Announcement

Collapse
No announcement yet.

moving time server fron nt4 to my pdc emulator

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • moving time server fron nt4 to my pdc emulator

    hi

    I've got an issue where Windows nt4 is
    holding the Time Server role.
    my dc is win 2k3 and hold the pdc emulator role(the nt is just a member server)
    when i'm runing the comand net time from my dc (which is the pdc emulator) i get the nt4 server(i think maybe the server was pdc in the past and after the previous sys admin upgrade to 2003 he didnt moved the time service role )
    I would like to move the Time Service role to the Windows 2003 Domain
    Controller i read some articals .

    What I would like is a simple guide on how to disable the Time Service
    on the Windows nt4, then enable the service on the Windows 2003
    PDC, have it use it's internal clock for time sync and have all
    network clients use it as the time server.
    i read microsoft artical kb816042 but i dont think its what i nead

    please help me with this issue and give me specific commands

    thanks

  • #2
    Re: moving time server fron nt4 to my pdc emulator

    Before editing the registry, make an export the subkeys and values under the key W32Time.

    On the DC that is holding the role as PDC emulator,
    locate this key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\W32Time\Parameters
    Verify the following REG_SZ values:
    name= Type value= NTP
    name= NtpServer value= time.windows.com (or an other external site)
    After making changes, you must Restart the 'Windows Time' service on the computer.
    This is the only computer on the networkthat should have the value of 'Type' set to NTP. Other computers should have Type: NT5DS

    You can configure the DC holding the PDC emulator to sync time with an external site. Never configured it to sync time with it self! that is why you always should configure typ: NTP.

    I am not familiar with the time service on WinNT. Is there a time service running, can you disable it? What are the values in the registry of this service?


    \Rems

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: moving time server fron nt4 to my pdc emulator

      NET TIME is a legacy command that should not be used and is not reliable in windows 2000/2003
      and it only shows Time sync from the DC prospective in alpha betic order, meaning the DC that is 1st on the list in order would be shown as the Time server
      even though it is not the one that provides the time to the machine.

      you should only use the "w32tm" command.
      at your case if you want to check the Time server and Sync you should run the following command:
      w32tm /resync /rediscover
      after you ran that command go to the System event log (eventView) and see the outcome.
      There is a good chance, most likely that your Servers & Workstations are already Sync' time with the PDCE and not the NT4 machine.

      If for some reason it doesn't then follow those Instructions and your all set.
      Configure the DC that holds the PDC Emulator to point and sync from an External Clock on the Internet or whatever external Time source you got.
      here is what you need to change in the registry on the PDCE:
      Code:
      Windows Registry Editor Version 5.00
      
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
      "NtpServer"="xxx.xxx.xxx.xxx,0x8"
      "Type"="NTP"
      Note: the xxx.xxx.xxx.xxx,0x8 is the IP of the external Clock server you want to sync from, it could also be a name it doesn't have to be an IP address (e.g. 192.168.1.100,0x8 or time.microsoft.com,0x8 )

      If you have more then one External Time source you could add them as well, so if one is offline or can't
      be contacted it would sync with the next one, the way doing it is the same just add the following instead.
      Code:
      Windows Registry Editor Version 5.00
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
      "NtpServer"="xxx.xxx.xxx.xxx,0x8 xxx.xxx.xxx.xxx,0x8 xxx.xxx.xxx.xxx,0x8"
      "Type"="NTP"
      Note: the xxx.xxx.xxx.xxx,0x8 is the IP of the external Clock server you want to sync from, it could also be a name it doesn't have to be an IP address (e.g. 192.168.1.100,0x8 or time.microsoft.com,0x8 )

      If you don't have an External Clock to sync the PDCE with, then you should Disable the NTPClient on the PDCE
      or Configure the PDC emulator to synchronize from its internal hardware clock and not point to itself as many Admins mistaken doing.
      To Disable the NTPClient:
      Code:
      Windows Registry Editor Version 5.00
      
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient]
      "Enabled"=dword:00000000
      To configure the PDC emulator to synchronize from its internal hardware clock:
      Code:
      1) Open a Command Prompt.
      2) w32tm /config /syncfromflags:domhier /reliable:yes /update
      3) net stop w32tim
      4) net start w32time
      and make sure that all your DCs and servers and Workstations have the following configuration (They should by default)
      This also could be done by Group Policy :
      Code:
      Windows Registry Editor Version 5.00
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
      "Type"="NT5DS"
      Last edited by Akila; 19th October 2008, 19:26.

      Comment


      • #4
        Re: moving time server fron nt4 to my pdc emulator

        Akila thanks for posting the reg files. good idea!
        But as you can see some of the registry keys in your reply have a space added n the name that should no be there!! To solve this, please change the [Quote] tags into [Code] tags.

        \Rems

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: moving time server fron nt4 to my pdc emulator

          Originally posted by Rems View Post
          Akila thanks for posting the reg files. good idea!
          But as you can see some of the registry keys in your reply have a space added n the name that should no be there!! To solve this, please change the "quote" tags into "code" tags.

