NTP issues 1

[timeiu79]

Noticed the other day that our 2003 PDC's time is about 5 minutes fast, and so are all of the XP clients. I did not set this up, but I've been told it's supposed to synch to US Navy time. On the PDC, I can see it's configured w/ NTP to synch to Navy time, but it is not working. The below is from event viewer:

Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 12
Date: 6/25/2008
Time: 4:45:54 PM
User: N/A
Computer: LIBDC01
Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

My thinking is this... Because our PDC is using the default group policy the same as everything else, even though it is configured for NTP, it is using the defauly policy, which is configured for NT5DS. Any ideas as to if that is the cause? How can I test that theory without throwing things out of whack? Any help is greatly appreciated. Thanks!

 

[Davetoo]

When you query for the SNTP server, is it correct? If so...watch it, see if it remains correct over a period of time. I suspect it will.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[timeiu79]

Yes, it is correct. I'll keep an eye on it and see if it stays correct. Thanks for your help!

 

[PScottC]

You should actually get a success message in your logs stating that windows is updating time from the source requested.

Description:
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp.

I suspect that the time source you are trying to pull time from is only allowing NTP version 2 or 3. Microsoft's implementation of SNTP (Simple NTP) is only compatible with version 1 time sources. I recommend that you go to

http://www.ntp.org

and pick a time source from their "stratum 2" list that provides ntp version 1.

As an alternate (and this is what I do), if you have Cisco switches or routers, have one of those devices retrieve time updates from the internet. They can retrieve time from a version 2 source and re-serve it in version 1 which windows can handle.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[Davetoo]

Both Windows 2003 and the Naval clocks are all version 3 compliant, so what he's doing should work just fine.

However...something I forgot about until PSC mentioned it is that you aren't supposed to sync up with the Naval clocks directly, but rather another stratum 2 source.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[Davetoo]

Something was bugging me about this so I went to check things out a little further.

SNTP, which is the commands we're using, are the older Windows 2000 compliant commands...which are going to be version 1. After some research, I found this KB:

http://support.microsoft.com/kb/816042

Interesting reading to say the least! Check it out.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[PScottC]

I stand corrected... According to MS, the W32Time services is NTP version 3 (RFC 1305) compliant in 2003 SP-1 and later. See the following links:
[URL unfurl="true"]http://technet2.microsoft.com/windowsserver/en/library/71e76587-28f4-4272-a3d7-7f44ca50c0181033.mspx?mfr=true[/url]
[URL unfurl="true"]http://technet2.microsoft.com/windowsserver/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true[/url]

I stand by my earlier comment though that you should get a success message in the logs of the server... Like this:
[tt]Event Type: Information
Event Source: W32Time
Event Category: None
Event ID: 37
Date: 5/17/2008
Time: 8:14:48 AM
User: N/A
Computer: MYDC1
Description:
The time provider NtpClient is currently receiving valid time data from MYDC2.domain.tld (ntp.d|172.16.1.20:123->172.16.1.21:123).[/tt]

The error you are getting suggests that you have a connectivity problem (cannot reach the time source or time source has access restrictions) or communication issues (version compatibility). The former may be likely since many time sources on the internet are requiring clients to register with them before allowing updates to take place.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[Hondy]

I previously used

http://support.microsoft.com/kb/816042

as point out by Davetoo. There are some registry settings you have to do to make it sync with an external time source, I think by default the reg is set to use an internal source.

I don't know why there is no control panel for this but there you go...

Oh and also... you have to stop and start the w32time service or nothing will happen!!