Petri.com forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Server Operating Systems > Windows Server 2000 / 2003 / 2003 R2
Petri.com is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

Domain Controllers, NTP settings

Domain Controllers, NTP settings

this thread has 6 replies and has been viewed 47002 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 30th August 2007, 03:39
ntwaddell ntwaddell is offline
Casual
Casual
 
 Join Date: May 2006
  6 month star 12 month star
 Posts: 29
 Reputation: ntwaddell is on a distinguished road (10)
Default Domain Controllers, NTP settings

Hello,

I have two domain controllers and they have problem updating their time..

Here are my two errors..

Time Provider NtpClient: No valid response has been received from manually configured peer time.windows.com,0x1 after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 240 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Here is my group policy settings for the domain controller OU..

Enable Windows NTP Client
Enabled

Configure Windows NTP Client
NtpServer: time.windows.com,0x1
Type: NTP
CrossSiteSyncFlags: 2
ResolvePeerBackoffMinutes: 15
ResolvePeerBackoffMaxTimes: 7
SpecialPollInterval: 3600
EventLogFlags: 0

Enable Windows NTP Server
Enabled

Help please!
  #2  
Old 30th August 2007, 11:44
Maebe Maebe is offline
Junior Member
Staying around
 
 Join Date: Jul 2007
  6 month star 12 month star
 Posts: 215
 Reputation: Maebe will become famous soon enough (51)
Default Re: Domain Controllers, NTP settings

I believe the second error is a result of the first.

In Windows Server 2003 and in Windows XP, W32Time frequently logs Event ID 50, and poor time synchronization occurs also covers Event ID: 47.

I'd also consider checking DNS resolution and connectivity to time.windows.com.
__________________
I don't know anything about (you or your) computers.
Research/test for yourself when listening to free advice.
  #3  
Old 30th August 2007, 14:19
Rems's Avatar
Rems Rems is offline
Moderator
 
 Join Date: Mar 2005
  6 month star 12 month star
 Location: NL
 Posts: 2,434
 Reputation: Rems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to behold (965)
Default Re: Domain Controllers, NTP settings

It is recommended to change
Type: NTP
to
Type: NT5DS
Do this on every client, member server and DCs (those that are not holding the PDC-emulator role)

By default, only the Domain Controller that is holding the rol of PDC-emulator is the authoritative time server in the domain hierarchy. All other DCs sync with that server and all other members sync with a DC.
That way you can be sure every computer in the domain has at leased the same time (wether that is the correct time or wrong time).

On the 'PDC-emulator'
The NtpServer value is a valid time server on an external net.
(we use here: ntp.xs4all.nl )
NtpServer: ntp.xs4all.nl
Type: NTP


Next thing is to allow NTP and DNS traffic in the network firewall comming from and to this DC.

\Rems
  #4  
Old 30th August 2007, 17:45
VictorL VictorL is offline
Casual
Casual
 
 Join Date: Aug 2007
  6 month star 12 month star
 Location: IL
 Posts: 23
 Reputation: VictorL is on a distinguished road (10)
Default Re: Domain Controllers, NTP settings

Hi,

I suggest not to change manually registry settings, but do it in a more correct way - for PDC run the following command

Code:
w32tm /config /syncfromflags:MANUAL  /manualpeerlist: yourexternaltimeserver
yourexternaltimeserver should be open in a FW 123/udp

for all other DCs and member servers and workstations run the following

Code:
w32tm /config /syncfromflags:DOMHIER
restart windows time service and look for the event 37 in SYSTEM log to validate successful sync.

you shouldn't set any specific GPO for time sync native OS mechanism
__________________
With best regards, Victor
  #5  
Old 30th August 2007, 20:48
ntwaddell ntwaddell is offline
Casual
Casual
 
 Join Date: May 2006
  6 month star 12 month star
 Posts: 29
 Reputation: ntwaddell is on a distinguished road (10)
Default Re: Domain Controllers, NTP settings

Ahh, so regular domain controllers should be NT5DS and the PDC should be NTP?

I was just applying the same GPO with NTP to all domain controllers.

Quote:
Originally Posted by Rems View Post
It is recommended to change
Type: NTP
to
Type: NT5DS
Do this on every client, member server and DCs (those that are not holding the PDC-emulator role)

By default, only the Domain Controller that is holding the rol of PDC-emulator is the authoritative time server in the domain hierarchy. All other DCs sync with that server and all other members sync with a DC.
That way you can be sure every computer in the domain has at leased the same time (wether that is the correct time or wrong time).

On the 'PDC-emulator'
The NtpServer value is a valid time server on an external net.
(we use here: ntp.xs4all.nl )
NtpServer: ntp.xs4all.nl
Type: NTP


Next thing is to allow NTP and DNS traffic in the network firewall comming from and to this DC.

\Rems
  #6  
Old 2nd September 2007, 00:58
Rems's Avatar
Rems Rems is offline
Moderator
 
 Join Date: Mar 2005
  6 month star 12 month star
 Location: NL
 Posts: 2,434
 Reputation: Rems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to beholdRems is a splendid one to behold (965)
Default Re: Domain Controllers, NTP settings

Quote:
Originally Posted by ntwaddell View Post
Ahh, so regular domain controllers should be NT5DS and the PDC should be NTP?.
Yes that is very recommended.
The answer is not solving you sync problem though. But more important than having the right time on a network is having the same time on all the computers. That is why you should keep an authoritative timeserver on your network.

Doing so it also isolates the sync problem you have to just one server.
On that server
- type = NTP
- erase ,0x1 after the time server
- test with other time server addresses
- check if the nessesary ports to the internet are not blokked somewhere along the line.

Don't forget to stop and restart the time service after you have made changes on the server.


\Rems
  #7  
Old 23rd October 2007, 01:53
ntwaddell ntwaddell is offline
Casual
Casual
 
 Join Date: May 2006
  6 month star 12 month star
 Posts: 29
 Reputation: ntwaddell is on a distinguished road (10)
Default Re: Domain Controllers, NTP settings

So I have two domain controllers. The PDC emulator is configured using..

ntpserver time.nist.gov
type ntp
ntp server is enabled

the other domain controller, i have tried a few things, but none have worked. so for now, its the same except NT5DS for type if i do

w32tm /monitor i get this..

gyro.lblp.local *** PDC *** [10.90.94.142]:
ICMP: 0ms delay.
NTP: +0.0000000s offset from gyro.lblp.local
RefID: 'LOCL' [76.79.67.76]
aladdin.lblp.local [10.90.94.141]:
ICMP: 0ms delay.
NTP: +0.0079997s offset from gyro.lblp.local
RefID: unspecified / unsynchronized [0.0.0.0]

Should the NTP server be disabled on the other domain controller? Should the client be configured with NT5DS?
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Too Many Domain Controllers? boondock Active Directory 1 6th February 2007 01:29
Domain Controllers gearhead Active Directory 4 22nd March 2006 15:26
Domain Controllers plawlor Windows Server 2000 / 2003 / 2003 R2 2 8th March 2006 18:47
Windows2003.User group: domain computers, domain controllers azmantek Active Directory 1 22nd July 2004 18:41
Upgraded Domain Controllers and GPs scott Active Directory 2 18th May 2004 01:37


All times are GMT +3. The time now is 18:42.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri