Some problems with Windows Time service on my domain controller

Hello! I need help with Windows Time service. THe situation is: there is a single domain controller and I need to sync its local time with time.windows.com. So I prepared Default Domain Controllers Policy:

Computer configuration->Administrative Templates->System->Windows Time Service->Time Providers:

Enable Windows NTP Server=Yes

Enable Windows NTP Client=Yes

Configure Windows NTP Client=Yes (Type=NTP, NtpServer=time.windows.com,0x9)

So I run "gpupdate" and checked w32tm configuration:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Local)
AnnounceFlags: 10 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Policy)
ResolvePeerBackoffMaxTimes: 7 (Policy)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 0 (Policy)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Policy)
Type: NTP (Policy)
NtpServer: time.windows.com,0x9 (Policy)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)

Now I check source:

w32tm /query /source

time.windows.com,0x9

But if I restart this domain controller and try to check configuration again:

w32tm /query /source

Local CMOS clock

Why it's happening? What am I doing wrong? Thank you for answers.

July 24th, 2015 2:07pm

I can assume that it is virtual machine. Check time sync integration services.
Free Windows Admin Tool Kit Click here and download it now
July 24th, 2015 2:17pm

You are right but I already unchecked option "Synchronize time with host"... Strange thing - If I start DC and IMMEDIATELY run w32tm /resync - all is OK - it really synchronized with time.windows.com. But in other case (before first run of /resync) - w32tm /query /source shows me:

Local CMOS clock

Why? :-(

July 24th, 2015 2:25pm

Hi,

Try running this command and set the below.

w32tm /config /manualpeerlist:NTP_server_IP_Address,0x8 /syncfromflags:MANUAL

Free Windows Admin Tool Kit Click here and download it now
July 24th, 2015 2:31pm

Probably there is problem with integration tools, check its logs. Also make sure that DC holds PDC FSMO role.
July 24th, 2015 3:13pm

Use the steps below as a walk thru...

(NOTE: Before doing this make sure to record the current registry settings as you will have to implement them on the new PDCE)

This is something that is required if you have just moved the PDCe to a new Domain Controller.

First you need to reset the old PDCe time service, so that it is part of the domain heirarchy (Or you just want to reset a client back to default).

From a command prompt on the old NTP server

net time /setsntp:                  

(Note the blank space prior to the end )
The prior command line tells the DC to delete the current registry settings for the time service

Follow this by:

w32tm /config /syncfromflags:domhier /update

The prior command line should reset the domain time hierarchy

Follow this by:

net stop w32time && net start w32time

This DC should now be part of the time domain heirarchy

Next you need to assign the NTP service to the new PDCe

To verify the PDCe role run the following from a command prompt

Netdom query fsmo

Once you have established the correct DC, follow the steps below as taken from KB816042

Change the server type to NTP. To do this, follow these steps:

      • Click Start, click Run, type regedit, and then click OK.
      • Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

  1. In the right pane, right-click Type, and then click Modify.
  2. In Edit Value, type NTP in the Value data box, and then click OK.

  • Set      AnnounceFlags to 5. To do this, follow these steps:
  1. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

  1. In the right pane, right-click AnnounceFlags, and then click Modify.

  1. In Edit DWORD Value, type 5 in the Value data box, and then click OK.

  • Enable      NTPServer. To do this, follow these steps:
  1. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

  1. In the right pane, right-click Enabled, and then click Modify.
  2. In Edit DWORD Value, type 1 in the Value data box, and then click OK.

  • Specify      the time sources. To do this, follow these steps:
  1. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

  1. In the right pane, right-click NtpServer, and then click Modify.
  2. In Edit Value, type Peers in the Value data box, and then click OK.

Note
Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect.

  • Select      the poll interval. To do this, follow these steps:
  1. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval

  1. In the right pane, right-click SpecialPollInterval, and then click Modify.
  2. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note
TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.

  • Configure      the time correction settings. To do this, follow these steps:
  • Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection

  • In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
  • In Edit DWORD Value, click to select Decimal in the Base box.
  • In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.

  • Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
  • In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
  • In Edit DWORD Value, click to select Decimal in the Base box.
  • In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note
TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.

  • Quit      Registry Editor.
  • At      the command prompt, type the following command to restart the Windows Time      service, and then press ENTER:

    net stop w32time && net start w32time

  • Free Windows Admin Tool Kit Click here and download it now
    July 24th, 2015 9:54pm

    Refer below link to configure authorative time server on PDC role holder server. If the DC is virtual machine then you need to disable the time sync from host server to Virtual DC and ensure that udp port 123 is not blocked.

    How to Configure Authorative Time Server in Active Directory Domain
    http://adgurus.in/2015/07/23/how-to-configure-authorative-time-server-in-domain/

    July 26th, 2015 7:05pm

    Hi,

    Is UDP 123 open on the machine? You could  try to disable firewall to see if it works.

    Please also check the thread for a reference.

    Can't get NTP time working on SErver 2008 R2 DC

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/e5e26e4f-1988-4ec1-8837-6d1d503130e7/cant-get-ntp-time-working-on-server-2008-r2-dc?for

    Additional information:

    Configuring the Windows Time Service for Windows Server

    http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspx

    Best Regards,

    Mary Dong

    Free Windows Admin Tool Kit Click here and download it now
    July 27th, 2015 2:06am

    This topic is archived. No further replies will be accepted.

    Other recent topics Other recent topics