none
Time difference of 1 minute between 2 DC's RRS feed

  • Question

  • when ran DCDIAG /TEST:DNS /V /E /F:dns.log it shows the following :

    Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity 
             * Active Directory RPC Services Check
             [DC1]DsBindWithSpnEx() failed with error 1722,

             The RPC server is unavailable..
             RPC Extended Error Info not available. Use group policy on the local machine at "Computer

             Configuration/Administrative Templates/System/Remote Procedure Call" to enable it.

             Got error while checking LDAP and RPC connectivity. Please check your firewall settings.

             The clock difference between the home server <other DC> and target server [DC1]is greater than one

             minute. This may cause Kerberos authentication failures. Please check that the time service is working

             properly. You may need to resynchonize the time between these servers. 
             ......................... [DC1]failed test Connectivity

    tried to syn the time on [DC1] by using w32tm /config /syncfromflags:domhier /update and restarted the time service but still same error 

    Is it an issue if the time difference is greater than a minute ? (we have total 8 DC's) 

    Please help

    Friday, November 22, 2019 9:14 AM

All replies

  • Hi,

    historically, it's five minutes but depending on the OS version, functional level and configuration in your forest, the allowed difference can indeed be shorter.

    But. Between DC, there shouldn't be any timekeeping problems *at all* so you really need to fix this.

    Check the following:

    • which DC is holding the PDC emulator role? This should be the only one that synchronizes to an external source (or a USB DCF-77 clock or whatever).
    • all other DCs have to synchronize to DOMHIER. If all else fails, set the time manually this once or use net time \\pdce-role-holder.yourdoma.in /set /yes
    • if any of the DCs are virtualized on something other than Hyper-V, turn the host time sync off for those VMs, regardless of how good the host time is.
    • if there are firewall between sites, check for UDP 123 being open to every DC in every site.


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Friday, November 22, 2019 9:50 AM
  • Thanks for replying. Now the time difference error is gone but the following remains:

    DC: [DC1]

                Domain: <domain>

                

                      
                   TEST: Authentication (Auth)
                      Error: Authentication failed with specified credentials
                      [Error details: 53 (Type: Win32 - Description: The network path was not found.) - Add connection failed]
                      
                   TEST: Basic (Basc)
                      Error: No DS RPC connectivity
                      Error: No WMI connectivity
                      [Error details: 0x800706ba (Type: HRESULT - Facility: Win32, Description: The RPC server is unavailable.) - Connection to WMI server failed]
                      No host records (A or AAAA) were found for this DC

    Friday, November 22, 2019 10:25 AM
  • Thanks for replying. Now the time difference error is gone but the following remains:

    DC: [DC1]

                Domain: <domain>

                

                      
                   TEST: Authentication (Auth)
                      Error: Authentication failed with specified credentials
                      [Error details: 53 (Type: Win32 - Description: The network path was not found.) - Add connection failed]
                      
                   TEST: Basic (Basc)
                      Error: No DS RPC connectivity
                      Error: No WMI connectivity
                      [Error details: 0x800706ba (Type: HRESULT - Facility: Win32, Description: The RPC server is unavailable.) - Connection to WMI server failed]
                      No host records (A or AAAA) were found for this DC

    Hi,

    It seems that you have network flow issue between domain controllers.

    try to check network flow using the free tools PortQryUI - User Interface for the PortQry Command Line Port Scanner


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/

    Friday, November 22, 2019 11:46 PM
  • Hi,

    Thanks for posting here!

    Before going further, i want to make sure that is your environment in a Multi-Sited Parent/Child-Domain Scenario?

    If so , you can refer to the following link for troubleshooting.

    https://social.technet.microsoft.com/wiki/contents/articles/25715.dcdiag-misleading-dns-test-failure-in-a-multi-sited-parentchild-domain-scenario.aspx

     

    Best Regards,

    Fan



    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, November 25, 2019 8:17 AM
  • 1 minute difference is still fine but it is not normal to have. Based on the information you have, it seems that you have some connectivity issues. I would advise to refer to the following troubleshooting guideline to start: https://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx

    As well, you can refer to the Wiki I started earlier for some recommendations about how you can make sure that your time sync is properly setup: https://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Monday, November 25, 2019 11:06 AM
  • Hi,

     

    Just want to confirm the current situations.

     

    Please feel free to let us know if you need further assistance.

     

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, November 27, 2019 8:56 AM
  • Hi,

     

    Was your issue resolved?

     

    If you resolved it using above solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

     

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, November 29, 2019 6:44 AM