Share via

Active Directory Time sync issue

Manfred Meng 0 Reputation points
2023-08-16T06:50:11.4566667+00:00

we have some DCs running , all of them are virtual, I disabled the time sync from esxi.

And the DC cannot sync time from PDC, I searched many online resources, and I tried many solutions, and I believe all of them cannot help

I did time sync debug and got below key error log

154358 02:10:53.7894137s - Resolving domain peer

154358 02:10:53.7894137s - NetLogonGetTimeServiceParentDomain dwErr = 1355 netlogonbits = 576.

154358 02:10:53.7894137s - Retrying resolution for domain hierarchy. Retry 1 will be in 15 minutes.

154358 02:10:53.7894137s - PeerPollingThread: PeerListUpdated

154358 02:10:53.7894137s - Logging warning: NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in ꮰ鍥翺 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

154358 02:10:53.7894137s - Logging error: NtpClient has been configured to acquire time from one or more time sources, however none of the sources are currently accessible and no attempt to contact a source will be made for 15 minutes. NTPCLIENT HAS NO SOURCE OF ACCURATE TIME.

the question is, what is 'netlogonbits = 576.', and why cannot those DCs 'Resolving domain peer' ? This domain has no error of sync, sysvol , and it is the root domain of the forest

If you need more info, I will show you

Windows for business | Windows Client for IT Pros | Directory services | Active Directory

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-08-16T14:46:02.5566667+00:00

    And the DC cannot sync time from PDC

    Might try resetting;

    w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update  
net stop w32time
net start w32time

    then check

    w32tm /query /source
w32tm /query /configuration

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. Anonymous
    2023-08-17T01:45:30.88+00:00

    Hello Manfred Meng,

    Thank you for posting in our Q&A forum.

    Firstly, we need to configure the primary domain controller with a reliable external time source.

    First of all, we need to ensure the following two things:

    1. Make sure the UPD 123 port is open.
    2. On the PDC, we can ping the external time source (that is, the IP address of the server where the external time source is located).

    Secondly, we can try the following method to configure the external time source by modifying the registry on the PDC, as follows:

    1.PDC declares itself an NTP server:

    Path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeConfig

    Key Name: AnnounceFlags

    Type: REG_DWORD (DWORD Value )

    Data: 0x5

    2.Change the server type to NTP:

    Path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeParametersType

    Key Name: Type

    Type: REG_SZ(String Value)

    Data: NTP

    3.Enable the NTP server:

    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpServer

    Key Name: Enabled

    Type: REG_DWORD

    Data: 1

    4.Specify which server to act as the NTP server:

    Path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeParameters

    Key Name: NtpServer

    Type: REG_SZ(String Value)

    Data: Peers (such as: server.time.edu.cn, 0x9)

    5.Only our PDC machine is a virtual machine, we need to set this registry. Because your PDC is also a VM, you should set this registry.

    HLMSYSTEMCurrentControlSetservicesw32timeTimeProvidersVMICTimeProvider

    Name: Enabled

    Type: REG_DWORD

    Data:0

    6.For other registry settings, just keep the defaults and close the Registry Editor. Use the command (net stop w32time && net start w32time) to restart the time service for the above configuration to take effect.

    Reference:

    How to configure an authoritative time server in Windows Server

    https://support.microsoft.com/zh-cn/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server

    Thirdly, configure time settings on non-PDC machines.
    ===other DCs & Clients===

    Path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeParametersType

    Key Name: Type

    Type: REG_SZ(String Value)

    Data: NT5DS

    Path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeConfig

    Key Name: AnnounceFlags

    Type: REG_DWORD (DWORD Value )

    Data: 0xa

    Fourthly, What VM platform are you using? You should also disable time sync on VM platform.

    1.If you are using VMware, you can check as below.

    Disabling Time Synchronization (1189)

    https://kb.vmware.com/s/article/1189

    Disabling Time Synchronization

    https://docs.vmware.com/en/VMware-Tools/11.1.0/com.vmware.vsphere.vmwaretools.doc/GUID-678DF43E-5B20-41A6-B252-F2E13D1C1C49.html

    2.If you are using Hyper-V, you should disable time sync in Hyper-V.

    Hope the information above is helpful. If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.