Re: Time Sync Problem on AD 2003 domain

Hello kabbott via WinServerKB.com,

Let's start with an unedited ipconfig /all from the DC with the PDCEmulator
FSMO and a problem machine, not able to sync with a DC. How many DCs do you
have? Is a firewall in use and is it configured to have port 123 UDP open?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Good Morning.
>
> I've inherited a recently created Win2K3 AD domain and am having
> issues with time synchronization.
>
> I am getting Event ID 12's in the event log, and the PDC is not
> synching with
> the time source, and
> I've been through the KB article and the registry changes
> there, and I am still seeing the event 12's.
> I found a post from John Randal on this msg board from 2004 that
> describes a similar problem, which he ultimately resolved by changing
> some group policies. But I don't know what group policies, or where.
>
> Now, since I've been messing with stuff, I also see event ID 36's and
> NTP clients are getting Event ID 11's saying the PDC didn't respond.
>
> I have included pertinant information below. If anyone could take a
> look through it and possibly spot my issue, or if anyone knows what
> group policies John is referring to or where and help me check that, I
> would really appreciate it. I am pretty stumped at this point
>
> ************************************************** ********************
> **************
>
> Here is a dump of the w32time reg key:
>
> Key Name:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\
> w32time
> Class Name: <NO CLASS>
> Last Write Time: 11/7/2009 - 9:27 PM
> Value 0
> Name: Type
> Type: REG_DWORD
> Data: 0x20
> Value 1
> Name: Start
> Type: REG_DWORD
> Data: 0x2
> Value 2
> Name: ErrorControl
> Type: REG_DWORD
> Data: 0x1
> Value 3
> Name: ImagePath
> Type: REG_EXPAND_SZ
> Data: %SystemRoot%\system32\svchost.exe -k LocalService
> Value 4
> Name: DisplayName
> Type: REG_SZ
> Data: Windows Time
> Value 5
> Name: ObjectName
> Type: REG_SZ
> Data: NT AUTHORITY\LocalService
> Value 6
> Name: Description
> Type: REG_SZ
> Data: Maintains date and time synchronization on all
> clients and
> servers in the network. If this service is stopped, date and time
> synchronization will be unavailable. If this service is disabled, any
> services that explicitly depend on it will fail to start.
>
> Key Name:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\
> w32time\Config
> Class Name: <NO CLASS>
> Last Write Time: 11/25/2009 - 11:25 AM
> Value 0
> Name: LastClockRate
> Type: REG_DWORD
> Data: 0x2625a
> Value 1
> Name: MinClockRate
> Type: REG_DWORD
> Data: 0x260d4
> Value 2
> Name: MaxClockRate
> Type: REG_DWORD
> Data: 0x263e0
> Value 3
> Name: FrequencyCorrectRate
> Type: REG_DWORD
> Data: 0x4
> Value 4
> Name: PollAdjustFactor
> Type: REG_DWORD
> Data: 0x5
> Value 5
> Name: LargePhaseOffset
> Type: REG_DWORD
> Data: 0x2faf080
> Value 6
> Name: SpikeWatchPeriod
> Type: REG_DWORD
> Data: 0x384
> Value 7
> Name: HoldPeriod
> Type: REG_DWORD
> Data: 0x5
> Value 8
> Name: LocalClockDispersion
> Type: REG_DWORD
> Data: 0xa
> Value 9
> Name: EventLogFlags
> Type: REG_DWORD
> Data: 0x2
> Value 10
> Name: PhaseCorrectRate
> Type: REG_DWORD
> Data: 0x7
> Value 11
> Name: MinPollInterval
> Type: REG_DWORD
> Data: 0x6
> Value 12
> Name: MaxPollInterval
> Type: REG_DWORD
> Data: 0xa
> Value 13
> Name: MaxNegPhaseCorrection
> Type: REG_DWORD
> Data: 0x1c20
> Value 14
> Name: MaxPosPhaseCorrection
> Type: REG_DWORD
> Data: 0x1c20
> Value 15
> Name: UpdateInterval
> Type: REG_DWORD
> Data: 0x64
> Value 16
> Name: MaxAllowedPhaseOffset
> Type: REG_DWORD
> Data: 0x12c
> Value 17
> Name: AnnounceFlagsOld
> Type: REG_DWORD
> Data: 0xa
> Value 18
> Name: AnnounceFlags
> Type: REG_DWORD
> Data: 0x5
> Value 19
> Name: FileLogSize
> Type: REG_DWORD
> Data: 0x989680
> Value 20
> Name: FileLogName
> Type: REG_SZ
> Data: C:\Windows\Temp\w32time.log
> Value 21
> Name: FileLogEntries
> Type: REG_SZ
> Data: 0-116
> Key Name:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\
> w32time\Parameters
> Class Name: <NO CLASS>
> Last Write Time: 11/24/2009 - 5:43 PM
> Value 0
> Name: ServiceMain
> Type: REG_SZ
> Data: SvchostEntry_W32Time
> Value 1
> Name: ServiceDll
> Type: REG_EXPAND_SZ
> Data: C:\WINDOWS\system32\w32time.dll
> Value 2
> Name: Type
> Type: REG_SZ
> Data: NTP
> Value 3
> Name: ntpserver
> Type: REG_SZ
> Data: time-b.nist.gov,0x1 192.5.41.209
> Value 4
> Name: ReliableTimeSource
> Type: REG_DWORD
> Data: 0
> Key Name:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\
