question

Piloto-8675 avatar image
0 Votes"
Piloto-8675 asked Pokielol-9723 commented

Unable to sync server to new NTP server

Hello, Recently added two Windows 2016 domain controllers and made one of the them the new PDC (the intention is to demote the old 2012 servers soon). After the change, when updating DNS settings in two file servers, they are unable to sync to the NTP and time keeps changing to CMOS, also state is pending (see screenshot) Registry was configured in the PDC with type NTP, the rest uses type NT5DS. If reverting at least one of the DNS server settings to the old server then the file server synchronizes properly. Other servers in the domain don't have this issue. ![81291-image.png][1] [1]: /answers/storage/attachments/81291-image.png Thank you!

windows-server
image.png (40.0 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
If there are any progress welcome to share here!
Any one who has experience on this will be appreciated to share here too!

Best Regards,

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

Not clear what the issue is but Some general info
- All domain members should use NT5DS domain time.
- Desktops and member servers sync with any domain controller.
- Domain controllers sync with PDC emulator (one per domain)
- PDC emulator in child domain can sync with any domain controller in parent domain.
- PDC emulator in parent domain syncs with either a hardware clock or possibly an external source.
https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

--please don't forget to Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Piloto-8675 avatar image
0 Votes"
Piloto-8675 answered

@DSPatrick

Thank you for the general information, yes I can say that my domain matches all that, still I have not been able to resolve the issue.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

For your PDC emulator you can configure as below.

w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /manualpeerlist:<ntp ip address> /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time
then check the results
w32tm /query /source
w32tm /query /configuration

--please don't forget to Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Piloto-8675 avatar image
0 Votes"
Piloto-8675 answered

@DSPatrick

Thank you, with the command:
w32tm /config /manualpeerlist:<ntp ip address> /syncfromflags:manual /reliable:yes /update
I was able to force the time source in the offending server to the NTP server and it seems that it is keeping the setting, however when I run:
w32tm /configuration on that same server I get the following:

C:\Windows\system32>w32tm /monitor
GetDcList failed with error code: 0x8007054B.
Exiting with error 0x8007054B
C:\Windows\system32>

Running the same command in any other server gives me a list of all domain controllers. So there should be something else that I'm missing.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

I'd check the Windows Time service is started, also post results of
w32tm /query /source
w32tm /query /configuration






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Piloto-8675 avatar image
0 Votes"
Piloto-8675 answered Pokielol-9723 commented

Yes, Windows Time service is running. See below the results for those commands:

C:\Windows\system32>w32tm /query /source
10.x.x.x

(10.x.x.x is the IP for the PDC)

C:\Windows\system32>w32tm /query /configuration
[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 10 (Local)
MaxPollInterval: 15 (Local)
MaxNegPhaseCorrection: 4294967295 (Local)
MaxPosPhaseCorrection: 4294967295 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 1 (Local)
UpdateInterval: 30000 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NTP (Local)
NtpServer: 10.x.x.x (Local)
NtpServer (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 0 (Local)
InputProvider: 0 (Local)
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 0 (Local)
InputProvider: 1 (Local)

Thank you,

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Your output from: w32tm /query /configuration shows Type: NTP (Local)
If it's domain joined, need to change to NT5DS (use Domain Hierarchy) - you can go to the registry key or enter command:
Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type - modify to NT5DS OR
Enter command: W32tm /config /syncfromflags:domhier /update

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

That doesn't appear to have been run on the PDCe


also 0x8007054b == ERROR_NO_SUCH_DOMAIN so the new PDCe may be broken for other reasons.


--please don't forget to Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Piloto-8675 avatar image
0 Votes"
Piloto-8675 answered Piloto-8675 published

No, the commands were run on the offending server.
Running the same commands on the PDC shows the following:

C:\Windows\system32>w32tm /query /source
tick.usno.navy.mil,0x1
C:\Windows\system32>w32tm /query /configuration
[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NTP (Local)
NtpServer: 0.pool.ntp.org,0×1 tick.usno.navy.mil,0x1 utcnist.colorado.edu,0x1 (Local)
NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)
C:\Windows\system32>

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Please run;

Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\PDCe.txt
ipconfig /all > C:\ProblemMember.txt

then put unzipped text files up on OneDrive and share a link.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Any updates?

--please don't forget to Accept as answer if the reply is helpful--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.