Windows 2019 NTP not syncing

Daniel_Support 1 Reputation point
2021-06-14T15:24:13.427+00:00

We are unable to get the server to use the NTP time and falls back to CMOS time. I'm 23 seconds off but the company has moved to online banking and exact time sync is a base requirement. This implementation is on hold as well as the company's banking ability. This new environment was implemented to handle the banking system.

I opened a support ticket a week ago and support has spent about 8 hours connected to the server and a number of hours on phone support.

I'm reaching out to the community to see if I can get some suggestions.

This is a small single server environment.

  • One HP ML350 server with Window 2019 STD,
  • HP switch,
  • Sonicwall firewall

System process

  • VoIP
  • Wireless
  • Accounting software
  • Banking software
  • VPN

Current Test results
(See dump below)

Actions I have executed
Used a couple of NTP test programs with good results
Reviewed Switch and firewall to verify rules
Ran packet scans from both the server and firewall - This is a copy of the file sent to MS but lost the screen shot with this editor

MS Support has run through a number of steps

  • I setup GPO time sync - Support removed these setting to registry defined
  • MS Requested Actions
  • I install BDC server - Done installed 2016 BDC server - NTP time good on this server - Hyper_V based
  • CMOS patched
  • Waiting 3 days for MS response

What I'm seeing is that the third party NTP test tools are good with verification of the packets through the firewall

Using w32tm /stripchart /computer:time.google.com we are getting good results with verification of the packets through the firewall

Using w32tm /resync we get BAD results and only see packets on the Server using the Microsoft packet monitor

No changes were made to any device or the setting on either packet monitor between each command

There is a lot more done and tested and I'll try to expand with any questions from the community

Workaround option - looking for opinions
Make the Windows 2016 BDC primary?

Thanks
Dan

WCC-AD01 -- After WCC-AD02 BDC installed

C:\Users\Administrator>
C:\Users\Administrator>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -23 (119.209ns per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source name: "LOCL")
Last Successful Sync Time: 6/12/2021 11:11:34 AM
Source: Local CMOS Clock
Poll Interval: 6 (64s)

C:\Users\Administrator>w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)

[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\SYSTEM32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 1024 (Local)
Type: NTP (Local)
NtpServer: time.windows.com,0x8 time.nist.gov,0x8 pool.ntp.org,0x8 (Local)

NtpServer (Local)
DllName: C:\Windows\SYSTEM32\w32time.DLL (Local)
Enabled: 0 (Local)
InputProvider: 0 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 0 (Local)
InputProvider: 1 (Local)

C:\Users\Administrator>w32tm /query /peers

Peers: 6

Peer: pool.ntp.org,0x8
State: Active
Time Remaining: 7.2995920s
Mode: 3 (Client)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 6 (64s)

Peer: pool.ntp.org,0x8
State: Active
Time Remaining: 7.3152472s
Mode: 3 (Client)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 6 (64s)

Peer: pool.ntp.org,0x8
State: Active
Time Remaining: 7.3308100s
Mode: 3 (Client)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 6 (64s)

Peer: pool.ntp.org,0x8
State: Active
Time Remaining: 7.3463862s
Mode: 3 (Client)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 6 (64s)

Peer: time.nist.gov,0x8
State: Active
Time Remaining: 7.3620702s
Mode: 3 (Client)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 6 (64s)

Peer: time.windows.com,0x8
State: Active
Time Remaining: 7.3776937s
Mode: 3 (Client)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 6 (64s)

C:\Users\Administrator>w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.

C:\Users\Administrator>w32tm /stripchart /computer:time.google.com
Tracking time.google.com [216.239.35.8:123].
The current time is 6/12/2021 11:12:58 AM.
11:12:58, d:+00.0284005s o:+24.0492718s [ | @]
11:13:00, d:+00.0242894s o:+24.0498287s [ | @]
11:13:02, d:+00.0236041s o:+24.0494866s [ | @]
11:13:04, d:+00.0270472s o:+24.0504955s [ | @]
11:13:06, d:+00.0236929s o:+24.0492093s [ | @]
^C
C:\Users\Administrator>

WCC-AD01 -- After WCC-AD02 BDC installed

Summary:

This is a test of 3 different NTP processes
• Microsoft w32tm using
o w32tm /resync command
• Microsoft w32tm using
o w32tm /stripchart /computer:time.google.com command
• Galleon NTP Check tool

We capture packets in two devices
• SonicWall firewall
o Using Sonicwall packet monitor
• Server
o Using Microsoft packet monitor

Results showed that two methods produced good results with packet captures on both monitors to validate traffic and good results by the tools

The third method “w32tm /resync command” failed in the captures and the results


Galleon NTP Check tool
Program Results – Good Packets seen at each capture and results returned to the tool

SonicWall Firewall Packet monitor

Microsoft Network Monitor

817 8:58:41 AM 6/8/2021 4.9129865 192.168.1.20 216.239.35.0 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:2, IPv4:1}

823 8:58:41 AM 6/8/2021 4.9557845 216.239.35.0 192.168.1.20 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:2, IPv4:1}

931 8:58:43 AM 6/8/2021 7.3931930 192.168.1.20 216.239.35.0 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:3, IPv4:1}
933 8:58:43 AM 6/8/2021 7.4348819 216.239.35.0 192.168.1.20 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:3, IPv4:1} 
W32tm /resync
Program Results –
• Failed Shows sending packet but no return packets
• Packet did not show on firewall

C:\Users\Administrator>w32tm /resync command
'ow32tm' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Administrator>
C:\Users\Administrator>w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.

C:\Users\Administrator>w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.

