After migrating domain controllers on ESX environment (-:, ps: I have tried to convince for hyperV but did not worked out in this one.) we saw time on the domain controllers were off and made some adjustment to make PDC happy. I wanted to share here what we have done to fix the issue.
if you are not familiar with time service on the PDC emulator I recommend start reading it from Ace Fekay’s blog ( AD MVP ) excellent & well written article.
My issue started as “outlook is sending e-mails , 6hr behind the current time”
I think in the process of thinking locally, Outlook is a software installed on a workstation OS ( winXP, Vista, Win7 etc) and it reads time from OS itself
Workstation OS ( client PC’s) is talking to domain controller they authenticated against. The domain controllers gets their time (Sync) from PDC emulator ( domain controller holds the PDC emulator role) and finally PDC gets ( should configured to external time source) its time from external time source.
- Outlook----sync------> Work Station OS----sync----->DC
- DC----sync--------> PDC
- PDC-------sync------>External Time source.
Ok now back to the issue, how to configure PDC to sync its time from external time server? here is everything you need to know or do to make it work, KB816042
After you make this changes the PDC register will like this
W32Time configures the list of time sources through the following key
- HKEY_LOCAL_MACHINE
- SYSTEM\CurrentControlSet
- Services
- W32Time
- Parameters
- NtpServer
| time.windows.com,0x01 time.nist.gov,0x01 |
Click here to download reg file which will do this for you automatically
Flag means
| 0x01 | SpecialInterval |
| 0x02 | UseAsFallbackOnly |
| 0x03 | SymmatricActive |
| 0x04 | Client |
For troubleshooting only
Debug log file timelog.txt to be written locally as the Windows Time service interacts with the system
| w32tm /debug /enable /file:C:logstimelog.txt /size:100000 /entries:0-300 |
Stop the debug
w32tm /debug /disable |
To see what time server your PDC is talking too (vmdc01 is the name of the PDC in this example change it accordingly
| net time \\PDCname /QuerySNMP |
After making changes to stop and re-start the W32Time
net stop w32time && net start w32time |
http://support.microsoft.com/kb/816042
if you are getting fallowing your DC’s are not replicating
There is a time difference between the Client and Server , The DC time might be off more than 5 min which will make the replication wont work properly.
NET TIME /DOMAIN:DOMAIN /SET /Y |
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog
Http://telnet25.spaces.live.com (Blog)
1 comment:
Is there any handy tool for set NTP settings on DC instead of commands.
Post a Comment