Time Service Sync

K

Keith

I have set the time service sync on a domain controller
using the 'net time /setsntp:sourcename' command, but it
has not updated to the coorect time on that external
source. We are still 6-7 minutes behind the time that is
coming from the external source. How can I get the DC to
refresh and start pulling the correct time from the
external source? (I am using time-a.timefreq.bldrdoc.gov
as the external source.)
 
D

David Swales

I assume you are doing a compare with an atomic clock?
If so, then something, somewhere, isn't working on your
NTP rig.
My rig:
a) Tell your firewall to be nice to TCP/UDP port 123
packets (I beleive you can get by on just UDP...never
tried).
b) Only use the external NTP source on a DC (as you have);
if there's any NAT between DC and your local loop, forward
the port.
c) On the DC, set the "LocalNTP=yes" in the registry.
d) You have correct syntax, so no worries there [I use
ntp2.usno.navy.mil].
4) Do "net stop w32time" and "net start w32time" to
immediately kick things off on your new internal NTP
server.
5) On Client boxes, do "net stop w32time", "net
time /setsntp:<your NTP server>", and finally "net start
w32time" for an immediate synch.

In the meantime, relax your Kerberos Policy for the extra
couple of minutes you are currently "out".
 
K

Keith

Tahnks for the help. Port 123 is open to send/receive.
Not sure what you mean about the NAT between the DC and
the local loop though. How would I forward a port?
I checkd the registry, LocalNTP is set to Hex=0. Is
that 'yes'?
I did stop and restart w32time, but still have the same
incorrect time.

Perhaps I do have a NAT? How can I check that?

thanks,
Keith
-----Original Message-----
I assume you are doing a compare with an atomic clock?
If so, then something, somewhere, isn't working on your
NTP rig.
My rig:
a) Tell your firewall to be nice to TCP/UDP port 123
packets (I beleive you can get by on just UDP...never
tried).
b) Only use the external NTP source on a DC (as you have);
if there's any NAT between DC and your local loop, forward
the port.
c) On the DC, set the "LocalNTP=yes" in the registry.
d) You have correct syntax, so no worries there [I use
ntp2.usno.navy.mil].
4) Do "net stop w32time" and "net start w32time" to
immediately kick things off on your new internal NTP
server.
5) On Client boxes, do "net stop w32time", "net
time /setsntp:<your NTP server>", and finally "net start
w32time" for an immediate synch.

In the meantime, relax your Kerberos Policy for the extra
couple of minutes you are currently "out".

-----
David

-----Original Message-----
I have set the time service sync on a domain controller
using the 'net time /setsntp:sourcename' command, but it
has not updated to the coorect time on that external
source. We are still 6-7 minutes behind the time that is
coming from the external source. How can I get the DC to
refresh and start pulling the correct time from the
external source? (I am using time- a.timefreq.bldrdoc.gov
as the external source.)
.
Click to expand...
.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Time Service Sync (NTP) 2
Time Service Sync (NTP) 1
Net Time Error 1
Time Sync 1
w32time error - help needed 3
Domain Controller - Time Synch error 3
W32time problem 1
W32time 2 3

Top