Microsoft

Server 2003 NTP Domain Controller

Leave a comment

I was starting to notice that a few of the servers had different times on them. I only noticed because my desktop clock was different from my phone clock, and the phone system was pointing to my Ubuntu NTP server as it’s time server (which in turn is pointing to ntp.ubuntu.com I believe).

So, 2 domain controllers had the exact same time, 1 had a different time, and yet another still had another different time:
DC1 10:01:05
DC2 10:01:42
DC3 10:00:00 (PDC)
DC4 10:00:00

Not good. So the PDC was being read only by the newest of the domain controllers. So the other two were setup incorrectly. It’s never a good idea to have multiple domain controllers with different time on the clocks. That leads to a bunch of issues. Let’s find out how to fix and why it is wrong.

Check what NTP each DC is fetching information from:

Open a command prompt on any of the domain controllers.
w32tm /monitor /domain:DOMAIN_NAME_HERE

If on a workgroup, you can use the following:
net time /querysntp

If your PDC is not on the correct time, change the what NTP your server is fetching information from:

w32tm /config /manualpeerlist:IP_ADDRESS_OF_NTP_SERVER /syncfromflags:manual /reliable:yes /update

Update your other Servers/DCs to fetch NTP data from your PDC:

On your other servers, open a command prompt.
w32tm /config /manualpeerlist:IP_OF_PDC,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time
w32tm /resync

/update will allow you to not need to net stop/start the w32time service. I put both in here for my personal reference.

0x8 flag – send request as client mode
0x4 flag – send request as symmetricactive mode
0x2 flag – use as fallback only
0x1 flag – use a special polling interval

** EDIT 9/18/2015 **
Replaced my aging Ubuntu 12.04LTS (an upgrade from 8.04 to 10.04) with a CentOS7.x box for the primary NTP. Noticed that the managed phone clocks were about 2 minutes off from our desktop clocks. The phones were set incorrectly and I had our provider fix, but we were still about 60 seconds off from where we wanted to be.

The replacement server had the same IP, but did NOT have the proper restrict (restrict 10.0.0.0 mask 255.0.0.0) appropriate for our environment. Fixed and service ntpd restart.

Still no love. On the PDC I ran
w32tm /query /peers
And received a State: Pending
Ended up rewriting the manualpeerlist
w32tm /config /manualpeerlist:"10.0.0.254 0.us.pool.ntp.org" /reliable:yes /update
w32tm /resync
w32tm /query /peers
State: Active

Leave a Reply

Your email address will not be published. Required fields are marked *