The NTP server didn't respond

[Guest]

Hello,

iIn my test network I have one domain controller and it’s time server (PDC).
After some time (about 1 year) time server’s clock begin to late few
minutes, so I need sync with interent time server.

Our router is sync with time server on the Internet and I tried to sync PDC
with router.

Registry key before modification on PDC was:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"LocalNTP"=dword:00000000
"Period"="SpecialSkew"
"type"="NTP"
"ntpserver"="dcServer"

After my modification, (KB216734) registry key content is :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"LocalNTP"=dword:00000001
"Period"="SpecialSkew"
"type"="NTP"
"ntpserver"="10.1.1.1 "
"Adj"=dword:0002625d
"msSkewPerDay"="-1479,0000"



But on server I have errors:

Event Type: Warning
Event Source: w32time
Event Category: None
Event ID: 11
Date: 1.6.2007
Time: 4:38:43
User: N/A
Computer: DC_Server
Description:
The NTP server didn't respond
Data:
0000: 49 27 00 00 I'..


Where I did go wrong ????

In Registry there is no keys:

ReliableTimeSource, MaxAllowedClockErrInSecs

So I couldn’ make changes for them, …


thanks for your time,

Keli

 

[Ace Fekay [MVP]]

In

Hello,

iIn my test network I have one domain controller and it's time server
(PDC). After some time (about 1 year) time server's clock begin to
late few minutes, so I need sync with interent time server.

Our router is sync with time server on the Internet and I tried to
sync PDC with router.

Registry key before modification on PDC was:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"LocalNTP"=dword:00000000
"Period"="SpecialSkew"
"type"="NTP"
"ntpserver"="dcServer"

After my modification, (KB216734) registry key content is :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"LocalNTP"=dword:00000001
"Period"="SpecialSkew"
"type"="NTP"
"ntpserver"="10.1.1.1 "
"Adj"=dword:0002625d
"msSkewPerDay"="-1479,0000"



But on server I have errors:

Event Type: Warning
Event Source: w32time
Event Category: None
Event ID: 11
Date: 1.6.2007
Time: 4:38:43
User: N/A
Computer: DC_Server
Description:
The NTP server didn't respond
Data:
0000: 49 27 00 00 I'..


Where I did go wrong ????

In Registry there is no keys:

ReliableTimeSource, MaxAllowedClockErrInSecs

So I couldn' make changes for them, .


thanks for your time,

Keli

By default, all Windows machines in a domain will automatically look for the
PDC Emulator as their time source. Even though time.windows.com shows as the
setting inthe reg, it goes gby the type=NT5DS (which means NT5 Directory
Services) which is essentially your PDC Emulator. If you changed it to NTP,
it maynot work because in reality the PDC Emulator is really not a NTP time
server.

I would leave all the windows machines alone as far as the reg. If you
already did this on all your test machines, you can create a logon script to
force the workstations to look at the PDC Emultor. Add this section in the
script or set a call for it in the main logon script:

======================
@echo off

rem Batch File Edit Date: 11/26/2006

set DOMAIN=YourDomainNetBIOSName
set TIMESVR=ServerNetBIOSName

echo *************************************************
echo.
echo WELCOME TO THE %DOMAIN% DOMAIN
echo.
echo *************************************************
echo Setting local clock
net time \\%TIMESVR% /set /y

End

=======================


As for the PDC Emulator, run these commands to set it to an external source
(assuming it is Win2003). 192.5.41.41. is one of the US Navy time sources.

net stop w32time
net time /setsntp:192.5.41.41
net start w32time



For Win2000:

net stop w32time
net time /setsntp:192.5.41.41
w32tm -once
net start w32time


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Quitting smoking is easy. I've done it a thousand times." - Mark Twain

 

[Guest]

Ace thank you for reply,

I didn't make changes to machines in domain, so registry entry for them is
NT5DS.

I did changes on my domain controllre, PDC. I am just trying to sync PDC,
Win 2000 Advenced Server, with remote time server (my router).



Actually I did what you wrote

net stop w32time
net time /setsntp:192.5.41.41
net start w32time

"only" I did it manualy , throug registry.

