none
time server in a domain

    Question

  • i just set my pdc emulator on a 2012 r2 domain to get time from the ntp.org time servers

    looks to be working, when i do a w32tm /query /status i get the source either 1, 2, or 3.north-america.pool.ntp.org,0x8

    Likewise when i do it on my "backup" domain controller (no roles on this one) i get the source as the PDCe above.

    My domain contollers are fine.  My member servers, which i thought by default would synch with the DC that it authenticates with, i get all sorts of sources.

    One has source:CMOS clock, another source:time.windows.com,0x1

    Should I be configuring the time settings for my member servers as well?  If so, GPO would be the preferred way if anyone has tips....thank you.


    Monday, March 09, 2015 4:52 PM

Answers

  • Any machines joined to the domain should synchronize their time with the server holding the PDC role, no further configuration is required.  Are these member servers on the same subnet as the PDC role holder? If not then perhaps the connection is being blocked by a firewall somewhere. Are there any errors in the event logs of the member server relating to the time service that might have logged a fault in the event viewer.

    • Marked as answer by Willmeister Tuesday, March 10, 2015 1:03 PM
    Monday, March 09, 2015 5:10 PM
  • Ummmm, blushing a little bit here.

    Someone had made changes to the Default Domain policy.  Oooops.

    Set those settings to not configured, rebooted my test box just to be sure, time source is now my PDC.

    So no further configuration is required is definitely the answer, provided no one monkeyed with anything else :)

    Thanks for provoking me into looking more!

    Monday, March 09, 2015 5:44 PM

All replies

  • Any machines joined to the domain should synchronize their time with the server holding the PDC role, no further configuration is required.  Are these member servers on the same subnet as the PDC role holder? If not then perhaps the connection is being blocked by a firewall somewhere. Are there any errors in the event logs of the member server relating to the time service that might have logged a fault in the event viewer.

    • Marked as answer by Willmeister Tuesday, March 10, 2015 1:03 PM
    Monday, March 09, 2015 5:10 PM
  • Ummmm, blushing a little bit here.

    Someone had made changes to the Default Domain policy.  Oooops.

    Set those settings to not configured, rebooted my test box just to be sure, time source is now my PDC.

    So no further configuration is required is definitely the answer, provided no one monkeyed with anything else :)

    Thanks for provoking me into looking more!

    Monday, March 09, 2015 5:44 PM