Netapp Time Sync With Domain Controller
Hello All,All of my client computers are off by 2 minutes. The domain controller has the correct time.
How can I have the clients sync up time with the DC? I verified the DC holds the PDC FSMO role.When I run w32tm /query /status on a client PC, I get this:Leap Indicator: 3(last minute has 61 seconds)Stratum: 0 (unspecified)Precision: -23 (119.209ns per tick)Root Delay: 0.0000000sRoot Dispersion: 0.0000000sReferenceId: 0x00000000 (unspecified)Last Successful Sync Time: unspecifiedSource: Local CMOS ClockPoll Interval: 10 (1024s)Is there a GPO i can enable that will tell the PCs to look at the primary DC for time instad of the CMOS?Domain Info: DCs are running Server 2016. No group policy set to sync time. No logon scripts in use. Are any of your Domain Controllers virtualized? If so, check to ensure the host isn't providing time synchronization to the domain controller.
Next, take a look at the LOGONSERVER environment variable. It should be a domain controller.
If not then the client isn't correctly talking to the domain - fix that first. Assuming it's a DC compare the time on the client and on the DC. For any non-virtualized DCs make sure the BIOS clock is correct as this can also throw off the network's time synchronization.Windows clients don't use NTP when talking to a DC.
They use WinTM, which is an older protocol. This is why your client's NTP client report shows stratum 0 - NTP isn't being used.Finally, take a look at my How-To at to ensure your domain is receiving the correct time from the internet's NTP servers. Text HKLMSYSTEMCurrentControlSetServicesW32TimeTimeProviders = VMICTimeProvideDisable the setting to synchronize the time with host machine for the VM (registry change may require restart)(Note please backup the registry before modifying any settings)10.
Once that is done you may configure the registry setting for time on the PDC and the Additional domain controllers as follows:-For PDC on all the domains:1. Change the server type to NTP.
To do this, follow these steps:a. Click Start, click Run, type regedit, and then click OK.b. Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeParametersTypec. In the right pane, right-click Type, and then click Modify.d. In Edit Value, type NTP in the Value data box, and then click OK.1. Set AnnounceFlags to 5.
To do this, follow these steps:a. Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeConfigAnnounceFlagsb. In the right pane, right-click AnnounceFlags, and then click Modify.c. In Edit DWORD Value, type 5 in the Value data box, and then click OK.1. Enable NTPServer.
To do this, follow these steps:a. Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpServerb. In the right pane, right-click Enabled, and then click Modify.c. In Edit DWORD Value, type 1 in the Value data box, and then click OK.1. Specify the time sources. To do this, follow these steps:a.
Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeParametersb. In the right pane, right-click NtpServer, and then click Modify.c. In Edit Value, type pool.ntp.org,0x1 in the Value data box, and then click OK. (you may use any external NTP server for this you may require the UDP port 123 to be open).For other DC’s that are not a PDC.
On DCs with FSMO role or even if any DC doesn’t have the FSMO role:Change the server type to NT5DS. To do this, follow these steps:e. Click Start, click Run, type regedit, and then click OK.f. Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeParametersTypeg.
In the right pane, right-click Type, and then click Modify.h. In Edit Value, type NT5DS in the Value data box, and then click OK.Set AnnounceFlags to 10. To do this, follow these steps:d. Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeConfigAnnounceFlagse. In the right pane, right-click AnnounceFlags, and then click Modify.f. In Edit DWORD Value, type 10 in the Value data box, and then click OK.
(This would be a decimal value)Later after updating the settings. Please run the following commands in the command prompt on all servers where we did the necessary changes:Via registryNet stop w32timeNet start w32timeW32tm /resync /rediscoverTo check the time configurationw32tm /query /configurationCommand configurationOn PDCw32tm /config /manualpeerlist:'pool.ntp.org,0x1' /syncfromflags:manual /reliable:yes /updatew32tm /config /updatenet stop w32time && net start w32timew32tm /resyncon dcw32tm /config /syncfromflags:domhier /update. Text HKLMSYSTEMCurrentControlSetServicesW32TimeTimeProviders = VMICTimeProvideDisable the setting to synchronize the time with host machine for the VM (registry change may require restart)(Note please backup the registry before modifying any settings)10. Once that is done you may configure the registry setting for time on the PDC and the Additional domain controllers as follows:-For PDC on all the domains:1.
Change the server type to NTP. To do this, follow these steps:a. Click Start, click Run, type regedit, and then click OK.b.
Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeParametersTypec. In the right pane, right-click Type, and then click Modify.d. In Edit Value, type NTP in the Value data box, and then click OK.1. Set AnnounceFlags to 5. To do this, follow these steps:a. Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeConfigAnnounceFlagsb.
Sync All Domain Controllers
In the right pane, right-click AnnounceFlags, and then click Modify.c. In Edit DWORD Value, type 5 in the Value data box, and then click OK.1. Enable NTPServer.
To do this, follow these steps:a. Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpServerb.
In the right pane, right-click Enabled, and then click Modify.c. In Edit DWORD Value, type 1 in the Value data box, and then click OK.1. Specify the time sources. To do this, follow these steps:a. Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeParametersb. In the right pane, right-click NtpServer, and then click Modify.c. In Edit Value, type pool.ntp.org,0x1 in the Value data box, and then click OK.
(you may use any external NTP server for this you may require the UDP port 123 to be open).For other DC’s that are not a PDC. On DCs with FSMO role or even if any DC doesn’t have the FSMO role:Change the server type to NT5DS. To do this, follow these steps:e.
Click Start, click Run, type regedit, and then click OK.f. Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeParametersTypeg. In the right pane, right-click Type, and then click Modify.h. In Edit Value, type NT5DS in the Value data box, and then click OK.Set AnnounceFlags to 10. To do this, follow these steps:d. Locate and then click the following registry subkey:HKEYLOCALMACHINESYSTEMCurrentControlSetServicesW32TimeConfigAnnounceFlagse. In the right pane, right-click AnnounceFlags, and then click Modify.f.
In Edit DWORD Value, type 10 in the Value data box, and then click OK. (This would be a decimal value)Later after updating the settings.
Please run the following commands in the command prompt on all servers where we did the necessary changes:Via registryNet stop w32timeNet start w32timeW32tm /resync /rediscoverTo check the time configurationw32tm /query /configurationCommand configurationOn PDCw32tm /config /manualpeerlist:'pool.ntp.org,0x1' /syncfromflags:manual /reliable:yes /updatew32tm /config /updatenet stop w32time && net start w32timew32tm /resyncon dcw32tm /config /syncfromflags:domhier /updateDon't use this if you can use Group Policy. Otherwise it's good for workgroup situations.
Attention, Internet Explorer UserAnnouncement: VMware Communities has discontinued support for Internet Explorer 7 and below.In order to provide the best platform for continued innovation, VMware Communities no longer supports Internet Explorer 7.VMware Communities will not function with this version of Internet Explorer. Please consider upgrading to Internet Explorer 8, 9, or 10, or trying another browser such as Firefox, Safari, or Google Chrome.(Please remember to honor your company's IT policies before installing new software!).