Time synchronization

Discussion in 'Server Migration' started by Monty, Jul 21, 2004.

  1. Monty

    Monty Guest

    I saw in another thread that there is a GP setting in a W2K3 AD for the
    Windows Time Service. Is this setting not available in a mixed W2K and W2K3
    AD running in W2K Native mode? I can't find it in my GP settings.

    Thanks
     
    Monty, Jul 21, 2004
    #1
    1. Advertisements

  2. Monty

    MartinHTN Guest

    Monty:

    Why do you need to modify those settings? From what I've read and seen, once
    you have an AD setup, Win2k and newer clients will synch their time with
    their DC and their DC synchs its time all the way up to the root forest PDC
    Emulator, which is the forest time source.

    Regards,
    Martin
     
    MartinHTN, Jul 22, 2004
    #2
    1. Advertisements

  3. Monty

    Monty Guest

    Not totally sure that I do but I am getting a specific error on the W2K3
    server. Starts with an Informational event 38 that indicates it can't
    contact the NTP server, then a Warning 47, then finally an Error 29. All
    indicate the correct pointers and I am sure DNS is working. Servers can be
    pinged and replication and all else seems good. Other W2K servers are
    contacting the NTP server as are clients and have been for some time exactly
    in the situation you describe. It's just that pesky W2K3 server.
     
    Monty, Jul 22, 2004
    #3
  4. Hi Monty,

    The policy is only available in Windows 2003 domain.

    To configure an authoritative time server in Windows, please refer to the
    following articles.

    How to Configure an Authoritative Time Server in Windows 2000
    http://support.microsoft.com/?id=216734

    The Windows Time Service
    http://www.microsoft.com/windows2000/docs/wintimeserv.doc

    Wish it helps.

    Regards,
    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! - www.microsoft.com/security

    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Bob Qin [MSFT], Jul 23, 2004
    #4
  5. Monty

    Monty Guest

    Let me be more specific as to the issue I am having. I have 3 W2K3 servers I
    have recently joined to a W2K AD. All has gone well EXCEPT I get and
    Information Event ID 38 followed shortly by a Warning Event ID 24 then an
    Error Event ID 29 all regarding these machines inability to contact the NTP
    server (obviously the PDC emulator in this case). All DNS is in order and I
    have applied the hotfix in Q830092 with no joy. PortqryV2 shows 123 shows
    UDP as LISTENING or FILTERED although there is no blocking going on that I
    am aware of. No firewall (MS or otherwise), SGK DCOM Vulnerabilities IPSec
    Mitigation tools turned off, IPSec is utilized otherwise but set to allow
    all UDP and TCP traffic within my subnet. All W2K servers and XP
    workstations are getting the time.

    Any ideas? Thanks in advance....
     
    Monty, Jul 23, 2004
    #5
  6. Hi Monty,

    Did you restart your computer after you apply the hotfix of Q830092?

    Are these Windows 2003 servers acting as member server or domain controller
    in domain?

    Would you please provide the detailed error message in your post?

    Thank you,

    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! - www.microsoft.com/security

    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Bob Qin [MSFT], Jul 26, 2004
    #6
  7. Monty

    Monty Guest

    Yes, servers were restarted.
    The specific server I am supplying the error information on is a member
    server only.
    The contents of the error box Invent ID 17:

    Time Provider NtpClient: An errors occurred during DNS lookup of the
    manually configured peer '129.xxx.xxx.xx:123'. Ntp Client will try the DNS
    lookup again in 120 minutes. The error was: No such service known. The
    service cannot be found in the specified name space. (0x8007277C).

    Let me stress that I am having no DNS issues with the AD (or at least no
    other error messages or events indicating any. The machine in question
    resolves correctly with ping -a and I am able to contact it in every other
    way. The machine has working Internet access. I wrote in the X's over the IP
    of course.

    Thanks Bob....
     
    Monty, Jul 26, 2004
    #7
  8. Hi Monty,

    Did you have any firewall on the Windows 2003 server? If so, please disable
    it and try again.

    In addition, please run msconfig to disable all the third party services
    and Startup items.

    If you still get the time service error, please try to run gpedit.msc to
    set following local policy setting on the Windows Server 2003.

    Computer Configuration\Administrative Templates\System\Windows Time Service

    Enable Windows NTP client
    Enable Configure Windows NTP client
    Choose Ntp in Type box
    Type Time.mirosoft.com in the NTPserver box
    Click OK.

    Restart computer.

    What is the result now?

    Regards,
    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! - www.microsoft.com/security

    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Bob Qin [MSFT], Jul 27, 2004
    #8
  9. Monty

    Monty Guest

    I assume you meant Time.miCrosoft.com and just to be sure I tried it with
    the T capitalized and not and the results are the same in all instances. I
    did have Sygate Personal Firewall Pro installed as an eval but had disabled
    it some time ago (but not uninstalled). I double checked the startup
    instances to make sure they were still out of the picture and they were.

    Thanks again for your continued efforts
     
    Monty, Jul 27, 2004
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.