none
problem with hour syncronization on AD server

    Question

  • Hello,

    on my network I have 3 AD's servers (W2008). Two of them are VM, and the other is a physical server.

    So, I wanted to syncronize the PDC with and external source, and then I'm executing the following command one time a day:

    w32tm /config /manualpeerlist:"pool.ntp.org" /reliable:yes /update

    One guy on this forum told me that I'd need to execute the following line on the others two AD's server:

    net time \\PDCserver /set /y

    And I'm doing it once a day, too.

    The problem is that on one of the AD server (VM) that is not a PDC I'm getting the following error almost every minute (firewall down):


    Nombre de registro:System
    Origen:        Microsoft-Windows-Time-Service
    Fecha:         06/06/2011 15:12:19
    Id. del evento:142
    Categoría de la tarea:Ninguno
    Nivel:         Advertencia
    Palabras clave:
    Usuario:       SERVICIO LOCAL
    Equipo:        ADserver.OG.local
    Descripción:
    El servicio de hora dejó de anunciarse como origen de la hora porque el reloj local no está sincronizado.
    XML de evento:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}" />
        <EventID>142</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2011-06-06T13:12:19.903000000Z" />
        <EventRecordID>158559</EventRecordID>
        <Correlation />
        <Execution ProcessID="916" ThreadID="2420" />
        <Channel>System</Channel>
        <Computer>HENDRIX.OG.local</Computer>
        <Security UserID="S-1-5-19" />
      </System>
      <EventData Name="TMP_EVENT_STOP_ADVERTISING">
      </EventData>
    </Event>

    I did some test with the command w32tm. So, when I execute the command

    w32tm /monitor

    on the AD server of above, I get a problem with the ICMP protocol:

    HENDRIX.OG.local[[::1]:123]:
        ICMP: error 0x8007271D
        NTP: -0.0332734s diferencia horaria de SVHDW10.OG.local
            RefID: PDCserver.OG.local [81.92.138.29]
            Capa: 2

    But when I execute the same command into another AD server, I don't get this error neither for this server.
    So, how could I avoid this kind of warnings?

    Thank you.


    Monday, June 06, 2011 1:23 PM

Answers

  • Ok, thank you.

    I discovered the problem was the vmware agent tool configuration.

    Anyway, after ejecute one of the commands, I got an error:

    C:\Windows\system32>w32tm /unregister
    Error: Acceso denegado. (0x80070005)

    Now the error is gone.

    Monday, June 06, 2011 2:12 PM

All replies

  • Hello,

    make sure that the correct PDCEmulator is configured, use "netdom query fsmo" to control.

    On the VMs make sure they do NOT use the integration services or VMWare tools or whatever Virtual server software you use. There is by default no need to run additional commands.

    Anyway, i suggest you reset the time on the additional DCs to default and then sync them again to the  domain time. Therefore run for the reset:

    net stop w32time

    w32tm /unregister

    w32tm /register

    net start w32time

    And for the new sync:

    w32tm /config /syncfromflags:domhier /update

    After that you have to run:
    net stop w32time
    net start w32time

    This should solve your problem.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, June 06, 2011 1:38 PM
  • Ok, thank you.

    I discovered the problem was the vmware agent tool configuration.

    Anyway, after ejecute one of the commands, I got an error:

    C:\Windows\system32>w32tm /unregister
    Error: Acceso denegado. (0x80070005)

    Now the error is gone.

    Monday, June 06, 2011 2:12 PM
  • Hello,

    access denied should belong to the UAC please make sure to use an elevated command prompt (RUNAS).


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, June 06, 2011 6:34 PM
  • Yes, I run the command as administrator, but it returned that error.

    Anyway, the problem was the vmtool, that was configurated to syncro the hour with the host.

    Tuesday, June 07, 2011 3:54 PM
  • I would like to point out that it's advised not to use VMWare's time sync features with DCs.

    More info on this:

    How to configure your virtual Domain Controllers and avoid simple mistakes with resulting big problems
    http://www.sole.dk/post/how-to-configure-your-virtual-domain-controllers-and-avoid-simple-mistakes-with-resulting-big-problems/?p=387

     

    Here's more info on configuring and troubleshooting the time service:

    Configuring the Windows Time Service for Windows 2000, 2003, 2008 and newer, explanation of the time service hierarchy, and more
    http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspx

    Ace

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, June 07, 2011 6:23 PM