none
Server 2008 DC time synchronization

    Question

  • Maybe someone asked this before, I just  could not find the right answer.

    Since Monday, time on most of the servers and workstations on domain differs by 12-15 minutes. Enough to make Kerberos stop authenticating. The workstations should use DC as time server, but for some reason they don't. DC is configured as NTP server, at least that what registry says, as a external time server it is using time.windows.com. Checked registry on workstations and other servers they all use the same, external, time server. However, pretty much they all have different time.

    This parameters for time server are on all clients:

    Ntp Server  - time.windows.com, 0x1

    Type - NT5DS

    The network has only 2 domain controller, I set NTP server addresses in DNS, and figured that it will distribute NTP server info to connecting clients.

    What change do I need to make to ensure that clients are using only domain controller for time synchronization? Do I have to make a manual change in registry to point to right server?

    Also I could not find info for the flags next to server address in registry. One of the servers had flag set to 0x9 and could not synchronize, I changed flag to 0x1 and it did.

     

    Need help ASAP. Thanx in advance

    Wednesday, March 02, 2011 11:52 PM

Answers

All replies