question

RamanjaneyuluButharaju-8253 avatar image
0 Votes"
RamanjaneyuluButharaju-8253 asked DSPatrick commented

NTP time sync issues

Hello All,

we have NTP server which is windows 10 installed and in registry settings we configured NTP server (10.10.10.10) to get time source from external time source.
It is working fine.

In AD, We have written GPO, across the domain all the devices should sync with NTP server.

NTP server :
C:\Windows\system32>w32tm /resync
Sending resync command to local computer
Successfull


ADC server :
C:\Windows\system32>w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.


Unable to find solution. Please help

windows-serverwindows-active-directorywindows-10-networkwindows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

But i want devices to get the time from NTP server itself.

This isn't a recommended or supported method.

w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /manualpeerlist:<ntp ip address> /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration



--please don't forget to upvote and Accept as answer if the reply is helpful--








5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RamanjaneyuluButharaju-8253 avatar image
0 Votes"
RamanjaneyuluButharaju-8253 answered DSPatrick commented

Ok Thanks.
I will reconfigure and update.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sounds good, you're welcome.


0 Votes 0 ·
RamanjaneyuluButharaju-8253 avatar image
0 Votes"
RamanjaneyuluButharaju-8253 answered DSPatrick edited

So Which is recommended method ?

Internal NTP server sync with External time servers

AD sync with NTP server

Domain computers sync with AD server ?


Domain computers > AD > NTP server > External time servers


???

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So Which is recommended method ?

--please don't forget to upvote and Accept as answer if the reply is helpful--






0 Votes 0 ·

On PDC emulator


w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /manualpeerlist:<ntp ip address> /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration
https://tf.nist.gov/tf-cgi/servers.cgi

on all other members and domain controllers

w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration







1 Vote 1 ·
RamanjaneyuluButharaju-8253 avatar image
0 Votes"
RamanjaneyuluButharaju-8253 answered

I have set my GPO to use NTP server for time synchronization all devices including domain controllers.

If we set "NT5DS" it means it should get the time from DC right ??
But i want devices to get the time from NTP server itself.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

Something here may help.
https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings
https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/how-the-windows-time-service-works

Some general info
- All domain members should use NT5DS domain time.
- Desktops and member servers sync with any domain controller.
- Domain controllers sync with PDC emulator (one per domain)
- PDC emulator in child domain can sync with any domain controller in parent domain.
- PDC emulator in parent domain syncs with either a hardware clock or possibly an external source.
https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/


--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.