none
Configure PDC Emulator as time server for network

    Question

  • We have a test lab that is completely isolated from all other networks. We want our PDC emulator to be the time server for all Windows, LINUX and VMWARE ESXi servers.

    We configured the PDC emulator with the following changes:

    win32tm /config /syncfromflag:No /reliable:yes

    Modified following registry value

    HKLM\System\CurrentControlSet\Services\W32Time\Config\AnnounceFlags=0x5

    Windows boxes seem fine with this, but none of our Linux or VMWare boxes appear to be able to sync with the domain controller. I also tried pointing them at one of the other domain controllers we have never modified.

    We have no problems with this when we do this on our production network. Is there something special we have to do when working in an isolated environment?


    • Edited by Oldguard Wednesday, June 25, 2014 5:09 PM
    Wednesday, June 25, 2014 5:09 PM

Answers

  • Hello,

    you have to be aware that Windows time service is NOT a full NTP server, so this may be the reason that all NON Windows machines will not work correct with it.

    There may also be the issue that a firewall is blocking port 123 UDP.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Marked as answer by Oldguard Friday, June 27, 2014 3:47 PM
    Thursday, June 26, 2014 10:27 AM

All replies

  • Hi

    • Best practice in production is below
    • You need to create an NTP server
    • Allow NTP server to sync time from your ISP router
    • Configure your PDC to Get time from NTP
    • So all windows server will sync time with PDC
    • in ESX configure NTP with your NTP server
    • in VMware tools - disable time sync

    Wednesday, June 25, 2014 6:27 PM
  • We cannot sync with the ISP. We do not allow those switches to have any connection to any other network. We do that on production networks, but my question is specific to air gapped networks. Since the switches do not even have an IP address on that network, I cannot even use the switch as a source...
    Wednesday, June 25, 2014 6:33 PM
  • Hello,

    you have to be aware that Windows time service is NOT a full NTP server, so this may be the reason that all NON Windows machines will not work correct with it.

    There may also be the issue that a firewall is blocking port 123 UDP.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Marked as answer by Oldguard Friday, June 27, 2014 3:47 PM
    Thursday, June 26, 2014 10:27 AM
  • Hi,

    Any update about the issue?

    Regards.


    Vivian Wang

    Friday, June 27, 2014 6:46 AM
  • Funny how something as simple as time can be complicated... I am just accepting the answer that the Windows servers don't provide a true time services that linux and other devices can use.
    Friday, June 27, 2014 3:47 PM