morning (very very small).
Also when I execute a net time /sntpquery on them, they are not pointed to
the PDCE - which my commands would have done, but are pointed to the default
time.microsoft site.
(BTW, is it correct that the time server settings are on a machine level and
not on a
I am afraid to change anything for fear of blowing up the world again. Any
insight anyone could provide will be appreciated!!!
ka
kabbott wrote:
OK. I might have it resolved.
This is what I did, for all of those in the future who might face this until
they finally want to quit IT and become a burger flipper:
I went into GPO editor, into the default domain policy and looked at the
computer configuration\administrative templates\system\Windows Time Service
settings
"Enable Windows NTP Client" was enabled
"Configure WIndows NTP Client" was enabled >
I changed this to "Not Configured"
"Enable Windows NTP Server" was disabled
I changed it to Enabled
then I gpupdate /force 'd
--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-ad/200912/1
.
- Follow-Ups:
- Re: Time Sync Problem on AD 2003 domain
- From: kabbott via WinServerKB.com
- Re: Time Sync Problem on AD 2003 domain
- From: kabbott via WinServerKB.com
- Re: Time Sync Problem on AD 2003 domain
- References:
- Re: Time Sync Problem on AD 2003 domain
- From: kabbott via WinServerKB.com
- Re: Time Sync Problem on AD 2003 domain
- Prev by Date: DNS Server dot deleting old records
- Next by Date: Re: DNS Server dot deleting old records
- Previous by thread: Re: Time Sync Problem on AD 2003 domain
- Next by thread: Re: Time Sync Problem on AD 2003 domain
- Index(es):
Relevant Pages
|
