Announcement

Collapse
No announcement yet.

Windows time service

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows time service

    I have 2 domain controllers (windows2003) and 1 dc shut's down. Will authenticated pc's (logged in from failed dc) try to find this dc endlessly to sync the're time or will they simply sync time with the other dc?

  • #2
    Re: Windows time service

    They should automatically sync to the other DC. Also ensure you have the other DC as a global catalogue otherwise users will not be able to log on when the first DC is down.

    Hope this helps

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Windows time service

      thanks,
      They would automatically sync with another domain controller? Is there not some sort of Kerberos key session between the workstation and the authenticating DC?

      Comment


      • #4
        Re: Windows time service

        Sorry, I just read the title again

        All clients sync their time with the DC that holds the PDC emulator FSMO role:

        http://www.petri.com/understanding_fsmo_roles_in_ad.htm

        if this server is down then you will experience a skew in times which eventually can affect kerberos authenticate (If the skew is > 5 minutes)

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Windows time service

          Actualy only DC's always syncing with the pdc-emulator.
          All clients and all member servers automaticly sync with the DC they logged-on to.

          Originally posted by ozbie
          Will authenticated pc's (logged in from failed dc) try to find this dc endlessly to sync the're time or will they simply sync time with the other dc?
          No, they have to reboot first so the are logged with the other dc.


          \Rem

          This posting is provided "AS IS" with no warranties, and confers no rights.

          __________________

          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts

          Comment


          • #6
            Re: Windows time service

            Rems,

            I didn't know that - cheers for pointing it out. I always thought they sync'd with the PDC. I searched around a bit and found this:

            http://support.microsoft.com/kb/224799

            It relates to Windows 2000 but I would have thought it would be the same for 2003

            Originally posted by Rems View Post
            No, they have to reboot first so the are logged with the other dc.
            \Rem
            that KB contradicts that

            All client desktops select an authenticating domain controller (the domain controller returned by DSGetDCName()) as their time source. If this domain controller becomes unavailable, the client re-issues its request for a domain controller.
            Michael
            Michael Armstrong
            www.m80arm.co.uk
            MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment


            • #7
              Re: Windows time service

              Thanks for the feedback guys...I tested the theory by typing "net time /domain /set" on the domain connected pc and noticed that net time asks if you want to "sync with the authenticating DC yes or no?".

              Comment


              • #8
                Re: Windows time service

                Originally posted by ozbie View Post
                Thanks for the feedback guys...I tested the theory by typing "net time /domain /set" on the domain connected pc and noticed that net time asks if you want to "sync with the authenticating DC yes or no?".
                Add a "space" /y onto that and it will not ask you yes or no.
                1 1 was a racehorse.
                2 2 was 1 2.
                1 1 1 1 race 1 day,
                2 2 1 1 2

                Comment


                • #9
                  Re: Windows time service

                  w32tm service is smart enough to initiate DC rediscovery when the authenticating DC, which was chosen as time source during the boot, goes offline. The same way the workstation does not need reboot to renew Kerberos ticket if the authnticating DC goes offline, it will fail over to next available DC as it's SNTP source.

                  If you want to manually kick the rediscover, you can run "w32tm /resync /rediscover" from a command line. Restarting the "Windows Time Service" will also do the job.
                  Guy Teverovsky
                  "Smith & Wesson - the original point and click interface"

                  Comment

                  Working...
                  X