          \Rems
          Thanks for the heads up

          Comment


          • #6
            Re: moving time server fron nt4 to my pdc emulator

            akila&Rems thanks for your answer and all the detailes.
            when i run th command w32tm /resync /rediscover from my workstation get this error:
            Sending resync command to local computer...
            The computer did not resync because no time data was available.
            and i didnt see any error in the event viewer.

            its o.k if i make the changes on the registry that rems suggest(On the DC that is holding the role as PDC emulator,
            locate this key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\W32Time\Parameters
            Verify the following REG_SZ values:
            name= Type value= NTP )

            and then configure the PDC emulator to synchronize from its internal hardware clock like akila suggest.

            thanks for your help

            Comment


            • #7
              Re: moving time server fron nt4 to my pdc emulator

              REMs and mine post are basically the same , just been put in in different words.
              you could either follow rems post or just copy and past the registry I posted in my post and use it.

              either way it is the same.

              Comment


              • #8
                Re: moving time server fron nt4 to my pdc emulator

                hi

                i did everything you suggest and still I have the same problem.
                on my pde i changed the value "type" to "ntp"
                and i changed on the workstations the value "type" to nt5ds.

                maybe there is something i missed?

                Comment


                • #9
                  Re: moving time server fron nt4 to my pdc emulator

                  Originally posted by ohada View Post
                  hi

                  i did everything you suggest and still I have the same problem.
                  on my pde i changed the value "type" to "ntp"
                  and i changed on the workstations the value "type" to nt5ds.

                  maybe there is something i missed?
                  Run the command on the PC which you think time Sync with the NT4
                  w32tm /resync /rediscover
                  after you ran that command go to the System event log (eventView) and see the outcome.

                  post the results

                  Comment


                  • #10
                    Re: moving time server fron nt4 to my pdc emulator

                    Configure the Windows Time service on the PDC emulator
                    Type the following command to configure the PDC emulator and then press ENTER:
                    Code:
                    w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update

                    Configure a client computer for automatic domain time synchronization
                    Type the following command and then press ENTER:
                    Code:
                    w32tm /config /syncfromflags:domhier /update
                    Restart the time service,
                    net stop w32time
                    net start w32time


                    \Rems

                    This posting is provided "AS IS" with no warranties, and confers no rights.

                    __________________

                    ** Remember to give credit where credit's due **
                    and leave Reputation Points for meaningful posts

                    Comment


                    • #11
                      Re: moving time server fron nt4 to my pdc emulator

                      Originally posted by Rems View Post
                      w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update
                      According to Microsoft Official "Active Directory Risk Assessment and Health Check Program" they state that Microsoft/Windows time should not be used as a reliable Time source for Sync your network.

                      Originally posted by Microsoft ADRAP
                      Root PDC
                      Indicates the PDCE of the forest root domain. This is the only DC that should use Type=NTP.
                      This DC should point to a very reliable and authoritative time source. This is typically a hardware device
                      or a source directly on the Internet.
                      Do not use time.windows.com , it is intended for consumer use. Instead, use a government, scientific, or educational organization‘s time sources.

                      How to configure an authoritative time server in Windows Server 2003
                      http://support.microsoft.com/?id=816042
                      Last edited by Akila; 29th October 2008, 20:50.

                      Comment


                      • #12
                        Re: moving time server fron nt4 to my pdc emulator

                        I used time.windows.com here just because the choice for an external time source was not part of the question, it was just used as an example (and is a default value). In fact the DC in the question is not planned to use the external souce, therefore probably the network firewall is not even configurerd to allow time sync.

                        Yes! you are absolutely right about time.windows.com. Normally one would choose a time server of the ISP or a very reliable time source as mensioned in the article you showed.

                        What the command line do else, it sets the PDCE computer as a reliable time service for the network with the /reliable:yes switch and the /update switch notifies the time service that the config has changed and causing the changes to take effect (Windows Time Service Technical Reference).
                        This will hopefully set things back to normal. (Maybe ohada could also skip this step, and directly configure the PDCE to synchronize from its internal hardware clock, I don't know)

                        (Make sure there is not already a time difference (mind the zone an dls) between computers on the network!)


                        When clients can now succesfully sync time with the one DC - next ,
                        configure the DC (PDC emulator) to synchronize from its internal hardware clock, because you don't want to use an external time source, and prevent any event ID 12 warnings from appearing the system log.

                        1. From the KB article 816042,
                        To configure the PDC master without using an external time source, change the announce flag on the PDC master. The PDC master is the server that holds the forest root PDC master role for the domain. This configuration forces the PDC master to announce itself as a reliable time source and uses the built-in complementary metal oxide semiconductor (CMOS) clock. To configure the PDC master by using an internal hardware clock, follow these steps:
                        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W32Time\Config\ AnnounceFlags value a (= 10)

                        Note The PDC master must not be configured to synchronize with itself. For more information about why the PDC master must not be configured to synchronize with itself, visit the following Web site to view Request For Comment (RFC) 1305
                        - - - -

                        OR,
                        2. From technet.microsoft.com/en-us/library/cc784882.aspx
                        run this command below on the PDCE
                        Code:
                        w32tm.exe /config /syncfromflags:domhier /reliable:yes /update
                        next, stop and start w32time service.