And as KB216734 say: ...put "type"="NTP"


?????

all weekend I have error again ... When I do:

C:\Documents and Settings\Administrator>w32tm -s
RPC to local server returned 0x0

and some articels say that is ok, but I am not sure ...


thanks again,

Keli

 

[Ace Fekay [MVP]]

In

Ace thank you for reply,

I didn't make changes to machines in domain, so registry entry for
them is NT5DS.

I did changes on my domain controllre, PDC. I am just trying to sync
PDC, Win 2000 Advenced Server, with remote time server (my router).



Actually I did what you wrote

net stop w32time
net time /setsntp:192.5.41.41
net start w32time

"only" I did it manualy , throug registry.

And as KB216734 say: ...put "type"="NTP"


?????

all weekend I have error again ... When I do:

C:\Documents and Settings\Administrator>w32tm -s
RPC to local server returned 0x0

and some articels say that is ok, but I am not sure ...


thanks again,

Keli

You didn't need to do this thru the reg. I gave you the easy method. Simply
running the commands I provided you will set in the reg. I would definitely
use 192.5.41.41 and not the router as your NTP source. It eliminates an
additional hop. Also, importantly enought, in order to allow inbound NTP
traffic, your firewall needs to allow UDP 123 to the PDC Emulator.

Ace

 

[Guest]

ok, I know, but I read article before your answer

I am cheking my network and I hope to find some solution ....


thanks Ace,


keli

 

[Paul Bergson [MVP-DS]]

Ace,
The dc's will get their time from the PDCe. Clients get their time from a
dc within their domain. I thought it was always the authenticating dc, but
can't verify that.

http://technet2.microsoft.com/windo...28f4-4272-a3d7-7f44ca50c0181033.mspx?mfr=true

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

In

Hello,

iIn my test network I have one domain controller and it's time server
(PDC). After some time (about 1 year) time server's clock begin to
late few minutes, so I need sync with interent time server.

Our router is sync with time server on the Internet and I tried to
sync PDC with router.

Registry key before modification on PDC was:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"LocalNTP"=dword:00000000
"Period"="SpecialSkew"
"type"="NTP"
"ntpserver"="dcServer"

After my modification, (KB216734) registry key content is :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"LocalNTP"=dword:00000001
"Period"="SpecialSkew"
"type"="NTP"
"ntpserver"="10.1.1.1 "
"Adj"=dword:0002625d
"msSkewPerDay"="-1479,0000"



But on server I have errors:

Event Type: Warning
Event Source: w32time
Event Category: None
Event ID: 11
Date: 1.6.2007
Time: 4:38:43
User: N/A
Computer: DC_Server
Description:
The NTP server didn't respond
Data:
0000: 49 27 00 00 I'..


Where I did go wrong ????

In Registry there is no keys:

ReliableTimeSource, MaxAllowedClockErrInSecs

So I couldn' make changes for them, .


thanks for your time,

Keli

By default, all Windows machines in a domain will automatically look for
the PDC Emulator as their time source. Even though time.windows.com shows
as the setting inthe reg, it goes gby the type=NT5DS (which means NT5
Directory Services) which is essentially your PDC Emulator. If you changed
it to NTP, it maynot work because in reality the PDC Emulator is really
not a NTP time server.

I would leave all the windows machines alone as far as the reg. If you
already did this on all your test machines, you can create a logon script
to force the workstations to look at the PDC Emultor. Add this section in
the script or set a call for it in the main logon script:

======================
@echo off

rem Batch File Edit Date: 11/26/2006

set DOMAIN=YourDomainNetBIOSName
set TIMESVR=ServerNetBIOSName

echo *************************************************
echo.
echo WELCOME TO THE %DOMAIN% DOMAIN
echo.
echo *************************************************
echo Setting local clock
net time \\%TIMESVR% /set /y

End

=======================


As for the PDC Emulator, run these commands to set it to an external
source (assuming it is Win2003). 192.5.41.41. is one of the US Navy time
sources.

net stop w32time
net time /setsntp:192.5.41.41
net start w32time



For Win2000:

net stop w32time
net time /setsntp:192.5.41.41
w32tm -once
net start w32time


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Quitting smoking is easy. I've done it a thousand times." - Mark Twain

 

[Ace Fekay [MVP]]

In

ok, I know, but I read article before your answer

I am cheking my network and I hope to find some solution ....


thanks Ace,


keli

Ok, you are welcome. If you want to set it to the router, as long as the
router is acting as an NTP server (you would need to check the documentation
for the router), the PDC Emulator should work and synch up.

