question

DanilSchiffers-5970 avatar image
0 Votes"
DanilSchiffers-5970 asked DanilSchiffers-5970 answered

W32tm problems can't sync with NTP server

Hello everyone,

In my domain I'm trying to sync my PDC emulator to a VM which I installed meinberg NTP on. The commands I used are:

w32tm.exe /config /syncfromflags:manual /manualpeerlist:192.168.50.108,0x8 /reliable:yes /update

and

w32tm.exe /config /update

Despite this the PDC emulator won't sync.

When I run the command: w32tm resync I get "The computer did not resync because no time data was available."
When I run the command: w32tm /query /source I still get local CMOS clock.

When I run the the same commands on the a workstation in the domain it will sync without problems. The other DC the non pdc emulator won't sync aswell.

The firewall allows port 123 in both directions and I tried turning the firewall off (lab enviroment).
I altered the default DC GPO: Time Providers -> Windows NTP client and Windows NTP server enabled.

I added the registry entries aswell.

Does anybody have an idea why my domain controllers won't sync but other workstations will?

Thanks in advance

Regards Daniël

The regedit 104304-regedit3.png104257-regedit1.png104296-regedit2.png


windows-active-directory
regedit3.png (16.8 KiB)
regedit1.png (31.7 KiB)
regedit2.png (53.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered

The PDCe is multi-homed which will always cause no end to grief for active directory. This is also the root cause for the time sync problems.

--please don't forget to upvote and Accept as answer if the reply is helpful--








5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered DanilSchiffers-5970 commented

Might try
W32TM /stripchart /computer:192.168.50.108 /samples:5


Then also drop the 0x8 as in


w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /manualpeerlist:192.168.50.108 /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration

--please don't forget to upvote and Accept as answer if the reply is helpful--



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello Patrick, thanks for your response. I tried your answer, I do get result with the W32TM /stripchart. But for some reason my DC still won't sync. I added the results.

Regards Daniël

104306-cmd1.png104335-cmd2.png


0 Votes 0 ·
cmd1.png (43.7 KiB)
cmd2.png (42.5 KiB)

Btw, The stripchart won't work while using the 0x8 parameter*


0 Votes 0 ·
DSPatrick avatar image
1 Vote"
DSPatrick answered DanilSchiffers-5970 commented

Windows time service could not be stopped
May need to reboot

I'd check that the PDCe is not using host for time source via integration services.

Also an unedited ipconfig /all of time source and PDCe may help.




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Reboot did not work.

I'm using VMWare not Hyper V. The timesync feature is disabled.

I added the ipconfig /all of the PDCe and the Time Source.104307-ipconfig-srv1.png104324-ipconfig-srv1-1.png104298-ipconfig-ntp.png



104297-timesync.png


0 Votes 0 ·
ipconfig-srv1.png (62.2 KiB)
ipconfig-srv1-1.png (32.3 KiB)
ipconfig-ntp.png (59.6 KiB)
timesync.png (2.7 KiB)
DanilSchiffers-5970 avatar image
0 Votes"
DanilSchiffers-5970 answered DanilSchiffers-5970 rolled back

Btw SRV1 is the PDCe and DESKTOP-3U**** is the time source.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DanilSchiffers-5970 avatar image
0 Votes"
DanilSchiffers-5970 answered

Okey, I use these networks for fail-over clustering. Should I add another DC which is not multi-homed and give that one all the FSMO roles?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered DanilSchiffers-5970 commented

Yes, that's correct. The domain controllers should be all on their own instance of windows without other roles.

--please don't forget to upvote and Accept as answer if the reply is helpful--


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Okey, well I'm going to try that! I'll make sure to let you know if it works and I'll mark your answer as such when it does. Thanks for all your help!

0 Votes 0 ·
DSPatrick avatar image DSPatrick DanilSchiffers-5970 ·

Sounds good, you're welcome.

0 Votes 0 ·

Okey I added another DC linked it with the time source without problems. I made that DC the PCDe and I ran the command w32tm /config /syncfromflags:domhier /update on the other DC. How do I know the other DC's sync with the PCDe? When I run the command w32tm /query /source it will still say local cmos clock.

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

Something isn't right with that. Other domain controllers should return with PDCe name. Also check the windows time service is running on PDCe. Might try resetting

w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Okey little update, nothing was really working as it should. So now I'm adding 2 new servers with the only role as DC and demote my other multihomed servers to member servers in the hope it will fix it.

0 Votes 0 ·

Sounds good.


0 Votes 0 ·
DanilSchiffers-5970 avatar image
0 Votes"
DanilSchiffers-5970 answered

Hello Dave, How are you? Last time you gave me excellent help. I wondered if you had the time to help me again with some GPO issues. I made a thread here https://docs.microsoft.com/en-us/answers/questions/547866/can39t-create-a-shortcut-using-a-gpo.html. It would be of great help to me to hear your opinion about this matter.

Thanks in advance.

Greeting Daniël

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.