> w32time\Security
> Class Name: <NO CLASS>
> Last Write Time: 10/19/2009 - 7:13 AM
> blahblahbla
> Key Name:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\
> w32time\TimeProviders
> Class Name: <NO CLASS>
> Last Write Time: 10/19/2009 - 7:13 AM
> Key Name:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\
> w32time\TimeProviders\NtpClient
> Class Name: <NO CLASS>
> Last Write Time: 11/24/2009 - 5:18 PM
> Value 0
> Name: Enabled
> Type: REG_DWORD
> Data: 0x1
> Value 1
> Name: InputProvider
> Type: REG_DWORD
> Data: 0x1
> Value 2
> Name: AllowNonstandardModeCombinations
> Type: REG_DWORD
> Data: 0x1
> Value 3
> Name: CrossSiteSyncFlags
> Type: REG_DWORD
> Data: 0x2
> Value 4
> Name: ResolvePeerBackoffMinutes
> Type: REG_DWORD
> Data: 0xf
> Value 5
> Name: ResolvePeerBackoffMaxTimes
> Type: REG_DWORD
> Data: 0x7
> Value 6
> Name: CompatibilityFlags
> Type: REG_DWORD
> Data: 0x80000000
> Value 7
> Name: EventLogFlags
> Type: REG_DWORD
> Data: 0x1
> Value 8
> Name: LargeSampleSkew
> Type: REG_DWORD
> Data: 0x3
> Value 9
> Name: DllName
> Type: REG_SZ
> Data: C:\WINDOWS\system32\w32time.dll
> Value 10
> Name: SpecialPollTimeRemaining
> Type: REG_MULTI_SZ
> Data:
> Value 11
> Name: SpecialPollInterval
> Type: REG_DWORD
> Data: 0x708
> Key Name:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\
> w32time\TimeProviders\NtpServer
> Class Name: <NO CLASS>
> Last Write Time: 10/19/2009 - 7:13 AM
> Value 0
> Name: InputProvider
> Type: REG_DWORD
> Data: 0
> Value 1
> Name: AllowNonstandardModeCombinations
> Type: REG_DWORD
> Data: 0x1
> Value 2
> Name: DllName
> Type: REG_SZ
> Data: C:\WINDOWS\system32\w32time.dll
> Value 3
> Name: Enabled
> Type: REG_DWORD
> Data: 0x1
> Key Name:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\
> w32time\Enum
> Class Name: <NO CLASS>
> Last Write Time: 11/7/2009 - 9:27 PM
> Value 0
> Name: 0
> Type: REG_SZ
> Data: Root\LEGACY_W32TIME\0000
> Value 1
> Name: Count
> Type: REG_DWORD
> Data: 0x1
> Value 2
> Name: NextInstance
> Type: REG_DWORD
> Data: 0x1
> ************************************************** ********************
> *****************************
>
> Here is some additional information from turning on W32time logging.
> It shows some issues but I am not familiar enough with the information
> to identify what is going on.
>
> ****Start of Log including ReadConfig***
> 149347 17:26:16.2031250s - ---------- Log File Opened
> -----------------
> 149347 17:26:16.2031250s - Entered W32TmServiceMain W2K3SP1
> 149347 17:26:16.2031250s - CurSpc:15625000ns BaseSpc:15625000ns
> SyncToCmos:
> Yes
> 149347 17:26:16.2031250s - PerfFreq:2992740000c/s
> 149347 17:26:16.2031250s - Time zone OK.
> 149347 17:26:16.2031250s - ReadConfig: Found provider 'NtpClient':
> 149347 17:26:16.2031250s - ReadConfig: 'Enabled'=0x00000001
> 149347 17:26:16.2031250s - ReadConfig:
> 'DllName'='C:\WINDOWS\system32\
> w32time.dll'
> 149347 17:26:16.2031250s - ReadConfig: 'InputProvider'=0x00000001
> 149347 17:26:16.2031250s - ReadConfig: Found provider 'NtpServer':
> 149347 17:26:16.2031250s - ReadConfig: 'Enabled'=0x00000001
> 149347 17:26:16.2031250s - ReadConfig:
> 'DllName'='C:\WINDOWS\system32\
> w32time.dll'
> 149347 17:26:16.2031250s - ReadConfig: 'InputProvider'=0x00000000
> 149347 17:26:16.2031250s - ReadConfig (policy): Found provider
> 'NtpClient':
> 149347 17:26:16.2031250s - ReadConfig (policy): 'Enabled'=0x00000001
> 149347 17:26:16.2031250s - ReadConfig (policy): Found provider
> 'NtpServer':
> 149347 17:26:16.2031250s - ReadConfig (policy): 'Enabled'=0x00000000
> 149347 17:26:16.2031250s - ReadConfig: 'PhaseCorrectRate'=0x00000007
> 149347 17:26:16.2031250s - ReadConfig: 'UpdateInterval'=0x00000064
> 149347 17:26:16.2031250s - ReadConfig:
> 'FrequencyCorrectRate'=0x00000004
> 149347 17:26:16.2031250s - ReadConfig: 'PollAdjustFactor'=0x00000005
> 149347 17:26:16.2031250s - ReadConfig: 'LargePhaseOffset'=0x02FAF080
> 149347 17:26:16.2031250s - ReadConfig: 'SpikeWatchPeriod'=0x00000384
> 149347 17:26:16.2031250s - ReadConfig: 'HoldPeriod'=0x00000005
> 149347 17:26:16.2031250s - ReadConfig: 'MinPollInterval'=0x00000006
> 149347 17:26:16.2031250s - ReadConfig: 'MaxPollInterval'=0x0000000A
> 149347 17:26:16.2031250s - ReadConfig: 'AnnounceFlags'=0x00000005
> 149347 17:26:16.2031250s - ReadConfig:
> 'LocalClockDispersion'=0x0000000A
> 149347 17:26:16.2031250s - ReadConfig:
> 'MaxNegPhaseCorrection'=0x00001C20
> 149347 17:26:16.2031250s - ReadConfig:
> 'MaxPOSPhaseCorrection'=0x00001C20
> 149347 17:26:16.2031250s - ReadConfig: 'EventLogFlags'=0x00000002
