none
TIme Server Problem

    Question

  • Hi All,

    We are facing with Domain Time Service error. We were having DC holding all FSMO roles and was running Windows 2003. This server was holding NTP role as well. Recently we had to migrate this server to another Windows 2008 Server. So we have temporarily moved the roles to another DC and upgraded the server to Windows 2008 R2 Server. After the activity is completed we have moved all the roles and Time Service to Windows 2008 Server. We have followed the below commands in the Servers to move Time services. The Time server is configured to update time from external time Source

    On Old Server:

    w32tm /config /syncfromflags:domhier /reliable:no /update
    net stop w32time && net start w32time

    On New Windows 2008 DC :

    w32tm /config /manualpeerlist:peers /syncfromflags:manual /reliable:yes /update

    After this when I am restarting Time service in New DC I am getting event 139 that it is advertising as Time Source and after a minute warning is logged 144 It is no more advertising as time source.

    We have Tried the below steps:

    • Checked the registry values for Announce Flag is 5
    • Type is NTP
    • NTP Server is external server ip and 0x1
    • Other DC's are not able to resync time from this DC
    • Moved the time source to another Windows 2008 DC
    • It is working fine and all other DC's are able to sync time with this DC
    • But the DC from where we have moved the Time Service is not syncing time with new time Server.
    • It is still logging the event 144 It is no more advertising as time source
    • Announce flag is 10 now and type is NT5D5

    I am not able to understand why only this DC is having issue only in Time Synchronisation. It is not syncing time as well and giving error Access is denied. (0x80070005)

    Please Suggest

    Thanks

    Friday, November 08, 2013 5:06 AM

All replies

  • Sunday, November 10, 2013 5:42 PM
  • Make sure port 123 UDP is allowed on the firewall. Secondly, you can also use netmon/wireshark to capture the traffic. It might be antivirus which might be blocking the communication.

    Windows Time Server Role in AD Forest/Domain


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, November 11, 2013 2:24 AM
  • Hi,

    remove the NTP server settings from the first DC which are not able to sync time from the new time source.

    once settings removed check the config thorugh w32tm command in first domain Controller, make sure it is not pointing to any ntp server except new DC.

    Thanks & Regards

    Ashish Gaur

    • Proposed as answer by Ashish Gaur001 Monday, November 11, 2013 3:53 AM
    • Unproposed as answer by Sukhwin08 Wednesday, November 13, 2013 3:57 PM
    Monday, November 11, 2013 3:53 AM
  • Hi,

    Already tried unregister and register command but it did not help

    Monday, November 11, 2013 7:26 AM
  • Hi Awinish,

    There is no Firewall between Time server and other DC

    Monday, November 11, 2013 7:27 AM
  • Hi Ashish,

    How should I remove NTP setting by unregistering???

    Monday, November 11, 2013 7:27 AM
  • Hi All,

    This is to update all of you that I have checked and found that PDC Emulator role was there with the DC which was having issue. I have transferred the role to other DC where we have moved the Time services. After that Event 139 and 144 is no more coming in DC which is having problem. But when I am running W32tm /resync I am still getting Access is denied. (0x80070005) error and it is not synchronising time with NTP Server.

    I have tried to unregister and re-register but no use. Even the commands like w32tm /query /status is giving Access Denied error.

    I have run the command net time /set then it asks if I want to sync time with NTP server. After confirmation it had synchronised time with NTP. But the w32tm command is still not working.

    I am not able to understand if the issue is with Time service in this DC or only the command is having the issue.

    I have also run sfc /scannow but it didn't help.

    Wednesday, November 13, 2013 6:16 AM
  • Hi All,

    There is another update. I have Run the w32tm /unregister and w32tm /register command after that the W32time service is not starting it is giving error :

    System error 1290 has occurred.

    The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.

    If I run the command " sc config w32time type= own" after that the service is getting started but when I am running the command w32tm /resync it is giving error "No valid time data is available" or " Access is denied. (0x80070005)".

    I don't know if running w32time service in its own space creates the issue but I am not able to run the Service if it is running as shared.

    Please suggest

    Tuesday, November 19, 2013 12:05 PM