Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is changing the system time and synchronizing it the same thing? 1

Status
Not open for further replies.
gmail2

gmail2

Programmer
Jun 15, 2005
987
IE
Just today we had some users who coudldn't access any shared drives on the domain. If I tried synchronizing the time (even logged in as local admin) I got an error saying access denied. I then discovered that if I double clicked the time, I get the same message saying access denied.

when I checked the local polciy on the PC, the "Change the system time" polciy setting had a SID instead of an actual account. If I changed this Administrators, restarted the PC and then done w32tm /resync everything was fine again (I logged in as domain admin afterwards). I checked all our domain policies and none of them had this setting defined, so I have 2 questions:

1. If something is defined in local policy and is not defined on any domain policies which could overwrite it, does that mean that the setting is "defined" - ie enforced

2. Is synchronizing the system time and changing it the same thing? Obviously we never synchronize the system time manually, this happens automatically. So why didn't it keep doing this. Why did I have to do this manually? Also, the time on the server and the clients appeared to be the same. From what I understand, they would need to be 5 minutes out of sync before they would cause any problems.

Thanks in advance for any help anybody can give me.

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
 
Sort by date Sort by votes
1. Yes. If there is no Domain policy to overwrite a local policy and the local policy is defined it is applied.

2. No, setting the time is just that where a sync is your workstation getting the time from an authoritative source. Make sure you have UDP port 123 open on your firewall for the SNTP protocol to be able to work properly.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
OK thanks for that. I suspected that was the case with GPO but just wanted to double check. I have one PC now which the above procedure did not work for - for some reason the time doesn't sync, it says there's no time data availab.e If I do w32tm /monitor it says
GetDcList failed with errro code: 0x80070057
Exiting with error 0x80070057

If I set the PDCEmulator as the ntp source explicitly (ie net time /setsntp:<PDCE_IP_ADDRESS> and then restart the service and sync, it works fine. But when I change it back to setsntp: without any explicit ntp server (so it should go to the PDCE then anyway) it doesn't find any the NTP server for some reason. Why is this do you think?

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
 
Upvote 0 Downvote
Probably a DNS issue.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Yea I solved that one by just re-joining the domain - not the best way but when time is against you I guess you have to fall back to what you know will work !!

Anyway, I'm working on another one now. I done all of the above EXCEPT change the local policy for Change the System Time. w32tm /monitor returns the PDCEmulator so everything seems fine.

But my main concern now is, why did the time sync suddenly stop working? Admittedly, the local polciy was slighty corrutp, but like you said - this only applies to manually changing the time, synchronizing it doesn't require any user privileges because the windows time service doesn't run as the user. There aren't any DNS problems - DNS server is up and running fine. Any other ideas what might have caused this?

Thanks for your help

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
 
Upvote 0 Downvote
The local policy having security issues could very well be your root cause.

Now that youhave resolved that I would just check it over time to see if you still have a problem.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
I'm still a little confused how the local polciy could have affected it - although admittedly it does seem to be the case here. But the windows time service runas as the local system account, so why would it matter if admins didn't have the right to change the system time?

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
 
Upvote 0 Downvote
I think that because the ACLS were messed up the service was freezing on you and not letting the system sync.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
930
Ign3us
Ign3us
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
2K
Flinx
Flinx
Flinx
  • Locked
  • Question
backup fails with error code 0x81000019 and possible fix 1
Replies
5
Views
2K
Flinx
Flinx
jjjthird333
  • Locked
  • Question
rename a doamin computer when it is offline?
Replies
3
Views
489
goombawaho
goombawaho
pmonett
  • Locked
  • Question
What is this now ? 1
Replies
8
Views
1K
pmonett
pmonett

Part and Inventory Search

Sponsor

Back
Top