Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sync with NIST

Status
Not open for further replies.
mrjaak

mrjaak

IS-IT--Management
Nov 8, 2007
2
US
I have a Windows 2000 domain. I setup the PDC to sync to a NIST time server. Everything looks correctly set in the registry but the clocks are still 20 seconds behind. Here is my registry settings.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

(Default) REG_SZ (value not set)
LocalNTP REG_DWORD 0x00000001 (1)
MaxAllowedClockErrInSecs Reg_DWORD 0x0000000005 (5)
NtpServer Reg_SZ nist1-sj.WiTime.net
Period REG_SZ 720
ReliableTimeSource REG_DWORD 0x000000001 (1)
type REG_SZ NTP


Can somebody tell me why I am 20 seconds behind or how to fix the problem?
 
Sort by date Sort by votes
Well, for starters your PC clock will drift over time, which will require it to re-sync with the NTP server.

Secondly, which clocks are off? Clocks on domain controllers, member servers, or client PCs? If you are in a domain environment then all members will get their time (directly or indirectly) from the server that has the PDC Emulator role (unless you've messed with FSMO roles, it should be the first DC in the domain). So depending on what in synching with NIST, and when it's doing it, and where you're seeing the time gap, there could be a 20 second discrepancy.

Finally, Windows doesn't just "reset the clock" for a time sync unless it's more than a few minutes off. If it's only a minute or two off then it will slow down or speed up the clock on the PC and gradually bring the PC into sync with the NTP source. Only in cases where there are significant time differences would you see the clock getting completely reset, because large time differences can break Kerberos authentication.
 
Upvote 0 Downvote
mrjaak,
if it's the clients or other servers that are off from the PDC then you can just do this:
set up a .bat file with:
Code: 
net time \\yourpdcservername /set /y
put the .bat file on all pcs / servers that need it.
put it in scheduled tasks to run every, 10 or 15 minutes.
regards,
longhair
 
Upvote 0 Downvote
I solved the problem. The time was off on the domain controllers and since all the members look to it for time they were off too. The settings I listed above set the PDC as the autoritative time server but I was missing a couple keys. I was missing two registry keys that allow the time service to change the time when it detects that it is off.

They are:

MaxPosPhaseCorrection
MaxNegPhaseCorrection

Here are my current settings that work.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"LocalNTP"=dword:00000001
"Period"="24"
"type"="NTP"
"ReliableTimeSource"=dword:00000001
"NtpServer"="nist1-sj.WiTime.net"
"MaxAllowedClockErrInSecs"=dword:00000005
"MaxNegPhaseCorrection"=dword:00000000
"MaxPosPhaseCorrection"=dword:00000000

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
974
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
575
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
293
DrB0b
DrB0b
Scparks
  • Locked
  • Question
Trouble with setting up a SMTP Relay to Office 365
Replies
0
Views
181
Scparks
Scparks
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
187
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top