> 149347 17:26:16.2031250s - ReadConfig:
> 'MaxAllowedPhaseOffset'=0x0000012C
> 149347 17:26:16.2031250s - ReadConfig: failed. Use default one
> 'TimeJumpAuditOffset'=0x00007080
> 149347 17:26:16.2031250s - DomainHierarchy: LSA role change
> notification.
> Redetecting.
> 149347 17:26:16.2031250s - DomainHierarchy: we are now the domain
> root.
> Should be advertised as reliable
> 149347 17:26:16.2031250s - ClockDisciplineThread: Starting:149347
> 17:26:16.
> 2031250s - LI:0 S:1 RDl:0 RDs:100000000 TSF:0x0
> 149347 17:26:16.2031250s - ClockDispln: we're a reliable time service
> with no
> time source: LS: 0, TN: 864000000000, WAIT: 86400000
> 149347 17:26:16.2031250s - Starting Providers.
> 149347 17:26:16.2031250s - Starting 'NtpClient',
> dll:'C:\WINDOWS\system32\
> w32time.dll'
> 149347 17:26:16.2031250s - NtpTimeProvOpen("NtpClient") called.
> 149347 17:26:16.2031250s - sysPrecision=-6,
> systmeClockResolution=156250
> 149347 17:26:16.2187500s - NtpProvider: Created 3 sockets (1
> listen-only): x.
> x.34.48:123, x.x.35.245:123, (127.0.0.1:123)
> 149347 17:26:16.2187500s - PeerPollingThread: waiting forever
> 149347 17:26:16.2187500s - ReadConfig:
> 'AllowNonstandardModeCombinations'=0x00000001
> 149347 17:26:16.2187500s - ReadConfig: 'CompatibilityFlags'=0x80000000
> 149347 17:26:16.2187500s - ReadConfig:
> 'SpecialPollInterval'=0x00000E10
> 149347 17:26:16.2187500s - ReadConfig:
> 'ResolvePeerBackoffMinutes'=0x0000000F
> 149347 17:26:16.2187500s - ReadConfig:
> 'ResolvePeerBackoffMaxTimes'=0x00000007
> 149347 17:26:16.2187500s - ReadConfig: 'EventLogFlags'=0x00000000
> 149347 17:26:16.2187500s - ReadConfig: 'LargeSampleSkew'=0x00000003
> 149347 17:26:16.2187500s - ReadConfig: 'CrossSiteSyncFlags'=0x00000002
> 149347 17:26:16.2187500s - PeerPollingThread: waiting 0.000s
> 149347 17:26:16.2187500s - NtpClient started.
> 149347 17:26:16.2187500s - PeerPollingThread: PeerListUpdated
> 149347 17:26:16.2187500s - Successfully started 1 providers.
> 149347 17:26:16.2187500s - Resolving domain hierarchy
> 149347 17:26:16.2187500s - W32TmServiceMain: waiting i16.000s
> (64.000s)
> 149347 17:26:16.2187500s - W32TmServiceMain: waiting i16.000s
> (64.000s)
> 149347 17:26:16.2187500s - PeerPollingThread: WaitTimeout
> 149347 17:26:16.2187500s - PeerPollingThread: waiting forever
> 149347 17:26:16.2187500s - RPC Caller is NT AUTHORITY\LOCAL SERVICE
> (S-1-5-19)
> 149347 17:26:16.2187500s - Query 1 (BACKGROUND): <SITE:
> Default-First-Site-
> Name, DOM: FROG.com, FLAGS: 00026B00>
> 149347 17:26:17.0312500s - Query 1: no DC found.
> 149347 17:26:17.0312500s - Query 4 (BACKGROUND): <SITE: (null), DOM:
> (null),
> FLAGS: 00006B00>
> *****Repeating Sequences of these****
>
> 149347 17:29:21.9531250s - ListeningThread -- DataAvailEvent set for
> socket 0
> (x0.x.x.x:123)
> 149347 17:29:21.9531250s - ListeningThread -- response heard from
> x.x.33.17:
> 123
> 149347 17:29:21.9531250s - Ignoring packet invalid mode combination
> (in:3 out:
> 0).
>
> ****No DC Found****
>
> 149347 17:26:32.0312500s - Query 4: no DC found.
> 149347 17:26:32.0312500s - Logging warning: NtpClient: This machine is
> the
> PDC of the domain at the root of the forest, so there is no machine
> above it
> in the domain hierarchy to use as a time source. NtpClient will fall
> back to
> the remaining configured time sources, if any are available.
> 149347 17:26:32.0312500s - Retrying resolution for domain hierarchy.
> Retry 1
> will be in 15 minutes.
> 149347 17:26:32.0312500s - PeerPollingThread: waiting 915.813s
> 149347 17:26:32.0312500s - PeerPollingThread: PeerListUpdated
> 149347 17:26:32.0312500s - PeerPollingThread: waiting 900.000s
> 149347 17:26:32.2187500s - W32TmServiceMain: timeout
> 149347 17:26:32.2187500s - TimeProvCommand([NtpClient],
> TPC_GetSamples)
> called.
> 149347 17:26:32.2187500s - NtpClient returned 0 samples.
> 149347 17:26:32.2187500s - W32TmServiceMain: waiting 64.000s
> *****Repeating Sequences of these****
>
> 149347 17:29:21.9531250s - ListeningThread -- DataAvailEvent set for
> socket 0
> (x0.x.x.x:123)
> 149347 17:29:21.9531250s - ListeningThread -- response heard from
> x.x.33.17:
> 123
> 149347 17:29:21.9531250s - Ignoring packet invalid mode combination
> (in:3 out:
> 0).
>
> ****W32TmService Timeout*****
> 149347 17:27:36.2187500s - W32TmServiceMain: timeout
> 149347 17:27:36.2187500s - TimeProvCommand([NtpClient],
> TPC_GetSamples)
> called.
> 149347 17:27:36.2187500s - NtpClient returned 0 samples.
> 149347 17:27:36.2187500s - W32TmServiceMain: waiting 64.000s
> *****Repeating Sequences of these****
