Network Time Protocol: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
(17 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{| class="wikitable" | |||
w32tm /stripchart /computer: | |- | ||
| test|| w32tm /stripchart /computer:ntp.belnet.be /samples:5 /dataonly | |||
W32tm /config /manualpeerlist: | |- | ||
| set source || W32tm /config /manualpeerlist:ntp.belnet.be,0x0 /syncfromflags:manual | |||
w32tm /query / | |- | ||
| set source on PDCe || w32tm /config /manualpeerlist:ntp.belnet.be /syncfromflags:manual /reliable:yes /update | |||
|- | |||
| check source || w32tm /query /source | |||
|- | |||
| || w32tm /query /peers | |||
|- | |||
| || w32tm /query /status | |||
|- | |||
| || w32tm /query /configuration | |||
|- | |||
| That tells the computer to since from the domain hierarchy (DCs) and to update itself. || w32tm /config /update /syncfromflags:DOMHIER | |||
|- | |||
| || w32tm.exe /resync /rediscover | |||
|- | |||
| test against all dc's || w32tm /monitor | |||
|- | |||
| restart service || net start/stop w32time | |||
|} | |||
* be.pool.ntp.org | |||
* ntp.belnet.be | |||
w32tm / | {| class="wikitable" | ||
|- | |||
| After much prodding, swearing and Googling, it became apparent that with 2003 if a DC has ever held the PDC Emulator role then it will still think it is the authoritative time source for the domain when that role is moved off it. This meant that we had 3 DCs all thinking that they were the One True Time Source and all being out of sync with each other by 2 or 3 minutes. | |||
This issue can be resolved by running the following command on the former PDC Emulator(s): '''w32tm /config /syncfromflags:domhier /reliable:no /update''' which will tell the DC that it is no longer a reliable time source and so it should check for updates from a source that is (i.e. the PDC). You can speed things up a bit by issuing a '''w32tm /resync''' command to force the Windows Time service to update. | |||
|} | |||
https://www.angryadmin.co.uk/?p=349 | |||
=on PDC= | |||
'''w32tm /config /manualpeerlist:<peers> /syncfromflags:manual /reliable:yes /update''' | |||
[http://technet.microsoft.com/en-us/library/cc794937%28v=ws.10%29.aspx Technet - Configure the Time Source for the Forest] | |||
[http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx Blog - “It’s Simple!” – Time Configuration in Active Directory] | |||
{| class="wikitable" | |||
|- | |||
! value !! description | |||
|- | |||
| 0x01 || SpecialInterval | |||
|- | |||
| 0x02 || UseAsFallbackOnly | |||
|- | |||
| 0x04 || SymmatricActive | |||
|- | |||
| 0x08 || Client | |||
|} | |||
By making the primary NTP server flag 0x9, we made it “Client 0x08 + SpecialInterval 0x01” and as for the second NTP time server. | |||
By making the secondary NTP peer flag 0xa, we made it “0x08 Client + 0x02 UseAsFallbackOnly”. | |||
(https://blogs.technet.microsoft.com/askds/2007/11/01/configuring-your-pdce-with-alternate-time-sources/) |
Latest revision as of 10:38, 29 July 2016
test | w32tm /stripchart /computer:ntp.belnet.be /samples:5 /dataonly |
set source | W32tm /config /manualpeerlist:ntp.belnet.be,0x0 /syncfromflags:manual |
set source on PDCe | w32tm /config /manualpeerlist:ntp.belnet.be /syncfromflags:manual /reliable:yes /update |
check source | w32tm /query /source |
w32tm /query /peers | |
w32tm /query /status | |
w32tm /query /configuration | |
That tells the computer to since from the domain hierarchy (DCs) and to update itself. | w32tm /config /update /syncfromflags:DOMHIER |
w32tm.exe /resync /rediscover | |
test against all dc's | w32tm /monitor |
restart service | net start/stop w32time |
- be.pool.ntp.org
- ntp.belnet.be
After much prodding, swearing and Googling, it became apparent that with 2003 if a DC has ever held the PDC Emulator role then it will still think it is the authoritative time source for the domain when that role is moved off it. This meant that we had 3 DCs all thinking that they were the One True Time Source and all being out of sync with each other by 2 or 3 minutes.
This issue can be resolved by running the following command on the former PDC Emulator(s): w32tm /config /syncfromflags:domhier /reliable:no /update which will tell the DC that it is no longer a reliable time source and so it should check for updates from a source that is (i.e. the PDC). You can speed things up a bit by issuing a w32tm /resync command to force the Windows Time service to update. |
https://www.angryadmin.co.uk/?p=349
on PDC
w32tm /config /manualpeerlist:<peers> /syncfromflags:manual /reliable:yes /update
Technet - Configure the Time Source for the Forest
Blog - “It’s Simple!” – Time Configuration in Active Directory
value | description |
---|---|
0x01 | SpecialInterval |
0x02 | UseAsFallbackOnly |
0x04 | SymmatricActive |
0x08 | Client |
By making the primary NTP server flag 0x9, we made it “Client 0x08 + SpecialInterval 0x01” and as for the second NTP time server. By making the secondary NTP peer flag 0xa, we made it “0x08 Client + 0x02 UseAsFallbackOnly”. (https://blogs.technet.microsoft.com/askds/2007/11/01/configuring-your-pdce-with-alternate-time-sources/)