TIme service

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Whats going on here? "The time provider NtpServer encountered an error while
digitally signing the NTP response from peer" "The NTPServer cant provide
secure [signed] time to the client and will ignore the request. The error
was: The interface is unknown. (0x800706B5)"
 
We have been having problems too with time service on our domain.

It is my understanding that you can either use NTP or NT5DS. NT5DS is
preferred in an AD environment and your clients will default to NT5DS and
recieve time from their local DC as a result. All your DC's will point to the
PDCEmulator for time.

Then we setup our PDCE to look at an NTP server time.nist.gov and hard set
that in the registry as its NTP peer. Time started synching up fine for us
after that. But then we started running into another problem.

Kerberos tickets are set to expire by default at 5 minutes to using NT5DS on
a client with time skewed more than 5 minutes could make the ticket invalid
and not allow the client to recieve time by NT5DS so it will never update
itself.

maybe that will help or maybe someone else has some insight they can share ??
 
Whats going on here? "The time provider NtpServer encountered an error while
digitally signing the NTP response from peer" "The NTPServer cant provide
secure [signed] time to the client and will ignore the request. The error
was: The interface is unknown. (0x800706B5)"
Click to expand...


See tip 2669 » How do I configure an authoritative time server in Windows 2000?
in the 'Tips & Tricks' at http://www.jsifaq.com
 
Schweeeet said:
We have been having problems too with time service on our
domain.

It is my understanding that you can either use NTP or NT5DS.
NT5DS is
preferred in an AD environment and your clients will default
to NT5DS and
recieve time from their local DC as a result. All your DC's
will point to the
PDCEmulator for time.

Then we setup our PDCE to look at an NTP server time.nist.gov
and hard set
that in the registry as its NTP peer. Time started synching up
fine for us
after that. But then we started running into another problem.

Kerberos tickets are set to expire by default at 5 minutes to
using NT5DS on
a client with time skewed more than 5 minutes could make the
ticket invalid
and not allow the client to recieve time by NT5DS so it will
never update
itself.

maybe that will help or maybe someone else has some insight
they can share ??


Big AL @Salyersville said:
Whats going on here? "The time provider NtpServer encountered an error while
digitally signing the NTP response from peer" "The NTPServer cant provide
secure [signed] time to the client and will ignore the request. The error
was: The interface is unknown. (0x800706B5)"
Click to expand...
Click to expand...

don’t tweal registry settings concerning time sync on XP clients as
you mostly don’t have the need to. When a windows computer (w2k, wxp,
w2k3) is joined to the domain it syncs its time using the
forest/domain hierarchy and mostly it does this with the
authenticating DC.
The registry settings are automatically changed when it is joined to
the domain.

By default the setting "automatically synchronize with an internet
time server" when you double click the clock in the systemtray (TAB:
internet time) is enabled. Don’t touch that... even if the client is
joined to a domain. It will bite you.. The strange thing with setting
is you get the impression as when the client is joined to the domain
it is not needed or used and so you disable it. I still remember the
first time a few years ago when got caught with this one.

So if you have disabled the setting, enable it again and reboot the
client. Logon (with a domain account or with a local account) and
check if the time is correct. Be sure to check the time AND date
If it is not correct change the time manually but with a skew of 3
min. and reboot to see if the time is synched afterwards

Cheers
 
Back
Top