Windows Server - About Windows Time...

Asked By Luc

17-Sep-07 03:16 AM

Good morning.
I have some trouble with Windows Time in my environment:
I have 4 DCs in my organization; one of them is PDCe. PDCe should
synchronize with an external source, but it hasn't a direct connection to
Internet, so I configured it, by Group Policy, to synchronize with another
server in the same organization/domain that has a direct connection to
Internet. So for PDCe I created a Group Policy (by using Group Policy
Management) => "Ntp Client" => an put the FDQN of the server with "NT5DS" as
type (because it is in the same domain); this create on PDCe the registry
key: HKLM\Software\Policies\Microsoft\W32time

Then I executed on PDCe the commands:

- gpupdate /force
- net stop w32time
- net start w32time

...but when I launch the command:


...bla bla bla
RefID: 'LOCL' [76.79.67.76]
...bla bla bla

Questions:

- I shouldn't see "LOCL" but the FQDN I put on Group Policy...isn't it ? If
I need only to wait that something will upgrade: I launched the "gpupdate
/force" so it should upgrade immediatly the Group Policy isn't it ?
- If I modify the registry key
HKLM\System\CurrentControlSet\Services\W32time instead of using Group Policy,
then after 2 or 3 hours I can see the FDQN I put on registry when I launch
the "w32tm /monitor"....does it mean Group Policy doesn't work ?

Please, help me.

Thank you.

Bye, Luca

Windows Server Active Directory Discussions

Paul.First
(1)

RefID
(1)

PDCe
(1)

CSci
(1)

Directory
(1)

Achiever
(1)

Windows
(1)

Ntp
(1)

Paul Bergson [MVP-DS] replied...

17-Sep-07 08:13 AM

I would not use group policy to modify the settings of your PDCe.  I would
set them manually via the registry editor.

I don't know what all of your gpo's look like or how you are enforcing them,
etc...

Just follow the link below and go through the steps of an external time
source:
http://support.microsoft.com/default.aspx?scid=kb;en-us;816042

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

Luc replied...

17-Sep-07 08:36 AM

Hi Paul.
First of all...thank you for your reply.
Then I tried the Microsoft solution you wrote me and it seems to work: I
don't see the W32Time error on event viewer I saw before. It synchronize
correctly now.
But if I launch "w32tm /monitor" I always see:

...bla bla bla
RefID: 'LOCL' [76.79.67.76]
...bla bla bla

Do you know why ?
Another question: why I cannot set Windows Time on PDCe throught Group
Policy ?
Before I tried to set it by GPO and force Group Policy on PDCe throught the
command: "gpupdate /force" but it didn't work.

Thank you a lot.

Bye, Luca

Thank you a lot.

Paul Bergson [MVP-DS] replied...

18-Sep-07 07:57 AM

Since it states LOCL I assume it is the time for the local machine, but
frankly I'm just guessing and don't know.

As I said before on gpo, you could have other policies coming into play or
this policy isn't being applied like you thought, but since you don't really
want to apply via gpo it is a moot point.  I don't have an answer as to why.
You could try running Resultant Set of Policy and see what is applied to
check on your application of this policy.

http://support.microsoft.com/kb/323276

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

Previous Discussion: Define attribute as 'Unique' in while importing schema ldif in ADA

Copying or merging local and domain profiles Windows Server

changed the ProfileImagePath registry key of a new local account to point to the home directory of the domain account I cannot log into. On rebooting I found I could no http: / / forums.techarena.in / members / 50480.htm View this thread: http: / / forums.techarena.in / active-directory / 1345292.htm http: / / forums.techarena.in Windows Server Active Directory Discussions Windows Vista (1) Outlook 2003 (1) Outlook 2007 (1) Windows 7 (1) Outlook (1 http: / / forums.techarena.in / members / 50480.htm View this thread: http: / / forums.techarena.in / active-directory / 1345292.htm http: / / forums.techarena.in Ok, first, Desktop CAN be copied that way, except so others can tell you if its save executing it :) 1) On which harddrive the directory "Users" is saved? (normally C:) 2) Whats the directory name for your old useraccount? (look into the Users directory, name should be RowanB.SSK) 3) Whats the directory name for your new useraccount you are using now and want to use in the

