Results 1 to 9 of 9

Thread: Windows Time Synchronisation

  1. #1
    Senior Member
    Join Date
    Aug 2003
    Posts
    508
    Thanks
    0
    Thanked
    0 times in 0 posts

    Windows Time Synchronisation

    Does anyone on here know much about Windows Server 2003 Time Synchronisation?

    I'm trying to get my PDC emulator to sync with an external time source and, despite having configured it to do so, am still getting errors telling me that it is trying to sync with the domain hierarchy!

    If anyone thinks they can help, feel free to post advice here, or even better shout me on MSN Messenger richard.chesterton_dsl.pipex.com (replace the _ with @)

    Thanks
    Chez

  2. #2
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Have you looked at this KB:
    Your domain controller does not locate a new time source server in Windows Server 2003 (836424)

    Do you have SP1 installed?
    (There are a few fixes for the time service from 2003 RTM which should be rolled up in this.)

    PDC emulator of the root domain should be configured to use an external time source, and if it's not directly connected to the server then you may need to apply that tweak from the KB so it uses basic NTP.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Posts
    508
    Thanks
    0
    Thanked
    0 times in 0 posts
    Hi Paul

    Thanks for your reply.

    I haven't installed SP1 yet.

    I have already set the 'Type' to 'NTP' and configured my preferred NTP servers.

    I will try installing SP1.

  4. #4
    Account closed at user request
    Join Date
    Aug 2003
    Location
    Elephant watch camp
    Posts
    2,150
    Thanks
    56
    Thanked
    115 times in 103 posts
    • wasabi's system
      • Motherboard:
      • MSI B85M-G43
      • CPU:
      • i3-4130
      • Memory:
      • 8 gig DDR3 Crucial Rendition 1333 - cheap!
      • Storage:
      • 128 gig Agility 3, 240GB Corsair Force 3
      • Graphics card(s):
      • Zotac GTX 750Ti
      • PSU:
      • Silver Power SP-S460FL
      • Case:
      • Lian Li T60 testbanch
      • Operating System:
      • Win7 64bit
      • Monitor(s):
      • First F301GD Live
      • Internet:
      • Virgin cable 100 meg
    Its best to configure it in group policy in the domain controller OU.

  5. #5
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Quote Originally Posted by robertirwin
    Its best to configure it in group policy in the domain controller OU.
    Actually it's not.
    You should have exactly one time source which is the master for the entire domain, and that should get its time from an external source such as an atomic clock or an Internet source.

    By default, this master source is the PDC Emulator of the root domain, and every other machine in the domain uses "NT5DS" rather than NTP to maintain time in a manner that is more secure than (S)NTP as it's signed.

    The design of the Windows Time service is that a machine should try to sync time with its authenticating DC, and the DCs sync with the PDC Emulator for the domain - if it is a child domain then the PDC Emulator syncs with a DC in the root domain to which it has a secure channel.

    So in a standard environment you should only alter the settings on the PDC Emulator DC in the root domain, so setting a policy on the Domain Controllers OU is not the best solution.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  6. #6
    Senior Member
    Join Date
    Aug 2003
    Posts
    508
    Thanks
    0
    Thanked
    0 times in 0 posts
    Thanks Paul - that is exactly the scenario I am trying to set up...

    Unfortunately, my PDCE still won't play ball.....

  7. #7
    Senior Member
    Join Date
    Sep 2003
    Location
    Bath, Somerset, UK
    Posts
    209
    Thanks
    1
    Thanked
    1 time in 1 post
    Chez,

    What other FISMO roles are on that box, is it a GC or anything else.

    Been having time-sync funnies with our AD and if you give me some more info I may have some pointers.

    Also, be a little bit carefull about putting SP1 on your root DC/PDCE if it's a live AD, there are a few minor urggs that may bite.
    "John Willis is a toaster that talks! - It knows your name.".

  8. #8
    Senior Member
    Join Date
    Aug 2003
    Posts
    508
    Thanks
    0
    Thanked
    0 times in 0 posts
    The PDCE also holds all other FSMO roles. It is not a GC though.

    Already put SP1 on - doesn't seem to have made much difference

  9. #9
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Basic Operation of the Windows Time Service

    HOW TO: Turn On Debug Logging in the Windows Time Service

    The Windows Time service may generate event ID 7023 after you upgrade to Windows Server 2003 Service Pack 1

    Where are the messages appearing saying that the DC is trying to sync with domain hierarchy?
    Event log? Do you have event IDs?
    Any events to do with time indicate which server(s) the machine was trying to contact.

    If you enable the full debugging you should be able to see if it's failing or succeeding time syncs with the external source - I have seen messages on DCs which say that a client failed to get time due to a failed security signature, but not that the master time server is trying to use the domain as a time source...
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Trojan leaps from bogus Windows Update site
    By Steve in forum HEXUS News
    Replies: 1
    Last Post: 12-04-2005, 05:28 AM
  2. nasty windows problem...
    By JimmyBoy in forum Help! Quick Relief From Tech Headaches
    Replies: 7
    Last Post: 06-03-2005, 08:04 AM
  3. Windows XP Pro install hangs!! :( PLEASE HELP!!
    By BlueMagician in forum PC Hardware and Components
    Replies: 15
    Last Post: 12-02-2005, 08:40 PM
  4. Have you done all of your windows updates ?
    By Moby-Dick in forum General Discussion
    Replies: 33
    Last Post: 05-05-2004, 01:23 PM
  5. Windows Security Update CD
    By XTR in forum General Discussion
    Replies: 2
    Last Post: 19-02-2004, 11:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •