AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Problem syn3/15/2023 ![]() The second command points the Windows Time Service toward a series of network time servers that are maintained by ntp.org. The first command shown here stops the Windows Time Service. W32tm /config /syncfromflags:manual /manualpeerlist:"0.it. 1.it. 2.it. 3.it." To do so, use the following commands: net stop w32time The next step in the process is to resynchronize the clocks. You can see what this looks like in the figure below. This command applies any changes that you have made to the group policy. Once you know which domain controller is acting as the PDC emulator, you will need to open an elevated command prompt window on that domain controller and enter the following command: To do so, open a command prompt window and enter the following command: The next thing that you will need to do is to locate the PDC emulator for the domain. You will also need to repeat this process for the domain controllers policy and any other group policy objects that apply to the servers having problems. Next, open the Time Providers folder, and set all of the policy settings within that folder to Not Configured. Make sure that the Disable Global Configuration Settings are set to Not Configured, as shown in the image below. Begin by opening your Default Domain Policy and then navigating through the console tree to this locationĬomputer Configuration \ Policies \ Administrative Templates \ System \ Windows Time Service There are two main places that you will need to check for group policy settings. The idea is that when we begin configuring Windows time sync, we want to make sure that we are starting with a clean slate. While you can do this, I recommend clearing out any existing time-related group policy settings. Many organizations use group policy settings to enforce network time synchronization. Step 2: Clear any existing group policy settings This means making sure that UDP port 123 is open on the Windows firewall and on any other firewalls that you might have in place. As such, you will need to verify that your servers are able to communicate across this port. The Network Time Protocol (NTP) uses UDP port 123. So now that I have described this Windows time sync problem, I want to walk you through the steps required to fix it. This caused significant Kerberos issues between the domain controllers and the member servers. As such, the domain controllers’ clocks were wrong, but the member server’s clocks were correct. The member servers were getting their time from the Hyper-V hosts, not from the domain controllers. Those Hyper-V servers were part of another domain that was not experiencing any time issues. Over time, that CMOS clock’s time drifted, leading to the domain controllers clocks being off by about 15 minutes.Īs previously noted, the member servers were hosted on Hyper-V servers. Instead, the CMOS clock on the PDC emulator acted as a time source for the entire domain. ![]() However, those domain controllers were not being synchronized to an authoritative external network time server. The two domain controllers clocks were synchronized to one another. The Hyper-V hosts belong to a different domain that is a part of a different forest. There are also several member servers, but those member servers are virtual and are hosted on Microsoft Hyper-V. I have a small Windows domain consisting of two domain controllers that are running on physical hardware. Windows time sync problem: What happened?īefore I share my solution with you, I want to take just a moment and explain what happened. As such, I wanted to share with you what I did to fix the problem. None of the usual methods for bringing the clocks back into synchronization seemed to be working. However, I recently ran into a situation where the Windows PC clocks had fallen out of time sync with one another. Windows typically does a good job of keeping the PC clocks synchronized across a domain. This leads to any number of other issues. Kerberos authentication is tied directly to the clock, and if the clocks on computers within a domain fall out of sync, Kerberos breaks down and stops working. Even so, the system clock plays a vital role. The clock has been a part of the Windows operating system for decades and is one of those things that most of us rarely even think about, aside from occasionally glancing at the time.
0 Comments
Read More
Leave a Reply. |