question

RAN55 avatar image
0 Votes"
RAN55 asked RAN55 edited

Servers lose hour configuration, domain GPO.

Hello,

Wen have some problems with some servers that they had the time 3 minutes out of phase. DCs are corrects, they synchronize with a an external source without problems.

I have configured a GPO to force clients to synchronize with DCs with this options:


194949-captura.jpg



The crossed out part is our DC PDC.

After a few days i check some servers with w32tm /query /source and some had de PDC as source but other had Local cmos clock. I checked this servers and they had the correct GPO option configuration in

With this servers dont take the PDC as source?

Thanks.

windows-serverwindows-active-directorywindows-group-policy
captura.jpg (48.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered DSPatrick commented

Some general info
- All domain members should use NT5DS domain time.
- Desktops and member servers sync with any domain controller.
- Domain controllers sync with PDC emulator (one per domain)
- PDC emulator in child domain can sync with any domain controller in parent domain.
- PDC emulator in parent domain syncs with either a hardware clock or possibly an external source.
https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

For all problem members beside PDC emulator you can
w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration

--please don't forget to upvote and Accept as answer if the reply is helpful--




· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·

After a while, we have problems again.

I have correct the gpo and i have forced the command in all server, what more can i check?

0 Votes 0 ·

What was the result?

w32tm /query /source
w32tm /query /configuration




0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

Why i put the commands in a .bat file:

Why are you doing that?






· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I put all the commands in a .bat to execute it in many servers.

0 Votes 0 ·

OK, this is because my .bat is called w32tm.bat and i just discovered that if the file have the same name of the command, the batch file keeps looping.

https://stackoverflow.com/questions/19047442/my-batch-file-keeps-looping-but-why


0 Votes 0 ·

Ok, sure that would do it.


0 Votes 0 ·
RAN55 avatar image
0 Votes"
RAN55 answered RAN55 edited

I have been checking events and i found the problem. We have two DCs, DC1 have all roles. DC1 take the hour of an external source.

The most of servers has like time source DC2.

DC1 have time-service events, 50
DC2 have time-service events, 24, 50 and 124.

1 - If the GPO is configured with the DC1 as a time source why the most of servers have DC2 as a time source ?
2 - Why there are time-service events ? both DCs are in the same vlan. DC1 has no conectivity problems with his external time source.

Many thanks.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Today i installed security patchs on DC1, i have moved all roles to DC2, and we have problems again. This is the cause.

How can i move roles and restart DC1 without this problems ? DCs are server 2016, we have had server 2008 and 2012 and never had this problems.

Thanks again !

0 Votes 0 ·