Announcement

Collapse
No announcement yet.

Domain Controllers, NTP settings

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain Controllers, NTP settings

    Hello,

    I have two domain controllers and they have problem updating their time..

    Here are my two errors..

    Time Provider NtpClient: No valid response has been received from manually configured peer time.windows.com,0x1 after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 240 minutes. NtpClient has no source of accurate time.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Here is my group policy settings for the domain controller OU..

    Enable Windows NTP Client
    Enabled

    Configure Windows NTP Client
    NtpServer: time.windows.com,0x1
    Type: NTP
    CrossSiteSyncFlags: 2
    ResolvePeerBackoffMinutes: 15
    ResolvePeerBackoffMaxTimes: 7
    SpecialPollInterval: 3600
    EventLogFlags: 0

    Enable Windows NTP Server
    Enabled

    Help please!

  • #2
    Re: Domain Controllers, NTP settings

    I believe the second error is a result of the first.

    In Windows Server 2003 and in Windows XP, W32Time frequently logs Event ID 50, and poor time synchronization occurs also covers Event ID: 47.

    I'd also consider checking DNS resolution and connectivity to time.windows.com.
    I don't know anything about (you or your) computers.
    Research/test for yourself when listening to free advice.

    Comment


    • #3
      Re: Domain Controllers, NTP settings

      It is recommended to change
      Type: NTP
      to
      Type: NT5DS
      Do this on every client, member server and DCs (those that are not holding the PDC-emulator role)

      By default, only the Domain Controller that is holding the rol of PDC-emulator is the authoritative time server in the domain hierarchy. All other DCs sync with that server and all other members sync with a DC.
      That way you can be sure every computer in the domain has at leased the same time (wether that is the correct time or wrong time).

      On the 'PDC-emulator'
      The NtpServer value is a valid time server on an external net.
      (we use here: ntp.xs4all.nl )
      NtpServer: ntp.xs4all.nl
      Type: NTP


      Next thing is to allow NTP and DNS traffic in the network firewall comming from and to this DC.

      \Rems

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment


      • #4
        Re: Domain Controllers, NTP settings

        Hi,

        I suggest not to change manually registry settings, but do it in a more correct way - for PDC run the following command

        Code:
        w32tm /config /syncfromflags:MANUAL  /manualpeerlist: yourexternaltimeserver
        
        yourexternaltimeserver should be open in a FW 123/udp

        for all other DCs and member servers and workstations run the following

        Code:
        w32tm /config /syncfromflags:DOMHIER
        restart windows time service and look for the event 37 in SYSTEM log to validate successful sync.

        you shouldn't set any specific GPO for time sync native OS mechanism
        With best regards, Victor

        Comment


        • #5
          Re: Domain Controllers, NTP settings

          Ahh, so regular domain controllers should be NT5DS and the PDC should be NTP?

          I was just applying the same GPO with NTP to all domain controllers.

          Originally posted by Rems View Post
          It is recommended to change
          Type: NTP
          to
          Type: NT5DS
          Do this on every client, member server and DCs (those that are not holding the PDC-emulator role)

          By default, only the Domain Controller that is holding the rol of PDC-emulator is the authoritative time server in the domain hierarchy. All other DCs sync with that server and all other members sync with a DC.
          That way you can be sure every computer in the domain has at leased the same time (wether that is the correct time or wrong time).

          On the 'PDC-emulator'
          The NtpServer value is a valid time server on an external net.
          (we use here: ntp.xs4all.nl )
          NtpServer: ntp.xs4all.nl
          Type: NTP


          Next thing is to allow NTP and DNS traffic in the network firewall comming from and to this DC.

          \Rems

          Comment


          • #6
            Re: Domain Controllers, NTP settings

            Originally posted by ntwaddell View Post
            Ahh, so regular domain controllers should be NT5DS and the PDC should be NTP?.
            Yes that is very recommended.
            The answer is not solving you sync problem though. But more important than having the right time on a network is having the same time on all the computers. That is why you should keep an authoritative timeserver on your network.

            Doing so it also isolates the sync problem you have to just one server.
            On that server
            - type = NTP
            - erase ,0x1 after the time server
            - test with other time server addresses
            - check if the nessesary ports to the internet are not blokked somewhere along the line.

            Don't forget to stop and restart the time service after you have made changes on the server.


            \Rems

            This posting is provided "AS IS" with no warranties, and confers no rights.

            __________________

            ** Remember to give credit where credit's due **
            and leave Reputation Points for meaningful posts

            Comment


            • #7
              Re: Domain Controllers, NTP settings

              So I have two domain controllers. The PDC emulator is configured using..

              ntpserver time.nist.gov
              type ntp
              ntp server is enabled

              the other domain controller, i have tried a few things, but none have worked. so for now, its the same except NT5DS for type if i do

              w32tm /monitor i get this..

              gyro.lblp.local *** PDC *** [10.90.94.142]:
              ICMP: 0ms delay.
              NTP: +0.0000000s offset from gyro.lblp.local
              RefID: 'LOCL' [76.79.67.76]
              aladdin.lblp.local [10.90.94.141]:
              ICMP: 0ms delay.
              NTP: +0.0079997s offset from gyro.lblp.local
              RefID: unspecified / unsynchronized [0.0.0.0]

              Should the NTP server be disabled on the other domain controller? Should the client be configured with NT5DS?

              Comment

              Working...
              X