>
> 149347 17:29:21.9531250s - ListeningThread -- DataAvailEvent set for
> socket 0
> (x0.x.x.x:123)
> 149347 17:29:21.9531250s - ListeningThread -- response heard from
> x.x.33.17:
> 123
> 149347 17:29:21.9531250s - Ignoring packet invalid mode combination
> (in:3 out:
> 0).
>
> ****Group Policy Update****
>
> 149347 17:27:45.7031250s - W32TmServiceMain: Group Policy Update
> 149347 17:27:45.7031250s - W32TmServiceMain: Param change notification
> 149347 17:27:45.7031250s - ReadConfig: Found provider 'NtpClient':
> 149347 17:27:45.7187500s - ReadConfig: 'Enabled'=0x00000001
> 149347 17:27:45.7187500s - ReadConfig:
> 'DllName'='C:\WINDOWS\system32\
> w32time.dll'
> 149347 17:27:45.7187500s - ReadConfig: 'InputProvider'=0x00000001
> 149347 17:27:45.7187500s - ReadConfig: Found provider 'NtpServer':
> 149347 17:27:45.7187500s - ReadConfig: 'Enabled'=0x00000001
> 149347 17:27:45.7187500s - ReadConfig:
> 'DllName'='C:\WINDOWS\system32\
> w32time.dll'
> 149347 17:27:45.7187500s - ReadConfig: 'InputProvider'=0x00000000
> 149347 17:27:45.7187500s - ReadConfig (policy): Found provider
> 'NtpClient':
> 149347 17:27:45.7187500s - ReadConfig (policy): 'Enabled'=0x00000001
> 149347 17:27:45.7187500s - ReadConfig (policy): Found provider
> 'NtpServer':
> 149347 17:27:45.7187500s - ReadConfig (policy): 'Enabled'=0x00000000
> 149347 17:27:45.7187500s - ReadConfig: 'PhaseCorrectRate'=0x00000007
> 149347 17:27:45.7187500s - ReadConfig: 'UpdateInterval'=0x00000064
> 149347 17:27:45.7187500s - ReadConfig:
> 'FrequencyCorrectRate'=0x00000004
> 149347 17:27:45.7187500s - ReadConfig: 'PollAdjustFactor'=0x00000005
> 149347 17:27:45.7187500s - ReadConfig: 'LargePhaseOffset'=0x02FAF080
> 149347 17:27:45.7187500s - ReadConfig: 'SpikeWatchPeriod'=0x00000384
> 149347 17:27:45.7187500s - ReadConfig: 'HoldPeriod'=0x00000005
> 149347 17:27:45.7187500s - ReadConfig: 'MinPollInterval'=0x00000006
> 149347 17:27:45.7187500s - ReadConfig: 'MaxPollInterval'=0x0000000A
> 149347 17:27:45.7187500s - ReadConfig: 'AnnounceFlags'=0x00000005
> 149347 17:27:45.7187500s - ReadConfig:
> 'LocalClockDispersion'=0x0000000A
> 149347 17:27:45.7187500s - ReadConfig:
> 'MaxNegPhaseCorrection'=0x00001C20
> 149347 17:27:45.7187500s - ReadConfig:
> 'MaxPosPhaseCorrection'=0x00001C20
> 149347 17:27:45.7187500s - ReadConfig: 'EventLogFlags'=0x00000002
> 149347 17:27:45.7187500s - ReadConfig:
> 'MaxAllowedPhaseOffset'=0x0000012C
> 149347 17:27:45.7187500s - ReadConfig: failed. Use default one
> 'TimeJumpAuditOffset'=0x00007080
> 149347 17:27:45.7187500s - No params changed for local clock.
> 149347 17:27:45.7187500s - TimeProvCommand([NtpClient],
> TPC_UpdateConfig)
> called.
> 149347 17:27:45.7187500s - ReadConfig:
> 'AllowNonstandardModeCombinations'=0x00000001
> 149347 17:27:45.7187500s - ReadConfig: 'CompatibilityFlags'=0x80000000
> 149347 17:27:45.7187500s - ReadConfig:
> 'SpecialPollInterval'=0x00000E10
> 149347 17:27:45.7187500s - ReadConfig:
> 'ResolvePeerBackoffMinutes'=0x0000000F
> 149347 17:27:45.7187500s - ReadConfig:
> 'ResolvePeerBackoffMaxTimes'=0x00000007
> 149347 17:27:45.7187500s - ReadConfig: 'EventLogFlags'=0x00000000
> 149347 17:27:45.7187500s - ReadConfig: 'LargeSampleSkew'=0x00000003
> 149347 17:27:45.7187500s - ReadConfig: 'CrossSiteSyncFlags'=0x00000002
> 149347 17:27:45.7187500s - PeerPollingThread: waiting 826.313s
> 149347 17:27:45.7187500s - Provider list: 0 stopped, 0 started, 1
> not
> changed.
> 149347 17:27:45.7187500s - W32TmServiceMain: waiting 54.515s
> *****Repeating Sequences of these****
>
> 149347 17:29:21.9531250s - ListeningThread -- DataAvailEvent set for
> socket 0
> (x0.x.x.x:123)
> 149347 17:29:21.9531250s - ListeningThread -- response heard from
> x.x.33.17:
> 123
> 149347 17:29:21.9531250s - Ignoring packet invalid mode combination
> (in:3 out:
> 0).
>
> ****Timeout****
> 149347 17:28:40.2343750s - W32TmServiceMain: timeout
> 149347 17:28:40.2343750s - TimeProvCommand([NtpClient],
> TPC_GetSamples)
> called.
> 149347 17:28:40.2343750s - NtpClient returned 0 samples.
> 149347 17:28:40.2343750s - W32TmServiceMain: waiting 64.000s
> *****Repeating Sequences of these****
>
> 149347 17:29:21.9531250s - ListeningThread -- DataAvailEvent set for
> socket 0
> (x0.x.x.x:123)
> 149347 17:29:21.9531250s - ListeningThread -- response heard from
> x.x.33.17:
> 123
> 149347 17:29:21.9531250s - Ignoring packet invalid mode combination
> (in:3 out:
> 0).
>
> ************************************************** ********************
> ****************
> thx for all of your help!!!
> k

"kabbott via WinServerKB.com" <u56473@uwe> wrote in message
news:9fe8fca9d3b98@uwe...
> Hi Meinolf,
>
> Thanks for the tip. I turned off the RAS service on the PDCE.
>
> I can execute a "net time /domaindappos from silc041 and it successfully
> shows silc041's time. (BTW silc041 is not a DC, just a file and print
> server
> on the domain).
>
> But my initial problem of getting the PDCE to sync with an external time
> source, so that it's time is accurate, still fails.
>
> I can execute a "w32tm /stripchart /computer:time-b.nist.gov /samples:3
> /dataonly" from the PDCE and it tells me I'm off by 80 seconds, but the
> clock
> never synchronizes, and if I stop and restart w32time, I get an event 12
> again.
>
> Any ideas?
>
> Thx,
> k

The other DC, silc041, should also be single homed. Did you disable the
additional NIC and RRAS on it?

Do you have port TCP 123 or UDP 123 opened? Time uses UDP.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

"kabbott via WinServerKB.com" <u56473@uwe> wrote in message
news:9ff289fabf736@uwe...
> Hi Meinolf,
>
> I must have missed this portion of your message first time around.
>
> I have turned off RAS - on our older NT domain, RAS had to be on a domain
> controller in order to authenticate users - has this changed on AD domain?

RRAS doesn't have to be on a DC. Where did you read that? It is highly
recommended for RRAS to be on a member server, not a DC.

>
> The second Nic on our non DC servers is a connection to our SAN LAN - no
> gateway specified. Is this a problem if it is not a DC?

Not if it's not a DC. If on a DC, yes, it is extremely problematic on a DC.
The reasons are based on DNS registration. A little understanding of how AD
works will enlighten the reasons why. AD registers it's info in DNS (your
DNS only). DCs and clients use that info to "Find" the domain controller to
logon, authenticate to shared drives, printers, etc. If using an ISP's, for
example (some admins think that is necessary to get internet resolution, but
are totally wrong), and will cause problems with DNS registration, clients,
and especially that the DCs can't even find themselves. The issues snowball
into other issues.

Now if there are multiple NICs and/or IPs, including RRAS which registers a
bunch of IPs for it's RRAS clients, it will register that info into DNS,
causing additional headaches. This is done by default by the netlogon
service on all DCs. You can force it to not register, but it require
numerous registry alterations. If you want to keep your dual-NIC config on a
DC, or keep RRAS on a DC, read the following for more info, an explanation
in more detail, and how to change it.

Multihomed DCs with DNS, RRAS, and/or PPPoE adapters:
http://blogs.dirteam.com/blogs/acefe...-adapters.aspx

However, Meinolf already posted the link for you, but it appears you didn't
read it or you wouldn't be asking the questions that you are in this post.

>
> Currently we have 2 very active domains, the AD domain in question, and
> the
> older NT domain we are transitioning from. In addition, we have users at
> our
> site that log into remote domains and run applications that have only the
> WINS name encoded instead of the fqdn. Hence the multiple domain suffixes.

Never heard of a "very active" domain... Their all active or they don't
work. :-)

WINS doesn't use suffixes. That is for the client side resolver to
resolve/devolve host names, not NetBIOS names, which is what NT4 uses. The
additional sufffixes are superfluous. They are beneficial in an environment
where they need to resolve specific zone suffixes that your internal DNS
hosts or your internal DNS has a reference to the zone, such as with a
Secondary zone or a Stub zone for the trusted partner's DNS zones, however
in a forest or domain to domain trust scenario where both sides are AD and
you need to resolve FQDNs, then a Conditional Forwarder is the answer, not
the suffixes.

Ave

"kabbott via WinServerKB.com" <u56473@uwe> wrote in message
news:9fe8fca9d3b98@uwe...
> Hi Meinolf,
>
> Thanks for the tip. I turned off the RAS service on the PDCE.
>
> I can execute a "net time /domaindappos from silc041 and it successfully
> shows silc041's time. (BTW silc041 is not a DC, just a file and print
> server
> on the domain).
>
> But my initial problem of getting the PDCE to sync with an external time
> source, so that it's time is accurate, still fails.
>
> I can execute a "w32tm /stripchart /computer:time-b.nist.gov /samples:3
> /dataonly" from the PDCE and it tells me I'm off by 80 seconds, but the
> clock
> never synchronizes, and if I stop and restart w32time, I get an event 12
> again.
>
> Any ideas?

I assume you mean EventID # 12, not event 12. EventID 12 means basically:
"Basically, what this event means is that the PDC Emulator in the forest
root domain has not been configured to synchronize its clock with an
external stratum 1 time source, and as a result the clocks on all machines
in your forest cannot be considered reliable. Now this may be an issue if
employees rely upon their workstations’ CMOS clocks for signing in and out,
but as far as Kerberos is concerned it’s a non-issue because Kerberos only
requires that clocks on clients and authenticators agree with each other,
not that they display accurate time. So if every machine’s clock in the
forest is one hour late, Kerberos will still work fine and replay attacks
will be prevented, which is the purpose of W32Time anyway."

