Time Service Sync

  • Thread starter Thread starter Keith
  • Start date Start date
K

Keith

I have set the time service sync on a domain controller
using the 'net time /setsntp:sourcename' command, but it
has not updated to the coorect time on that external
source. We are still 6-7 minutes behind the time that is
coming from the external source. How can I get the DC to
refresh and start pulling the correct time from the
external source? (I am using time-a.timefreq.bldrdoc.gov
as the external source.)
 
I assume you are doing a compare with an atomic clock?
If so, then something, somewhere, isn't working on your
NTP rig.
My rig:
a) Tell your firewall to be nice to TCP/UDP port 123
packets (I beleive you can get by on just UDP...never
tried).
b) Only use the external NTP source on a DC (as you have);
if there's any NAT between DC and your local loop, forward
the port.
c) On the DC, set the "LocalNTP=yes" in the registry.
d) You have correct syntax, so no worries there [I use
ntp2.usno.navy.mil].
4) Do "net stop w32time" and "net start w32time" to
immediately kick things off on your new internal NTP
server.
5) On Client boxes, do "net stop w32time", "net
time /setsntp:<your NTP server>", and finally "net start
w32time" for an immediate synch.

In the meantime, relax your Kerberos Policy for the extra
couple of minutes you are currently "out".
 
Tahnks for the help. Port 123 is open to send/receive.
Not sure what you mean about the NAT between the DC and
the local loop though. How would I forward a port?
I checkd the registry, LocalNTP is set to Hex=0. Is
that 'yes'?
I did stop and restart w32time, but still have the same
incorrect time.

Perhaps I do have a NAT? How can I check that?

thanks,
Keith
-----Original Message-----
I assume you are doing a compare with an atomic clock?
If so, then something, somewhere, isn't working on your
NTP rig.
My rig:
a) Tell your firewall to be nice to TCP/UDP port 123
packets (I beleive you can get by on just UDP...never
tried).
b) Only use the external NTP source on a DC (as you have);
if there's any NAT between DC and your local loop, forward
the port.
c) On the DC, set the "LocalNTP=yes" in the registry.
d) You have correct syntax, so no worries there [I use
ntp2.usno.navy.mil].
4) Do "net stop w32time" and "net start w32time" to
immediately kick things off on your new internal NTP
server.
5) On Client boxes, do "net stop w32time", "net
time /setsntp:<your NTP server>", and finally "net start
w32time" for an immediate synch.

In the meantime, relax your Kerberos Policy for the extra
couple of minutes you are currently "out".

-----
David

-----Original Message-----
I have set the time service sync on a domain controller
using the 'net time /setsntp:sourcename' command, but it
has not updated to the coorect time on that external
source. We are still 6-7 minutes behind the time that is
coming from the external source. How can I get the DC to
refresh and start pulling the correct time from the
external source? (I am using time- a.timefreq.bldrdoc.gov
as the external source.)
.
Click to expand...
.
Click to expand...
 
Back
Top