# Clock Sync issues



## newhouse1390 (Jan 10, 2005)

> Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.


How can I correct this, I am lost.

This is from the PDC (only DC in the domain) it needs to be configured as a reliable time source and set up to sync with an external NTP.

*I did notice in the registry the NTP client is enabled, does that need to be disabled for the time sync to work?

When I set up the computer to sync with an external time source and run the "w32tm /resync" command it returns "no time data available"


ANY IDEAS!! My clocks are out of wack!!!


----------



## crazijoe (Oct 19, 2004)

The way I usually set the DC time source is through the cmd prompt.

C:\>net time /setsntp:time.windows.com

then you have to stop the time service

C:\>net stop w32time

then you have to start it back up

C:\>net start w32time

I have noticed that the time.windows.com site is not always reliable and started to use a different time server.
time.nist.gov


----------



## newhouse1390 (Jan 10, 2005)

The NTP Server has been set as <69.222.103.98>. I have followed your directions or ones similar to it. Here is a list of NTP servers however most of them are not responding to ping commands.

http://tf.nist.gov/timefreq/service/time-servers.html

Which NTP should I use?

This is the only DC in the domain, how can i initiate a time sync from the command line using the given NTP?


----------



## newhouse1390 (Jan 10, 2005)

The PDC needs to be declared an authoritative time source, which I am almost certain has already happened (all domain clients are syncing with the PDC).

So really the only thing I need to accomplish is to get the PDC syncing with an external time source.

As stated before I have followed you steps and the NTP was set, however even though the service is stopped and restarted, the clock on the PDC is not accurate (not syncing with NTP). I need to verify the accuracy of NTP <69.222.103.98>. 

What is the command for initiating the sync with the given NTP?

Thanks.


----------



## crazijoe (Oct 19, 2004)

Normally it is 

C:\>net time /setsntptime server)

I'm going to check this right now and get back to you.


----------



## crazijoe (Oct 19, 2004)

I got mine to change time servers but it's not getting the info for the site.
I'm digging into this a little more.
Maybe it's the stupid DST change that screwed this all up.


----------



## crazijoe (Oct 19, 2004)

I changed my time server to time-a.timefreq.bldrdoc.gov and it seems to be working correctly now.


----------



## newhouse1390 (Jan 10, 2005)

C:\>net time /setsntp:time-a.timefreq.bldrdoc.gov 

Does the NTP need the suffix x0x on it when doing it from the command line?

then start and stop services?

The clock should now be in sync?


----------



## crazijoe (Oct 19, 2004)

just like you typed it here. 

Should work fine.


----------



## newhouse1390 (Jan 10, 2005)

Joe,

Followed the steps, even putting the 0x1 at the end of the NTP server string (regedit).

Still the PDC clock remains out of sync. I did read the it can take up to an hour to fully sync, however that can be avoided by typing w32tm /resync when I run that it returns "No Time Data Was Available".


----------



## crazijoe (Oct 19, 2004)

What does it show in the system event logs?


----------



## newhouse1390 (Jan 10, 2005)

It shows nothing as a result of the sync failure, I see about every couple of hours the same message as seen earlier in this thread.

I am following the steps here right now.

http://support.microsoft.com/kb/929276

Let me know if you think of anything.

Thanks.


----------



## newhouse1390 (Jan 10, 2005)

This must either have something to do with a firewall or DST 2007.

What are the ports for NTP?
I don't run a local firewall, but Symantec AV server is running.

How should I open them if they were to be blocked?


----------



## newhouse1390 (Jan 10, 2005)

This is a Group Policy issue...still waiting to configure policies correctly...looks promising.


----------



## newhouse1390 (Jan 10, 2005)

The following is a GPRESULT on the DC with the error. Do these settings look correct?

FrequencyCorrectRate 4 
HoldPeriod 5 
LargePhaseOffset 1280000 
MaxAllowedPhaseOffset 300 
MaxNegPhaseCorrection 54000 
MaxPosPhaseCorrection 54000 
PhaseCorrectRate 1 
PollAdjustFactor 5 
SpikeWatchPeriod 90 
UpdateInterval 30000 
General Parameters 
AnnounceFlags 10 
EventLogFlags 2 
LocalClockDispersion 10 
MaxPollInterval 15 
MinPollInterval 10


----------



## newhouse1390 (Jan 10, 2005)

All:

This issue was resolved by configuring the group policy. The Default Domain Policy had been configured to NTP Client type "NTP" rather than "NT5DS" which was restricting every computer on the domain, inluding the server from from accessing "out of domain" time servers. 

Here is a good link describing the policies.

http://www.microsoft.com/technet/pr.../technologies/security/ws03mngd/26_s3wts.mspx

Thanks.


----------



## crazijoe (Oct 19, 2004)

Glad you got if figured out. And good info too. 
Sorry I faded off after 3PM CST. I had just gotten off work.


----------