The above was quoted from:
http://www.windowsnetworking.com/art...e-Service.html

So that goes back to - have you configured your PDC Emulator to sync from an
external source? If so, how did you do it? Was the PDC role moved from a
different DC to the current one? Were there any Time service reg entries
altered on the PDC Emulator?

If UDP 123 is opened, I assume that it is opened to the current PDC
Emulator, as well asassume that some sort of rule on the firewall is
'allowing established?'

I'm trying to keep track of your machines names, so help me out here --- Is
the PDC Emulator multihomed?

Ace

"kabbott via WinServerKB.com" <u56473@uwe> wrote in message
news:9ff1f675612a1@uwe...
> Hi Ace,
>
> silc041 is not a DC, merely a file/print server on that domain. It does
> not
> participate at all in domain activities, but the policy is set so all
> domain
> members sync with the pdce.

You manuall configured a policy or altered the reg entries for all machines
to synch with the PDC Emulator? If so, that is unnecessary and lot's of work
to change something that does this by default.

> Therefore having 41 dual-homed should not hurt.

If 41 is not a DC, than no, multihoming shouldn't bother it.

> Also, the second NIC is connected to a SAN LAN that is on a completely
> different subnet.

On the DC or 41?


> UDP 123 is open. as evidenced by successfully executing the w32tm
> /stripchart
> command to time-b.

On the PDC Emulator?
The PDC Emulator is the only machine that should be communicating to the
external time source. I assume you went through the w32time commands to
setup the external time source properly on the PDC Emulator?

>
> One other note - actually 2: first, silc041 is a win2k server inst of
> win2k3
> like the other servers.
> Second, even tho I can execute "net time /domaindappos " from 41, it
> never
> actually syncs (nor do the other clients).

Then something else is going on. Try to reconfigure the time service on the
PDC Emulator with the time commands. If the PDC Emulator role was moved from
a different DC to the current one, it needs to be configured as well. My
time service blog should help. I thought I already posted it, or someone
else already did?

Configuring the Windows Time Service for Windows Server
http://msmvps.com/blogs/acefekay/arc...ws-server.aspx

Ace

"kabbott via WinServerKB.com" <u56473@uwe> wrote in message
news:9ff3e8c08d16f@uwe...
> >You manuall configured a policy or altered the reg entries for all
> >machines
>>to synch with the PDC Emulator? If so, that is unnecessary and lot's of
>>work
>>to change something that does this by default.
>
> No, the previous guy had that set up -(so I presume he didn't do it that
> way).
> He just added a policy rule to prevent the users from manually altering or
> updating their time.
>
>>> Also, the second NIC is connected to a SAN LAN that is on a completely
>>> different subnet.
>>
>>On the DC or 41?
>>
>
> on 41 - DC is now Single-homed

Good.


>>> UDP 123 is open. as evidenced by successfully executing the w32tm
>>> /stripchart
>>> command to time-b.

The stripchart switch simply displays a strip chart of the offset between
this computer and another computer.


>>
>>On the PDC Emulator?
>>The PDC Emulator is the only machine that should be communicating to the
>>external time source. I assume you went through the w32time commands to
>>setup the external time source properly on the PDC Emulator?
>
> correct - on the DC - I can execute the stripchart command and it returns
> the
> time diffrence from time-b.nist.gov. I believe I correctly excecuted the
> commands te set up the external time source on the PDCE, and doing a "Net
> Time /querysntp" gives me
> "The current SNTP value is" time-b.nist.gov 129.6.15.29 208.66.175.36"
>
> The command executed to configure external time was:
> "w32tm /config /manualpeerlist:"time-b.nist.gov 127.6.15.29 208.66.175.36"
> /syncfromflags:manual /reliable:yes /update"
>
> first leading and last trailing quote excluded.
>
> but it still doesn't sync.

I assume you've tried w32tm /resync ?

Keep in mind, if it is off by 2 or 3 minutes, it may not sync. Microsoft
time service has that much skew. If you need tighter tolerances, you have to
use a third party.

>
> The PDCE has not moved rolls. It started out on SILC055 and has remained
> there.
>
> John Randal had a post on this forum from 2004 that sounded very similar
> and
> his final conclusion was that his PDCE Group Policy was set to sync with
> the
> domain, rather than with the external time server. Unfortunately he didn't
> elaborate which policy, which object, or really even which machine tho I
> assume it was the PDCE, that he needed to change. Nor did he specify what
> change was made.

Go into the GPOs that affect the DCs, and run an RSOP to see the settings.

>
> I will check your blog - I may have already read it - I've read a ton.
>
> Thanks for all your help!
> K
>

You are welcome, so far.