Microsoft Network Monitor
551 11:52:29 AM 6/8/2021 20.8355028 192.168.1.20 162.248.241.94 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:39, IPv4:38}

559 11:52:29 AM 6/8/2021 20.8817437 192.168.1.20 38.229.58.9 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:44, IPv4:43}

564 11:52:29 AM 6/8/2021 20.8910869 192.168.1.20 68.54.100.49 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:46, IPv4:45}

565 11:52:29 AM 6/8/2021 20.8911644 192.168.1.20 38.229.71.1 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:21, IPv4:20}

570 11:52:29 AM 6/8/2021 20.9533228 192.168.1.20 204.2.134.163 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:88, IPv4:87}

573 11:52:29 AM 6/8/2021 21.0001628 192.168.1.20 185.216.231.116 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:323, IPv4:322}

574 11:52:29 AM 6/8/2021 21.0002410 192.168.1.20 64.62.190.177 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:48, IPv4:47}

575 11:52:29 AM 6/8/2021 21.0003019 192.168.1.20 149.28.114.150 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:50, IPv4:49}

576 11:52:29 AM 6/8/2021 21.0782785 192.168.1.20 138.236.128.36 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:264, IPv4:263}
577 11:52:29 AM 6/8/2021 21.1251693 192.168.1.20 64.79.100.196 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:52, IPv4:51}
578 11:52:29 AM 6/8/2021 21.1252419 192.168.1.20 108.61.73.244 SNTP SNTP:Common stub parser. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading this parser set. {UDP:317, IPv4:316}

SonicWall Packet Monitor
No Packet captured

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,480 questions

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fan Fan 15,301 Reputation points Microsoft Vendor
    2021-06-14T23:50:58.667+00:00

    Hi,
    It will be helpful to narrow down the issue if you can help to collect the following information.

    How many DCs do you have, and which one is the PDC?
    Now the issue is that one domain member client can't synchronize time with the external time source, right?
    Are all the DCs physical server?
    If any of the DCs are virtual machine, remember to Disable time synchronization with the host.

    Best Regards,

    0 comments
  2. Daniel_Support 1 Reputation point
    2021-06-15T03:34:16.173+00:00

    Thanks for responding

    Here is the answers to your questions. Contact if I missed something or did not understand the question correctly

    How many DCs do you have, and which one is the PDC?

    The environment started with one DC (2019 STD). New environment about 2 months old. MS had me install a BDC to fix the issue. Installed a 2016 STD server configured as a BDC running in Hyper-V environment last Friday 6/11.

    Now the issue is that one domain member client can't synchronize time with the external time source, right?

    The 2019 PDC server (WCC-AD01) can not sync with external source and fail backs to the CMOS clock. The newer 2016 BDC server (WCC-AD02) is able to sync with external time sources.

    The 2019 server is a gateway to the banking destination and uses the time defined on the 2019 server to match the bank when communicating

    Are all the DCs physical server?

    The PDC 2019 STD server (WCC-AD01) is on new HP hardware and is unable to set eternal time. MS had me patch the BIOS with no effect.
    The BDC 2016 STD server (WCC-AD02) is defined via Hyper-V on the 2019 server and is able to get external time

    If any of the DCs are virtual machine, remember to Disable time synchronization with the host.

    Did not set this but the VM is not getting the time from the host.

    It difficult to define the exact cause. Monitoring the packet flow on the server and firewall I see correct packet flow and results on the application on the third party NTP time tool and w32tm /stripchart /computer:time.google.com command

    The w32tm /resync command fails and packets are not seen on the firewall

    C:\Users\Administrator>w32tm /resync
    Sending resync command to local computer
    The computer did not resync because no time data was available.

    All commands and the packet monitors are refreshed after each run and used the same command window. All parameter are keep the same for each test. While I don't have enough knowledge to back my thought but it appears that there is a problem with w32tm as it works with option to get the eternal time but fails when the option is to get and write the time to the system.

    I need to either resolve or get a workaround. The company has banking down for a week now and MS is not responding to my emails 4 days now, won't escalate the ticket and not responding to actions they were going to provide.

    I'm going move the PDC from the 2019 server to the 2016 server tonight to get it to provide time to the 2019 server. Not sure if it will work but I can't wait MS.

    Any input would be very welcome. Even just a conversation help discuss ideas

    Thanks again for your response and looking forward to your feedback

    Dan

  3. Daniel_Support 1 Reputation point
    2021-06-15T15:35:06.947+00:00

    I appreciate your help

    The parameter below was different.
    MS has spent about 8 hours connected to this server and back and forth with reg changes

    Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
    Key Name: NtpServer
    Type: REG_SZ(String Value)
    Data: Peers (time.windows.com,0x8 time.nist.gov,0x8 pool.ntp.org,0x8 )

    I changed to your setting and tested with bad results.

    I need to get the correct time on the 2019 server so will this work to make the 2016 the PDC and have the 2019 get time from the 2016 server? Correct me if I'm off track or missed something

    Since opening the ticket with MS, I have installed the 2016 BDC, Last night I setup and confirms DNS sync and moved the FSMO role to the 2016 server.

    I should be able to turn on the Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpServer on the 2016 server

    Set the 2019 server to use NT5DS or NTP from the 2016 server

    Thanks for your help

    Dan

  4. Dave Patrick 426.1K Reputation points MVP
    2021-06-16T12:09:36.823+00:00

    Some general info

    On the PDCe

    w32tm /unregister
    net stop w32time
    w32tm /register
    net start w32time
    w32tm /config /manualpeerlist:<ntp ip address> /syncfromflags:manual /reliable:yes /update
    net stop w32time
    net start w32time
    then check
    w32tm /query /source
    w32tm /query /configuration

    0 comments
  5. Dave Patrick 426.1K Reputation points MVP
    2021-06-21T12:20:36.507+00:00

    Just checking if there's any progress or updates?

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments