question

MSAzure101 avatar image
0 Votes"
MSAzure101 asked MSAzure101 commented

Query on time changing for domain joined pcs

Hi guys, have a customer environment with 5 servers all virtualised , with maybe 150 client pcs (very small)

Servers are Windows 2019 and clients are all Windows10

Since the time change in Ireland a few months ago they have noticed the time change on client pcs

DC is virtualised, whats best GPO to run here or is there another action I can do

Thanks in advance

windows-10-generalwindows-server-2019windows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered MSAzure101 commented

See what time the domain thinks it is:

Net time /Domain:domain.name.fqdn
I found this command useful as it was reported that three computers were all set at different times. I used the domain command and the following command to query all four devices for their time nearly simultaneously.

See what time each computer says it is:

Net time \computer-name
After running the above commands, I found that one of the computers was about a minute and a half ahead of the others which were correctly pulling the domain time. It’s not enough of a difference to cause issues with Kerberos authentications but the computer is part of a fail-over system with logs that would have a hard time syncing up alarms with different timestamps.

See where the computer is pulling its time from:

W32tm /query /source
After running the above command, it returned an IP address that meant nothing to me. It was pulling its time from some other server and that was the source of the problem.

You can ask Windows for its Windows Time configuration. It’s not very informative if everything is working properly but gives you something to compare to a working computer.


Hope this information can help you
Best wishes
Vicky

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Vicky :)

0 Votes 0 ·

Hi Vicky

when I ran w32tm /query /services its coming back as VM IC Time Synchronisation Provider

Whats best practice here is it to follow the below article?

https://mikefrobbins.com/2010/05/17/active-directory-and-server-time-synchronization-problems-with-hyper-v/

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered MSAzure101 commented
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks there is a lot of information there, does anyone have first hand experience of this issue?

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered MSAzure101 commented

What issues are you having? Some general info
- All domain members should use NT5DS domain time.
- Desktops and member servers sync with any domain controller.
- Domain controllers sync with PDC emulator (one per domain)
- PDC emulator in child domain can sync with any domain controller in parent domain.
- PDC emulator in parent domain syncs with either a hardware clock or possibly an external source.
https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

--please don't forget to Accept as answer if the reply is helpful--


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks yes since the time change in Ireland\UK some users have noticed that their pcs didnt change
Will look at the thread you provided, i found something similar

A lot of the forums are saying its different when DC is virtualised just looking to find out if anyone had come across this issue in real life


Thanks again :)

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

On the problem member you can;

w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration

--please don't forget to Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.