question

mark398 avatar image
0 Votes"
mark398 asked mark398 answered

NTP Sync Issue

Hello all,

I have 2 DCs "2019" i configured the primary DC "holding PDC" as NTP server by running the following commands:

w32tm /config /manualpeerlist:dc1.com,0x8 /syncfromflags:manual /reliable:yes /update

Then i run: The command completed successfully.

C:\Users\Administrator>w32tm /resync /rediscover
Sending resync command to local computer
The command completed successfully.

C:\Users\Administrator>net stop w32time && net start w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

The Windows Time service is starting.
The Windows Time service was started successfully.


Then i run: w32tm /query /source
dc1.com.local,0x8

C:\Users\Administrator>w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 1024 (Local)
Type: NTP (Local)
NtpServer: dc1.com,0x8 (Local)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)

The issue is not all servers getting the time from dc1 "NTP server". for example:

88633-image.png



What else can i do to fix this issue.

Thank you

windows-serverwindows-active-directory
image.png (67.1 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @HamoudaAlbakri-3924,
I'm just following up to make sure you received my last reply and that my answers properly address your questions. If you have any further questions or concerns about this post, please let us know.

Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.



0 Votes 0 ·
mark398 avatar image
0 Votes"
mark398 answered

Did not work unfortunately. it keeps taking server battery. It worked after i applied the solution on the following article:

https://theitbros.com/configure-ntp-time-sync-group-policy/

it worked only via group policy NOT CMD by adding :

us.pool.ntp.org,0x1 1.us.pool.ntp.org,0x1 2.us.pool.ntp.org,0x1 3.us.pool.ntp.org,0x1;

89847-image.png

89932-image.png

then followed mentioned steps on the article.

Thank you



image.png (80.5 KiB)
image.png (47.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

mark398 avatar image
0 Votes"
mark398 answered

All our server are VMs "including DCs"

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Seems a little odd pointing the PDC emulator to another domain controller (dc1)? In this case using NT5DS may be more apropriate.

Some general info
- All domain members should use NT5DS domain time.
- Desktops and member servers sync with any domain controller.
- Domain controllers sync with PDC emulator (one per domain)
- PDC emulator in child domain can sync with any domain controller in parent domain.
- PDC emulator in parent domain syncs with either a hardware clock or possibly an external source.
https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

--please don't forget to Accept as answer if the reply is helpful--






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

mark398 avatar image
0 Votes"
mark398 answered

DC1 is the primary domain controller "PDC". some servers pointing to it, others not

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Then I guess it sounds like you're trying to point the "PDC" to itself? Generally you'll want the PDC emulator to point to an external NTP source.
https://tf.nist.gov/tf-cgi/servers.cgi

https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

--please don't forget to Accept as answer if the reply is helpful--






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

mark398 avatar image
0 Votes"
mark398 answered

Yes, im trying to make all servers and PCs pointing to the PDC as NTP server, and the same time PDC to pint to it self. but i believe you mean PDC must pointing to external time source. Should i select any time source mentioned on https://tf.nist.gov/tf-cgi/servers.cgi ? or following
https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory will be enough?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Yes, I'd point the PDC to an external source. Then other domain controllers will get time from PDCe (via NT5DS) , other member servers and desktops will get time from any domain controller also via NT5DS.

--please don't forget to Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

mark398 avatar image
0 Votes"
mark398 answered

I found tools for NTP, can i use it or should i stick with w32tm.exe command-line utility

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Hard to say about tools with no info. I always do it manually via w32tm since it is rather simple to do.

--please don't forget to Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Any progress or updates?

--please don't forget to Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.