Otherwise, if you like to use an external clock, like that IP I provided,
then UDP 123 will need to allowed inbound.

Let us know how you make out.

Ace

 

[Ace Fekay [MVP]]

In

ok, I know, but I read article before your answer

I am cheking my network and I hope to find some solution ....


thanks Ace,


keli

Oh, forgot one thing. If you have McAfee, or any other antivirus software on
the PDC Emulator, it may be stopping that type of traffic too. Check it out.

Ace

 

[Ace Fekay [MVP]]

In

Ace,
The dc's will get their time from the PDCe. Clients get their time
from a dc within their domain. I thought it was always the
authenticating dc, but can't verify that.

http://technet2.microsoft.com/windo...28f4-4272-a3d7-7f44ca50c0181033.mspx?mfr=true

Hi Paul,

Actually the PDC Emulator acts as the time source for clients in it's
domain. Quoted from the link above:
__________________
Domain Hierarchy-Based Synchronization
Synchronization that is based on a domain hierarchy uses Active Directory's
domain hierarchy to find a reliable source with which to synchronize time.
Based on domain hierarchy, the Windows Time service determines the accuracy
of each time server. In a Windows Server 2003 forest, the computer that
holds the primary domain controller (PDC) emulator operations master role,
located in the forest root domain, holds the position of best time source,
unless another reliable time source has been configured. The following
figure illustrates a path of time synchronization between computers in a
domain hierarchy.

__________________



Cheers!



Ace

 

[Paul Bergson [MVP-DS]]

I agree that the PDCe holds the master time service, but all clients don't
go back to the PDCe for their time.

The link below will explain what I was trying to explain much better, but
couldn't find earlier. It is for 2000 but believe this hasn't changed for
2003.

http://support.microsoft.com/?kbid=224799

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Ace Fekay [MVP]]

In

I agree that the PDCe holds the master time service, but all clients
don't go back to the PDCe for their time.

The link below will explain what I was trying to explain much better,
but couldn't find earlier. It is for 2000 but believe this hasn't
changed for 2003.

http://support.microsoft.com/?kbid=224799

I was looking for that article. Thanks. So here's the key sentence:

"All client desktops select an authenticating domain controller (the domain
controller returned by DSGetDCName()) as their time source. If this domain
controller becomes unavailable, the client re-issues its request for a
domain controller."

So it';snot the PDC but the authenticating DC and if not available, it looks
at the next closest one in the client's Site (assuming sites are configured,
if, not it takes the next one in the list of returned DCs when it runs the
DSGetDCName. In a multi domain forest, it appears the PDC Emulator of the
Forest parent becomes the ultimate time source, which should be synched
externally.

Cool! Glad you found this. Thanks!

Ace

 

[Paul Bergson [MVP-DS]]

Yup, agreed

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Ace Fekay [MVP]]

In

Yup, agreed

It's always nice to take the time to learn about time...

 

[Guest]

Hi,

I put external ntp servers as you suggest, and it worked. So problem was in
may network, mapping and policies.

After changes on that segment, I put router as ntp server and it works

(for now in test environment - I hope that it 'll work in production also ))

again, thank you Ace for your suggestions !!

Keli

 

[Ace Fekay [MVP]]

In

Hi,

I put external ntp servers as you suggest, and it worked. So problem
was in may network, mapping and policies.

After changes on that segment, I put router as ntp server and it
works

(for now in test environment - I hope that it 'll work in production
also ))

again, thank you Ace for your suggestions !!

Keli

You are welcome Keli. As you see, there isn't much to this service. It is
rather simple.

Cheers!

Ace