Timeserver on DC always 3 Minutes ahead

Hello,
I'm going crazy with my Domaincontrollers Timesetting. The Time is always 3 Minutes ahead even after I used all recommended ways to fix it, like:https://support.microsoft.com/en-us/kb/816042#LetMeFixItMyselfAlways2
I used both ways, manual and the fixit tool.

I checked the event logs on the server, theres also no error to find.
It tells me that the the server receives the time from my external pool of timeserver.
BUT, all machines keeping the wrong time with exactly 3 Minutes ahead from the devices like Firewall that are getting the time from the same external sources!

Any Idea????

Bernhard



In DC with FSMO role run from cmd:

w32tm /register /config /manualpeerlist:"external_ntp_server" /syncfromflags:MANUAL

This will register NTP as service and will syncronize domain clock with an ntp external server (time.windows.com, or pool.ntp.org, etc. You can add more servers between quotes separated by space)

On the server which are not DC's, or workstations, from cmd run:
w32tm [/register] /config /syncfromflags:DOMAINHIER

For more information check below

https://technet.microsoft.com/en-us/library/w32tm.aspx

If this will not solve your problem, it means your firewall block UDP traffic for ntp requests or ntp responses to/from external time servers (UDP port 123)

Best regards!



In DC with FSMO role run from cmd:

w32tm /register /config /manualpeerlist:"external_ntp_server" /syncfromflags:MANUAL

This will register NTP as service and will syncronize domain clock with an ntp external server (time.windows.com, or pool.ntp.org, etc. You can add more servers between quotes separated by space)

On the server which are not DC's, or workstations, from cmd run:
w32tm [/register] /config /syncfromflags:DOMAINHIER

For more information check below

https://technet.microsoft.com/en-us/library/w32tm.aspx

If this will not solve your problem, it means your firewall block UDP traffic for ntp requests or ntp responses to/from external time servers (UDP port 123)

Best regards!



I agree Matrix8086.

There could be another culprit and thats applicable IF your mail domain controller (PDC) is a virtual machine. Then you can configure whatever you want but probably the hyper visor arranges the time which you can disable on that level.



Thank you both,
Patricksr1972, you hit the Nail, since the DC is on a Hyper-V I only needed to fix it on the Host :-)
Best regards!
Bernhard



Nice!!



Actually, you should disable timesync with the host.

Share this

Related Posts

There was an error in this gadget