The

"kabbott via WinServerKB.com" <u56473@uwe> wrote in message
news:9ff4fe4c92db2@uwe...
> Hi Ace,
> Is
>>the PDC Emulator multihomed?
> Emphatically no. It is not
>
> If UDP 123 is opened, I assume that it is opened to the current PDC
>>Emulator, as well asassume that some sort of rule on the firewall is
>>'allowing established?'
>
> Yes, It is
>
>
>
> I assume you mean EventID # 12, not event 12. EventID 12 means basically:
>>"Basically, what this event means is that the PDC Emulator in the forest
>>root domain has not been configured to synchronize its clock with an
>>external stratum 1 time source
>
> Exactly so. Event ID: 12 - source w32Time "Time Provider NtpClient: This
> machine is configured to use the domain hierarchy to determin its time
> source,
> but is the PDC emulater etc. etc"
>
>
>
>>So that goes back to - have you configured your PDC Emulator to sync from
>>an
>>external source?
> Yes
>
>> If so, how did you do it?
> I tried 2 different methods: 1 manual registry entries recommended by this
> article:
> http://www.windowsnetworking.com/art...e-Service.html
>
>
> 2: executing:
> W32tm /config /manualpeerlist:"time-b.nist.gov 129.6.15.29 208.66.175.36"
> /syncfromflags:manual /reliable:yes /update
>
>
>
>>Was the PDC role moved from a
>>different DC to the current one?
> No
>
>
>>Were there any Time service reg entries
>>altered on the PDC Emulator?
> Yes - as mentioned above and to turn on the W32Time logging as per the KB
> article on that subject: you can see the entire W32Time Reg dump,
> including
> parameters, in the original message. The provider string has been modified
> from that reg snapshot to the string above.
>
>
>
> Thx for your help!!
> k
>
> Ace Fekay [MCT] wrote:
>>> Hi Meinolf,
>>>
>>[quoted text clipped - 15 lines]
>>>
>>> Any ideas?
>>
>>I assume you mean EventID # 12, not event 12. EventID 12 means basically:
>>"Basically, what this event means is that the PDC Emulator in the forest
>>root domain has not been configured to synchronize its clock with an
>>external stratum 1 time source, and as a result the clocks on all machines
>>in your forest cannot be considered reliable. Now this may be an issue if
>>employees rely upon their workstationsâs/single domains
> >> EuropD"


btw - 129.6.15.29 is time-b.nist.gov, so it looks redundant.
Name: time-b.nist.gov
Address: 129.6.15.29

Also, looking up 208.66.175.36 doesn't come back with anything. Where did
you get that?

Ace

"kabbott via WinServerKB.com" <u56473@uwe> wrote in message
news:9ff584caac08f@uwe...
> Hi Ace,
>
> Yes, it is redundant. I wanted to list the IP as well as the DNS name in
> case
> of DNS failure
>
>
> the 208 address is listed as a chicago time source on NISTs site at
> http://tf.nist.gov/tf-cgi/servers.cgi
>
>
> Also, based on the registry key info at:
> http://technet.microsoft.com/en-us/l...63(WS.10).aspx
>
> I made the following registry key changes (to no avail):
> MaxAllowedPhaseOffset
> Registry path
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W32Time\Config
>
> from 300 to 1
>
>
> InputProvider
> Registry path
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W32Time\TimeProviders\
> NtpServer
>
> from 0 to 1
>
>
>
> MaxNegPhaseCorrection
> Registry path
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W32Time\Config
>
> from 7200 to 54000
>
>
>
>
>
> MaxPosPhaseCorrection
> Registry path
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W32Time\Config
>
> from 7200 to 54000
>
>
>
> NtpServer
> Registry path
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W32Time\Parameters
>
> from time-b.nist.gov 129.6.15.28 208.66.175.36
> to time-b.nist.gov,0x1 129.6.15.28 208.66.175.36
>
>
>
>
> When I ran w32tm -v from silc041 (the file/print server) I got:
> W32Time: BEGIN:InitializeDC
> W32Time: BEGIN:GetRole
> W32Time: Role is 'workstation'
> W32Time: END Line 672
> W32Time: END:Line 704
> W32Time: timeBeginPeriod: setting resolution 9
> W32Time: BEGIN:TimeSync
> W32Time: BEGIN:FGetType
> W32Time: END Line 254
> W32Time: BEGIN:FDoTimeNTPType
> W32Time: BEGIN:FDoNT5DSType
> W32Time: BEGIN:FBuildDCList
> W32Time: BEGIN:GetNT5DCAddress
> W32Time: Member of an Win2K domain. Looking for DCs.
> W32Time: Accepting previously discoverd DC
> W32Time: BEGIN:GetRole
> W32Time: Role is 'workstation'
> W32Time: END Line 672
> W32Time: Calling DsGetDcNameA() for a WS
> W32Time: Using in domain DC as NO parent Domain DC
> W32Time: DC address is 10.4.34.48
> W32Time: DC friendly name is \\silc055.PDAPPOS.com
> W32Time: END Line 519
> W32Time: The RID...650
> W32Time: END Line 639
> W32Time: New DomainController time source is located:
> W32Time: END Line 971
> W32Time: BEGIN:ChooseNTPServer
> W32Time: END Line 2178
> W32Time: BEGIN:GetSocketForSynch
> W32Time: NTP: ntpptrs[0] - 10.4.34.48
> W32Time: Port Pinging to - 123
> W32Time: Connecting to "\\silc055.PDAPPOS.com" (10.4.34.48)
> W32Time: END:Line 1170
> W32Time: BEGIN:GetDefaultRid
> W32Time: END Line 2354
> W32Time: BEGIN:ComputeDelay
> W32Time: BEGIN:NTPTry -- init
> W32Time: END Line 1683
> W32Time: BEGIN:NTPTry -- try
> W32Time: BEGIN:ComputeInterval
> W32Time: END Line 2479
> W32Time: Sending to server 68 bytes...
> W32Time: NTP: didn't receive datagram
> W32Time: Logging event 0x8000000B. 15 min until this event is
> allowed again.
> W32Time: 0x8000000B reported to System Log in Event Viewer
> W32Time: END Line 1951
> W32Time: Time source failed to produce usable timestamp.
> W32Time: BEGIN:NTPTry -- fail
> W32Time: END Line 1683
> W32Time: Time Out occured in sockets
>
> and I got an eventID 11 in silc041's system log.
>
> Thanks for your help,
> k


Just to confirm, this is Windows 2003.

EventID 11? That's new, but different. At least we are getting somewhere.
Take a look at the following.
http://eventid.net/display.asp?event...32time&phase=1

The error stating:
> W32Time: Time source failed to produce usable timestamp.
Indicates there is a communication failure. Try 192.5.41.41 as the only time
source and re-run the command.