SBS Migration to Server 2003 STANDARD Windows Server

forums.techarena.in Windows Server SBS Discussions SQL Server (1) Exchange Server 2003 (1) Active Directory (1) Exchange Server (1) Error (1) Translation (1) Privileges (1) Catalog (1) You cannot just on a technical level, there is no such thing as a "PDC" in an Active Directory domain. That was an NT4 concept long since dead. Secondly, you are mistaken that other is the results for dcdiag on the NEW Server (Server 2008) C: \ Users \ NCraig> dcdiag Directory Server Diagnosis Performing initial setup: Trying to find home server. . . Home Server = THEGIANTNUT * Identified AD test MachineAccount Starting test: NCSecDesc Error NT AUTHORITY \ ENTERPRISE DOMAIN CONTROLLERS does not have Replicating Directory Changes In Filtered Set access rights for the naming context: DC = ForestDnsZones, DC = tristatefast, DC = local Error NT AUTHORITY \ ENTERPRISE DOMAIN CONTROLLERS does not have Replicating Directory Changes In Filtered Set access rights for the naming context: DC = DomainDnsZones, DC = tristatefast, DC to error / warning / info id 3703 Network Connectivity Completed Server names resolve correctly Completed Active Directory is connected to all domain controllers Completed Remote WMI access is enabled on servers Completed DSAccess is configured correctly Completed Netlogon service is running on all domain controllers Completed Active Directory Site Configuration Errors: 2 Inter-site topology generation is enabled for the Knowledge Consistency Checker Completed Intra-site topology generation is enabled for the Knowledge Consistency Checker Completed Local Active Directory site contains only local subnets Completed Universal group membership is cached Completed Domain controllers are

Error with domain trusts - 2003 to 2003 Windows Server

B, can this be hard-set?) Any help, as always, much appreciated. Windows Server Active Directory Discussions Active Directory (1) Vista (1) PortQryUI (1) PDCeCan (1) EventID (1) IPSec (1) PDCe (1) SpecificIP (1) This sounds like there is an issue with High Ports and PRC com / downloads / details.aspx?familyid = 8355e537-1ea6-4569-aabb-f248f4bd91d0&displaylang = en - - Paul Bergson MVP - Directory Services MCITP - Enterprise Administrator MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci 2008, Vista, 2003, 2000 (Early Achiever), NT4 Microsoft's Thrive IT Pro of the Month ds service): LISTENING or FILTERED Log file c: \ temp \ port.log successfully created in current directory Got this which is a bit shorter Paul. Is your network fully routed? Can you a look at both domains, do the following on both. Run diagnostics against your Active Directory domain. If you do not have the support tools installed, install them from your server messages. Description and download for dnslint http: / / support.microsoft.com / kb / 321045 - - Paul Bergson MVP - Directory Services MCITP - Enterprise Administrator MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci 2008, Vista, 2003

Move ADAM directory partition from 2003 srv 32-bit to 2008 64-bit? Windows Server

Move ADAM directory partition from 2003 srv 32-bit to 2008 64-bit? Windows Server We are trying 2003 server to 2008. What is the best practice for moving an AD LDS (ADAM) directory partition from 2003 server to 2008, maybe someone can point me in the right direction turn off the original server we get referral error when trying to contact 2008 server directory partition. Thanks Johan P ADSI Discussions Windows Server 2003 (1) Active Directory (1) Error (1) Decimal (1) Bit (1) Control (1) Site (1) Install (1) Tried the 2003-> 2003. . On 2008 R2 server, when trying to create a replica of an ADAM directory partition from a ADAM instance in a 2003 server I can select the server and credentials I should provide and where ??? Or why this dont work ? Thanks Error message: Active Directory Lightweight Directory Services could not create the NTDS Settings object for this Active Directory Lightweight Directory Services instance CN = NTDS Settings, CN = REQ2008$MyDirectory, CN = Servers, CN = Default-First

Interforest migration - minimal permisions formigration account Windows Server

known as resource ) with two way trust ( no filtering, source and target is 2003 Active Directory Domain) I ask because there are differences in sources ( ADMT GUIDE 3.0, ADMT Help Is it possible to get answer from Microsoft team ? Best regards, Marcin Windows Server Active Directory Discussions Active Directory (1) Vista (1) UngureanuThank (1) SiDHistory (1) CSci (1) SidHistoryhttp (1) Interforest (1) TipsMarcin (1) It has been a while since I have you will not be turning your production LAN into a test environment. - - Paul Bergson MVP - Directory Services MCITP - Enterprise Administrator MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci 2008, Vista, 2003, 2000 (Early Achiever), NT4 Microsoft's Thrive IT Pro of the Month 2008 & Exchange 2007, MCSE & = MCSA 2003 / 2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services If you feel this is an urgent issue and require immediate assistance, = please contact 2008 & Exchange 2007, MCSE & = MCSA 2003 / 2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services If you feel this is an urgent issue and require immediate assistance, = please contact