none
AD Replication Monitoring - Time skew detected RRS feed

  • Question

  • We have the following alert logged by ever DC in the environment:

    AD Replication Monitoring : The following DCs have clocks which are set in the future. This can cause replication errors in Active Directory and prevents the 'AD Replication Monitoring' script from detecting replication errors.
    <SITENAME00>
    <DCNAME00> reported time: 9/7/2011 5:54:00 PM

    All DCs except one are VMware guests and are not currently configured to sync time with the ESX host.

    This one particular DC, <DCNAME00>, was on a host where the time was 8 hours in the future.  That was corrected and the DCNAME00 and the ESX host both have the correct time and there are no time skew errors logged in the event log, but the alerts from all other DCs continue to pile up complaining about DCNAME00.

    Other than having guests not synching time with hosts, what else is there to look at?

     

    Thanks - BH


    Wednesday, September 7, 2011 7:47 PM

Answers

  • Check on all domain controllers what time settings they have and that they are very near in time (within seconds if possible). make sure none of them take time from the esx hosts. Restart the time service on the domain controllers. See what happens.
    Bob Cornelissen - BICTT (My BICTT Blog) - Microsoft Community Contributor 2011 Recipient
    • Marked as answer by Bruce Hethcote Thursday, September 8, 2011 12:33 PM
    Thursday, September 8, 2011 7:32 AM
    Moderator
  • Thanks Bob,

    The problem started when we discovered that the time on that particular DC was incorrect and we reset it to the correct time.  Immediately we were hammered by time skew alerts from all other DCs.  We then discovered that the ESX host's time was incorrect and although the guest DC was not configured to sync with it, there seemed to be some lingering connection.

    Anyway - we did the following:

    • verified that all virtual DCs were configured to not sync time with their hosts
    • fixed the time on the ESX host (all ESX hosts are now configured to sync time with the domain)
    • rebooted the DC in question
    • restarted the time service on all other DCs

    That seems to have resolved the issue.

    - BH

    Thursday, September 8, 2011 12:32 PM

All replies

  • Check on all domain controllers what time settings they have and that they are very near in time (within seconds if possible). make sure none of them take time from the esx hosts. Restart the time service on the domain controllers. See what happens.
    Bob Cornelissen - BICTT (My BICTT Blog) - Microsoft Community Contributor 2011 Recipient
    • Marked as answer by Bruce Hethcote Thursday, September 8, 2011 12:33 PM
    Thursday, September 8, 2011 7:32 AM
    Moderator
  • Thanks Bob,

    The problem started when we discovered that the time on that particular DC was incorrect and we reset it to the correct time.  Immediately we were hammered by time skew alerts from all other DCs.  We then discovered that the ESX host's time was incorrect and although the guest DC was not configured to sync with it, there seemed to be some lingering connection.

    Anyway - we did the following:

    • verified that all virtual DCs were configured to not sync time with their hosts
    • fixed the time on the ESX host (all ESX hosts are now configured to sync time with the domain)
    • rebooted the DC in question
    • restarted the time service on all other DCs

    That seems to have resolved the issue.

    - BH

    Thursday, September 8, 2011 12:32 PM