I was starting to notice that a few of the servers had different times on them. I only noticed because my desktop clock was different from my phone clock, and the phone system was pointing to my Ubuntu NTP server as it’s time server (which in turn is pointing to ntp.ubuntu.com I believe).<\/p>\n
So, 2 domain controllers had the exact same time, 1 had a different time, and yet another still had another different time:
\nDC1 10:01:05
\nDC2 10:01:42
\nDC3 10:00:00 (PDC)
\nDC4 10:00:00<\/p>\n
Not good. So the PDC was being read only by the newest of the domain controllers. So the other two were setup incorrectly. It’s never a good idea to have multiple domain controllers with different time on the clocks. That leads to a bunch of issues. Let’s find out how to fix and why it is wrong.<\/p>\n
Check what NTP each DC is fetching information from:<\/p>\n
Open a command prompt on any of the domain controllers.
\nw32tm \/monitor \/domain:DOMAIN_NAME_HERE<\/code><\/p><\/blockquote>\nIf on a workgroup, you can use the following:
\nnet time \/querysntp<\/code><\/p>\nIf your PDC is not on the correct time, change the what NTP your server is fetching information from:<\/p>\n
w32tm \/config \/manualpeerlist:IP_ADDRESS_OF_NTP_SERVER \/syncfromflags:manual \/reliable:yes \/update<\/code><\/p><\/blockquote>\nUpdate your other Servers\/DCs to fetch NTP data from your PDC:<\/p>\n
On your other servers, open a command prompt.
\nw32tm \/config \/manualpeerlist:IP_OF_PDC,0x8 \/syncfromflags:MANUAL<\/code>
\nnet stop w32time<\/code>
\nnet start w32time<\/code>
\nw32tm \/resync<\/code><\/p><\/blockquote>\n\/update will allow you to not need to net stop\/start the w32time service. I put both in here for my personal reference.<\/p>\n
0x8 flag – send request as client mode
\n0x4 flag – send request as symmetricactive mode
\n0x2 flag – use as fallback only
\n0x1 flag – use a special polling interval<\/p>\n** EDIT 9\/18\/2015 **
\nReplaced my aging Ubuntu 12.04LTS (an upgrade from 8.04 to 10.04) with a CentOS7.x box for the primary NTP. Noticed that the managed phone clocks were about 2 minutes off from our desktop clocks. The phones were set incorrectly and I had our provider fix, but we were still about 60 seconds off from where we wanted to be.<\/p>\nThe replacement server had the same IP, but did NOT have the proper restrict (restrict 10.0.0.0 mask 255.0.0.0) appropriate for our environment. Fixed and service ntpd restart.<\/p>\n
Still no love. On the PDC I ran
\nw32tm \/query \/peers<\/code>
\nAnd received a State: Pending
\nEnded up rewriting the manualpeerlist
\nw32tm \/config \/manualpeerlist:\"10.0.0.254 0.us.pool.ntp.org\" \/reliable:yes \/update<\/code>
\nw32tm \/resync<\/code>
\nw32tm \/query \/peers<\/code>
\nState: Active<\/p>\n","protected":false},"excerpt":{"rendered":"I was starting to notice that a few of the servers had different times on them. I only noticed because my desktop clock was different from my phone clock, and the phone system was pointing to my Ubuntu NTP server as it’s time server (which in turn is pointing to ntp.ubuntu.com I believe). So, 2 … Continue reading Server 2003 NTP Domain Controller<\/span>