none
Moving time source to another DC

    Question

  • I have one Windows 2003 SP2 DC and 4 Windows 2008R2 DC’s.  The 2003 DC (call it OLDDC) had all 5 FSMO roles, and it was also the time source for our single-Domain Forest.  It was set to sync up with a Linux server (IP address 192.168.1.100) in our environment that syncs up with an external time source.  I moved all of the FSMO roles to one of the 2008R2 DC’s (call it PRIMEDC), then I ran the following on PRIMEDC to make it the time source for the Forest:

    w32tm /config /manualpeerlist:192.168.1.100 /syncfromflags:manual /reliable:yes /update

    net stop w32time

    net start w32time

     

    I then ran the following commands on OLDDC:

    w32tm /config /syncfromflags:domhier /reliable:no /update

    net stop w32time

    net start w32time

     

    I then checked the registry on these 2 servers.  On PRIMEDC, the setting for HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters\NtpServer was changed to 192.168.1.100, but there was no tag (0x8, 0x9, or 0x1) associated to it.  This setting on OLDDC had been “192.168.1.100,0x8”.   The setting for HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters\Type was successfully changed from NT5DS to NTP.

    On OLDDC, the setting for HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters\Type was successfully changed from NTP to NT5DS, but the setting for HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters\NtpServer was NOT changed, and remains at “192.168.1.100,0x8”.  

    Do I need to manually add the tag “0x8” to the NtpServer key on PRIMEDC?  Also, does the setting for the NtpServer key on OLDDC matter since the type key is set to NT5DS, or should I manually change it as well?

    Thank you very much for your help.
    Tuesday, March 18, 2014 6:38 PM

Answers

  • Hi Logan,

    As you are using linux machine as a NTP server, Some NTP servers that do not run Windows respond only to requests that use client mode.

    Try the below command to set it in client mode:

    • w32tm /config /manualpeerlist:NTP_server_IP_Address,0x8 /syncfromflags:manual /reliable:yes /update

    The mode that Windows Time uses to send requests is set by the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
    If the value of the Enabled entry in this subkey is 1, Windows Time uses symmetric active mode. Otherwise, Windows Time uses client mode.

    The 0x8 setting that is referenced in the command in the "Resolution" section sets Windows Time to use client mode.

    The valid settings for the mode used with the /manualpeerlist switch include the following:
    • 0x01 - use special poll interval SpecialInterval
    • 0x02 - UseAsFallbackOnly
    • 0x04 - send request as SymmetricActive mode
    • 0x08 - send request as Client mode

    Source: 

    Time synchronization may not succeed when you try to synchronize with a non-Windows NTP server in Windows Server 2003

    http://support.microsoft.com/kb/875424


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!


    • Edited by iamrafic Wednesday, March 19, 2014 7:42 AM
    • Marked as answer by Logan Burt Thursday, March 20, 2014 10:34 AM
    Wednesday, March 19, 2014 7:41 AM

All replies

  • Hi,

    As far as I know, PDC plays as the time server of the domain, I would like to suggest you transfer the role to the time server that you want to set, in addition, please go through the below links for more details about how to set time server of domain:

    Configuring a time source for the forest

    http://technet.microsoft.com/en-us/library/cc784800(v=ws.10).aspx

    Configure the Windows Time service on the PDC emulator in the Forest Root Domain

    http://technet.microsoft.com/en-us/library/cc786897(v=ws.10).aspx

    In addition, I think we can manually change the registry as well. Please backup the registry first before manually change it.

    Regards,

    Yan Li


    Regards, Yan Li

    Wednesday, March 19, 2014 6:15 AM
    Moderator
  • Hi Logan,

    As you are using linux machine as a NTP server, Some NTP servers that do not run Windows respond only to requests that use client mode.

    Try the below command to set it in client mode:

    • w32tm /config /manualpeerlist:NTP_server_IP_Address,0x8 /syncfromflags:manual /reliable:yes /update

    The mode that Windows Time uses to send requests is set by the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
    If the value of the Enabled entry in this subkey is 1, Windows Time uses symmetric active mode. Otherwise, Windows Time uses client mode.

    The 0x8 setting that is referenced in the command in the "Resolution" section sets Windows Time to use client mode.

    The valid settings for the mode used with the /manualpeerlist switch include the following:
    • 0x01 - use special poll interval SpecialInterval
    • 0x02 - UseAsFallbackOnly
    • 0x04 - send request as SymmetricActive mode
    • 0x08 - send request as Client mode

    Source: 

    Time synchronization may not succeed when you try to synchronize with a non-Windows NTP server in Windows Server 2003

    http://support.microsoft.com/kb/875424


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!


    • Edited by iamrafic Wednesday, March 19, 2014 7:42 AM
    • Marked as answer by Logan Burt Thursday, March 20, 2014 10:34 AM
    Wednesday, March 19, 2014 7:41 AM
  • Thank you very much.  I had run across one item that defined 0x8 as a code for a NTP client, but your article explained why this is needed.  I added it and the event log immediately showed that it successfully obtained time from the Linux server.

    As to OLDDC, the event logs are now indicating that it is now getting its time from PRIMEDC, so I suppose the value for HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters\NtpServer  is ignored since the value for HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters\Type is now NT5DS and no longer is NTP.

    Thank you again for the clarification.

    Thursday, March 20, 2014 10:39 AM
  • I have one Windows 2003 SP2 DC and 4 Windows 2008R2 DC’s.  The 2003 DC (call it OLDDC) had all 5 FSMO roles, and it was also the time source for our single-Domain Forest.  It was set to sync up with a Linux server (IP address 192.168.1.100) in our environment that syncs up with an external time source.  I moved all of the FSMO roles to one of the 2008R2 DC’s (call it PRIMEDC), then I ran the following on PRIMEDC to make it the time source for the Forest:

    w32tm /config /manualpeerlist:192.168.1.100 /syncfromflags:manual /reliable:yes /update

    net stop w32time

    net start w32time

     

    I then ran the following commands on OLDDC:

    w32tm /config /syncfromflags:domhier /reliable:no /update

    net stop w32time

    net start w32time

     

    I then checked the registry on these 2 servers.  On PRIMEDC, the setting for HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters\NtpServer was changed to 192.168.1.100, but there was no tag (0x8, 0x9, or 0x1) associated to it.  This setting on OLDDC had been “192.168.1.100,0x8”.   The setting for HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters\Type was successfully changed from NT5DS to NTP.

    On OLDDC, the setting for HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters\Type was successfully changed from NTP to NT5DS, but the setting for HKLM\SYSTEM\CurrentControlSet\services\W32Time\Parameters\NtpServer was NOT changed, and remains at “192.168.1.100,0x8”.  

    Do I need to manually add the tag “0x8” to the NtpServer key on PRIMEDC?  Also, does the setting for the NtpServer key on OLDDC matter since the type key is set to NT5DS, or should I manually change it as well?

    Thank you very much for your help.

    Thursday, March 20, 2014 11:07 AM