                        (the same commands as for the clients )
                        read also: http://blogs.dirteam.com/blogs/jorge...11/19/111.aspx
                        - - - -


                        \Rems

                        This posting is provided "AS IS" with no warranties, and confers no rights.

                        __________________

                        ** Remember to give credit where credit's due **
                        and leave Reputation Points for meaningful posts

                        Comment


                        • #13
                          Re: moving time server fron nt4 to my pdc emulator

                          i did all this thigks but still is the same.now i have another problem
                          i decided to sync the pdce with another computer(win2k,dc)
                          i run the command:
                          w32tm /config /manualpeerlist:myserver name/syncfromflags:manual /reliable:yes /update

                          i see the ntpserver value chenged to my server but when i'm tring to resync with the computer with w32tm /resync /computer:my server
                          i get access denied.
                          when i'm restart ther w32time service i get this massage:
                          Event Type: Warning
                          Event Source: W32Time
                          Event Category: None
                          Event ID: 12
                          Date: 11/3/2008
                          Time: 9:53:53 AM
                          User: N/A
                          Computer: SRVDC1
                          Description:
                          Time Provider NtpClient: This machine is configured to use
                          the domain hierarchy to determine its time source, but it
                          is the PDC emulator for the domain at the root of the
                          forest, so there is no machine above it in the domain hierarchy
                          to use as a time source. It is recommended that you either
                          configure a reliable time service in the root domain, or
                          manually configure the PDC to synchronize with an external time
                          source. Otherwise, this machine will function as the
                          authoritative time source in the domain hierarchy. If an external
                          time source is not configured or used for this computer, you may
                          choose to disable the NtpClient.

                          For more information, see Help and
                          Support Center at
                          http://go.microsoft.com/fwlink/events.asp.



                          but again i configured an external time source.

                          i found an artical which solved this problem to other people
                          http://www.mmmug.co.uk/files/216/download.aspx

                          i try all the things but is still not working

                          when i run the command w32tn /monitor i get this input:
                          my server[192.168.2.10]: (not the real ip)
                          ICMP: 1ms delay.
                          NTP: -28.5378750s offset from local clock
                          RefID: unspecified / unsynchronized [0.0.0.0]

                          i want to unregister /register the w32tm service but i get access is denied(logon with administrator)

                          I have spent hours trying to find the solution to this problem
                          anyone have idea/recommendation

                          Comment


                          • #14
                            Re: moving time server fron nt4 to my pdc emulator

                            Originally posted by ohada View Post
                            i decided to sync the pdce with another computer(win2k,dc)
                            Don't try to do that.


                            i want to unregister /register the w32tm service but i get access is denied(logon with administrator)

                            I have spent hours trying to find the solution to this problem
                            anyone have idea/recommendation
                            Don't try too much total different things in a short period, give it time.


                            test if the dc still holds the pdce role:
                            Code:
                            CMD /k dcdiag /test:knowsofroleholders /v | find /i "Role PDC"
                            Change the w32time service on the pdce back to default. This should work first before making other kind of changes.

                            http://technet.microsoft.com/en-us/l.../cc738995.aspx
                            1. Stop w32time service !
                            2. unregister w32time service (as a member of the domain admins group!)
                            3. register w32time service
                            4. Start w32time service.
                            If it is the pdce (only if it is the pdce) then make it /reliable:yes
                            Stop and Start the service after every change, then I would suggest to wait the next 15 minutes.


                            \Rems
                            Last edited by Rems; 3rd November 2008, 15:02.

                            This posting is provided "AS IS" with no warranties, and confers no rights.

                            __________________

                            ** Remember to give credit where credit's due **
                            and leave Reputation Points for meaningful posts

                            Comment


                            • #15
                              Re: moving time server fron nt4 to my pdc emulator

                              i did it now i get this input when i run w32tm /monitor

                              C:\Documents and Settings\administrator>w32tm/monitor
                              srvdc1.dc.co.il *** PDC *** [10.10.1.20]:
                              ICMP: 0ms delay.
                              NTP: +0.0000000s offset from srvdc1.dc.co.il
                              RefID: 'LOCL' [76.79.67.76]
                              srvdc2.dc.co.il [10.10.1.21]:
                              ICMP: 0ms delay.
                              NTP: +0.0000696s offset from srvdc1.dc.co.il
                              RefID: srvdc1.dc.co.il [10.10.1.20]
                              srvdc3.dc.co.il [10.10.41.1]:
                              ICMP: 37ms delay.
                              NTP: +0.0026576s offset from srvdc1.dc.co.il
                              RefID: srvdc1.dc.co.il [10.10.1.20]

                              the rfid is locl(76.79.67.76) he need to point to the external ntp server.
                              if i run net time /q i get the correct ntp server
                              i understand that if the RFid at my pdc point to the external clock it means its o.k
                              the good news is that on my worstation i see that my pdc is the time server although if i run net time he point to the NT4(how can i fix this)

                              thaks
                              i appreciate your help

                              Comment

                              Working...
                              X