Honestly in all the time I've worked with Windows and the time service,
never once have I needed to change any time reg settings to get it to work.
Using the w32tm commands were sufficient.

Ace

"kabbott via WinServerKB.com" <u56473@uwe> wrote in message
news:a000481038c09@uwe...
> Hi Ace,
>
>>WINS doesn't use suffixes.
> Yes, I was using 'WINS name' only from the standpoint of meaning non-FQDN.
> As
> an example, the programmers at a remote site wrote software refering to a
> server to be communicated with as only Serv1 instead of Serv1.Domain.com.
> Since they were only running it at their site, it worked fine as all of
> the
> clients merely appended the domain.com automatically. However some of the
> users then moved to our site and, of course, the app failed.
>
> Since we didn't have authority to tell them to modify their software, we
> added the suffix to the search order. Those are the types of issues that
> prompted the additional suffixes. :-}
>
> ka
>
> Ace Fekay [MCT] wrote:
>>> Hi Meinolf,
>>>
>>> I must have missed this portion of your message first time around.
>>>
>>> I have turned off RAS - on our older NT domain, RAS had to be on a
>>> domain
>>> controller in order to authenticate users - has this changed on AD
>>> domain?
>>
>>RRAS doesn't have to be on a DC. Where did you read that? It is highly
>>recommended for RRAS to be on a member server, not a DC.
>>
>>> The second Nic on our non DC servers is a connection to our SAN LAN - no
>>> gateway specified. Is this a problem if it is not a DC?
>>
>>Not if it's not a DC. If on a DC, yes, it is extremely problematic on a
>>DC.
>>The reasons are based on DNS registration. A little understanding of how
>>AD
>>works will enlighten the reasons why. AD registers it's info in DNS (your
>>DNS only). DCs and clients use that info to "Find" the domain controller
>>to
>>logon, authenticate to shared drives, printers, etc. If using an ISP's,
>>for
>>example (some admins think that is necessary to get internet resolution,
>>but
>>are totally wrong), and will cause problems with DNS registration,
>>clients,
>>and especially that the DCs can't even find themselves. The issues
>>snowball
>>into other issues.
>>
>>Now if there are multiple NICs and/or IPs, including RRAS which registers
>>a
>>bunch of IPs for it's RRAS clients, it will register that info into DNS,
>>causing additional headaches. This is done by default by the netlogon
>>service on all DCs. You can force it to not register, but it require
>>numerous registry alterations. If you want to keep your dual-NIC config on
>>a
>>DC, or keep RRAS on a DC, read the following for more info, an explanation
>>in more detail, and how to change it.
>>
>>Multihomed DCs with DNS, RRAS, and/or PPPoE adapters:
>>http://blogs.dirteam.com/blogs/acefe...-adapters.aspx
>>
>>However, Meinolf already posted the link for you, but it appears you
>>didn't
>>read it or you wouldn't be asking the questions that you are in this post.
>>
>>> Currently we have 2 very active domains, the AD domain in question, and
>>> the
>>> older NT domain we are transitioning from. In addition, we have users at
>>> our
>>> site that log into remote domains and run applications that have only
>>> the
>>> WINS name encoded instead of the fqdn. Hence the multiple domain
>>> suffixes.
>>
>>Never heard of a "very active" domain... Their all active or they don't
>>work. :-)
>>
>>WINS doesn't use suffixes. That is for the client side resolver to
>>resolve/devolve host names, not NetBIOS names, which is what NT4 uses. The
>>additional sufffixes are superfluous. They are beneficial in an
>>environment
>>where they need to resolve specific zone suffixes that your internal DNS
>>hosts or your internal DNS has a reference to the zone, such as with a
>>Secondary zone or a Stub zone for the trusted partner's DNS zones, however
>>in a forest or domain to domain trust scenario where both sides are AD and
>>you need to resolve FQDNs, then a Conditional Forwarder is the answer, not
>>the suffixes.
>>
>>Ave
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forum...er-ad/200912/1
>


If the app is NetBIOS based, and it's trying to reference them by NetBIOS
names, then the suffixes will NOT work. As I said, the suffixes are only for
host (FQDN) names. If it returns an FQDN for the query, it is treated as a
host based connection, and not a NetBIOS. The way the app is designed will
dictate if it can use the query result or not. If the app is NetBT based, it
will not.

Ace

"kabbott via WinServerKB.com" <u56473@uwe> wrote in message
news:9ffea2f43c0b9@uwe...
> Actually I've been getting EventID 11's all along from the client
> machines -
> EventID 12 is from the PDCE.
>
> I will check the article out but in the mean time here is another curious
> bit
> of information:
>
> When I execute a "w32tm /monitor" from the PDCE - which we've pointed to
> Time-
> B a hundred times - I get this:
>
> C:\>w32tm /monitor
> silc055.PDAPPOS.com *** PDC *** [10.4.34.48]:
> ICMP: 0ms delay.
> NTP: error ERROR_TIMEOUT - no response from server in 1000ms
> silc056.PDAPPOS.com [10.4.34.30]:
> ICMP: 0ms delay.
> NTP: error ERROR_TIMEOUT - no response from server in 1000ms
>
>
>
> (silc056 is the other DC)
>
> clearly, silc055 - the PDCE - is still trying to look to the domain for
> time -
> this is driving me crazy! What is going on here!
>
> Is it because the PDAPPOS default domain policy says the ntp Server is
> 10.4.
> 34.48 (the PDCE) with a type NT5DS, and the PDCE is part of that domain,
> that
> it is subject to those settings and is ignoring the settings we are so
> carefully applying and going over?
>
> Thanks for your help!
> ka
>

That *may* exactly what appears to be going on. The reg entries are
superceding the w32tm configuration.

Ace