Time service reset to ten years ago on PDC
Question
Answers
All replies
-
Not just you? Do you have links on what you've read (assuming you've read it somewhere on the internet)?
Without knowing any specifics about your environment, confguration, event log errors, number of domains, etc, since none was offered, what I can offer is if you see a 10 year shift in time is usually a bad battery, unless there is some sort of corruption in the time service (albeit a temporal distortion).
Virtualizing Domain Controllers and the Windows Time Service
Published by acefekay on Aug 23, 2011 at 1:15 AM
http://msmvps.com/blogs/acefekay/archive/2011/08/23/virtualizing-domain-controllers-and-the-windows-time-service.aspx.
Is the PDC in a virtual environment? If so, you must disable the VM host time service, and this is no matter what VM hosts you are using, such as whether VMWare, VirtualBox, HyperV, etc. Then configure the time service on the PDC.
I assume that the older operating systems, including whether the are the PDC Emulator, other DCs and client machines, that they've had the DST hotfix installed.
It also depends on how you configured the PDC Emulator. As you know, the PDCe in the forest root is the top of the time hierarchy in an AD forest. It's recommended that the PDCe is configured to sync time with an outside source. A few liinks below offer methods to configure the time service. There is a Microsoft Mr FixIt tool in KB816042 (link below) to fix the time service on the DCs.
Configuring the Windows Time Service for Windows 2000, 2003, 2008 and newer, explanation of the time service hierarchy, and more
Published by Ace Fekay, MCT, MVP DS on Sep 18, 2009 at 8:14 PM 3050 1
http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspxTehcnet thread: "Time Sync best practices," by Halo-NEXT,
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/043b1ebe-e7bc-40ca-91e0-174a6854808e/Good discussion on the default Time service in a forest
Technet Thread: "Time Sync best practices" by Halo-NEXT 5/21/2012
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/043b1ebe-e7bc-40ca-91e0-174a6854808e/How to configure an authoritative time server in Windows Server
http://support.microsoft.com/kb/816042.
If there is any corruption in the Time Service, to reset the time service, here aer a few steps, and note, it is not necessary to make any changes in the registry, since I've found many that have, have corrupted it. It's really easier to simply use the W32time command. So if you've experimented changing time settings to unknowlingly avert default behavior, you can set the time settings back to default:
1. On the DC that you're experiencing issues with, run the following in a command prompt:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
2. On the Server in question, run the following in a command prompt:
"net time /setsntp: " (without the quotes, but I put that in there to signify the blank space prior to the closing quote)
[This tells the client (whether a DC or workstation) to delete the current registry settings for time and use default settings.]
Restart the time service:
Net stop w32time && net start w32time
3. On the PDC Emulator run the following in a command prompt:
W32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update
W32tm /resync /rediscover
Restart the time service:
Net stop w32time && net start w32time
4. On each DC that are not holding the PDC Emulator role, run the following in a command prompt:
w32tm /config /syncfromflags:domhier /update
W32tm /resync /rediscoverRestart the time service:
Net stop w32time && net start w32time
5. This will take out any errors in the Event Viewer, if there are any..
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/This post is provided AS-IS with no warranties or guarantees and confers no rights.
- Edited by Ace Fekay [MCT] Tuesday, November 20, 2012 4:16 AM
- Proposed as answer by VenkatSP Tuesday, November 20, 2012 4:22 AM
-
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
That? On all DCs. And then leave it there indefinitely? Seems like a quick patch rather than a proper fix.
I was going to implement that reg key and then move FSMOs and demote this DC. That was my plan. But I wanted PSS on the horn. This is too big to screw up.
If that doesn't work for whatever reason, then we are looking at shutting down this DC, cleaning up AD metadata and seizing FSMO roles.
That should work. That resets replication with a DC passed the tombstone.
If you need specific step by step for a metadata cleanup, I hope this helps:
Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, cleanup DNS (Nameserver tab), AD Sites (old DC references), transfer or fix time settings, WINS settings, etc.
Published by Ace Fekay, MCT, MVP DS on Oct 5, 2010 at 12:14 AM
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspxAce Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/This post is provided AS-IS with no warranties or guarantees and confers no rights.
