none
NTP is not synchronizing

    Question

  • Hello Experts,

    We use to have 2 DC's back in 2003 say ODC1, ODC2, then compnay grow purchase new hardware and configure 2 DC's on virtual machines and demolish old DC's...but for some reason no buddy did sites and services cleanup....

    I am new starter in the company and 1st thing I did install/configure DC3 on another peice of hardware..now we have 3 DC's say NDC1, NDC2 and NDC3.. we are noew facing issue with NTP..every thing is configured as per MS articles..all users are syncing their time with NDC1 who is PDC...

    but PDC is not syncing with external time servers...when I do w32tm /resync it sync update the time but only for few seconds and revert back to old time... while troubleshooting NTP i discover that 1 of old ODC1 is live and working as a domain controller, exchange server and DFS .... I am on RDP on this server troubleshooting NTP..this server is not syncing with with NDC1 event ID 24 is generating on this server very often...

    in ODC1 when I run this command w32tm /resync /computer:PDCEmulatorname

    the result is:
    The following error occurred: The RPC server is unavailable. (0x800706BA)

    and when I run w32tm /monitor:


    ODC1 [10.6.1.58]:                (remote site)
        ICMP: 0ms delay.
        NTP: -11.7838281s offset from NDC1
            RefID: unspecified / unsynchronized [0.0.0.0]
    ODC2 [error 0x8007277C]
    NDC1 *** PDC *** [10.9.1.50]: (DC)
        ICMP: 0ms delay.
        NTP: +0.0000000s offset from NDC1
            RefID: maverick.mcc.ac.uk [130.88.202.49]
    NDC2 [10.9.1.51]: (DC)
        ICMP: 0ms delay.
        NTP: error WSAECONNRESET - no server listening on NTP port
    NDC3[10.9.1.56]: (DC)
        ICMP: 0ms delay.
        NTP: -28.2349037s offset from NDC1
            RefID: NDC1 [10.9.1.50]

    Morover to this issue if I configure NDC3 as a NTP server it works fine but lonely and synch with external time sevrer NDC1 and NDC2 are not synching with external properly..neither ODC1....

    Can some 1 help me to solve this issue please....



    Regards

    Jag
    Friday, October 16, 2009 8:59 AM

All replies

  • Verify that w32tm specific registry settings (as per http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx#w2k3tr_times_tools_uhlp) are correct on all of your DCs (you might try running w32tm /unregister & w32tm /register on your DCs and resetting the external time source on the PDC afterwards). Ensure that none of them have firewall enabled (in particular, NDC2).

    hth
    Marcin

    Friday, October 16, 2009 11:37 AM
  • Hello,

    if there where 2 DCs removed from the domain, was this done with dcpromo? Or just disconnected from the domain and the AD database wasn't cleaned up? Also if the PDCemulator role is moved to another DC, waht i assume here, you have to make sure it is confgirured to an external time source or to use the internal hardware clock. Check with "netdom query fsmo" for the FSMO roles

    For external time source you can choose:
    w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update

    With "PEERS" you can set the time source, either DNS name (time.windows.com) or an ip address from a reliable time source.

    Here you can find some of them:
    http://www.pool.ntp.org/


    If the DCs where not removed properly with dcpromo check also with this document about:
    http://support.microsoft.com/kb/555846/en-us


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, October 19, 2009 9:03 AM
  • I am not an expert and  I had somewhat similar problem on w32time synchronization with Time Servers and none of the solutions offered on the net seemed to work. By logic I used a combination from different solutions and it worked for me. Try it and see if it works!

     

    At the command prompt (with administrator privileges), type the following command

    1. Type w32tm /debug /disable and press 'Enter'

    2. Type w32tm /unregister and press 'Enter' (without using the first command the second did not work!)

    you should get the response " W32Time successfully unregistered"

    3. Type w32tm /register and press 'Enter'

      you should get the response "W32Time successfully registered"

    4. Type net start w32time and press 'Enter'

     you should get the response "The windows Time Service is starting. The windows time service was started successfully"

    This ensured my Internet Time synchronization started working again. I suppose w32tm and w32time commands are interchangeable 

     

    • Edited by Narad Friday, September 03, 2010 12:52 PM spelling
    Friday, September 03, 2010 12:51 PM
  • w32tm = windows time service configuration tool
    w32time = windows time service it self

    As for the OP: start with Meinolf suggestions:

    • verify your FSMO roles are currently owned by one of the DC's which is supposed to be a DC.
    • verify if all remains of olds DC's have been cleaned (metadata cleanup or proper demote).
    • Then start veryfing why time is going wrong.

    And make sure (for virtual DC's) that they are not configured to sync their clock with the hardware. For VMware this is an option in the VMware tools (system tray).


    http://setspn.blogspot.com
    Sunday, September 05, 2010 11:32 AM
  • Try to disable the "Time Syncronization" service form the VM properties under "integration services"
    Saturday, October 22, 2011 2:26 PM
  • Hi,

    Morover to this issue if I configure NDC3 as a NTP server it works fine but lonely and synch with external time sevrer NDC1 and NDC2 are not synching with external properly..neither ODC1....
    The only PDC in forest root domain should be configure as authorative time server.

    As you said, PDC time is reverting after some time and it happens when PDC is hosted on VMWARE or HYPER-V.

    To resolve the above problem:
    On the physical host.
    Turn off Time Sychronization in Integration Services
    http://blogs.technet.com/b/chrad/archive/2009/08/28/fighting-hyper-v-physical-host-time-drift-utilizing-ntp-to-synchronize-clocks.aspx

    On

    the VM server
    1) Disable the Hyper-V Time Synchronization Service inside the VM.
    2)Delete the following registry subtree: HKLM\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\vmictimeprovider
    3)Set the correct time on the server and reboot the server.
    4)Configure authorative time on the server.http://support.microsoft.com/kb/816042

    Note:Backup the resgistery before you proceed.
     
    Time configuration, It should be proper on every DC and clients in network else replication, authentication..etc will fail.
     
    Understanding time synchronization in a domain.
    The domain controller that is the pdc emulator is the “primary time server” for the domain.
    All other domain controllers get their time from the pdc emulator, and the workstations and member servers get their time from any domain controller.
     
    On PDC: command to run on DC that must be a PDC emulator role owner in forest root domain.
     
    w32tm /config /manualpeerlist:time.windows.com,0x1 /syncfromflags:manual / reliable:yes /update
     
    Now stop and restart the Windows Time service using the following commands:
     
    net stop w32time
     
    net start w32time
     
    if you don’t want to wait for time convergence to occur between your stratum 2 time server (your forest root PDC Emulator) and the external stratum 1 time server, you can run the following command on your PDC Emulator:
     
    w32tm /resync /rediscover
     
    Now on clients:
    w32tm /config /syncfromflags:domhier /update
     
    net stop w32time
     
    net start w32time
     
    w32tm /resync /rediscover
     
    Time server configuration to sync PDC emulator to an External Time Source
     http://abhijitw.wordpress.com/2011/10/08/time-server-configuration-to-sync-pdc-emulator-to-an-external-time-source/

     
    Regards,
    Abhijit Waikar.
     -------------------------------
    MCSA|MCSA:Messaging|MCTS|MCITP:SA
    My Blog: http://abhijitw.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights

    Saturday, October 22, 2011 2:48 PM
  • no, that should remain enabled!
     
    see:

    <o:p></o:p>

    Cheers,<o:p></o:p>


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <o:p></o:p>

    "saleh_mm" wrote in message news:7e8da2bf-b55b-4b14-8ce4-9c7d4ce93034@communitybridge.codeplex.com...
    Try to disable the "Time Syncronization" service form the VM properties under "integration services"

    Jorge de Almeida Pinto [MVP-DS] (http://jorgequestforknowledge.wordpress.com/)
    Saturday, October 22, 2011 8:44 PM
    Moderator
  • Yes, Jorge is right. Time synchronization on VM should not be disabled.

    http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv%28WS.10%29.aspx

     

    Regards


    Awinish Vishwakarma

    MY BLOG:  http://awinish.wordpress.com/


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Sunday, October 23, 2011 5:27 AM
    Moderator