Why doesn't the time match on two Windows Domain Controllers despite resync?
Solution 1
I solved REMOVING the time sync option in the secondary DC Hyper-V integration services options. Now the secondary DC is syncing with the primary DC.
Ref: http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv%28WS.10%29.aspx#physical_to_virtual_migration (Time service paragraph)
Solution 2
A resync operation is generally not instantaneous, but work by speeding up or slowing down the clock until it is in sync with its time source.
-
The resync operation will resync the system clock with its time source. In this case, it looks pretty unlikely that your domain controllers are using the same time source. If you're just having them sync up with different, out-of-sync time sources (like their individual hardware clocks, for example), their system clocks will remain out of sync.
- Therefore, look into what your NTP time sources for the domain controllers are. Your PDC emulator should be synced to a reliable time source (pool.ntp.org, for example), and all domain controllers should use the PDC emulator as their time source.
- Microsoft has a page on time settings here, that you may wish to look at.
Solution 3
Without knowing your whole set up, you should sync your PDCe to an external source. I would not use pool.ntp.org because you could get servers on different strata. From your secondary DC, run w32tm /config /syncfromflags:DOMHIER /update and then w32tm /resync /nowait /rediscover from your secondary DC. You should see the time change in a couple seconds.
Here is my favorite resource: http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx
Related videos on Youtube
32 : 09
06 : 58
10 : 40
20 : 19
06 : 11
Tobia
Updated on September 18, 2022Comments
-
Tobia over 1 year
In my domain there are two domain controllers, there is a gap of 3 minutes between their times and than I can find this difference between many clients (it depends on their DC).
If I run this command:
w32tm /monitorI can see that DCs can see each other's time. But if I run this command:
w32tm /resyncNothing changes, can you tell me why?
EDIT
This is my test output from the secondary DC:
PS C:\Users\administrator.MYDOMAIN> w32tm /config /syncfromflags:DOMHIER /update The command completed successfully. PS C:\Users\administrator.MYDOMAIN> w32tm /resync /nowait /rediscover Sending resync command to local computer The command completed successfully. PS C:\Users\administrator.MYDOMAIN> w32tm /monitor SRVDC1.MYDOMAIN.locale *** PDC ***[10.0.0.10:123]: ICMP: 0ms delay NTP: +0.0000000s offset from SRVDC1.MYDOMAIN.locale RefID: ntp.ngi.it [88.149.128.123] Stratum: 3 SRVDC2.MYDOMAIN.locale[[fe80::c5ec:8a39:e860:e2e7%13]:123]: ICMP: 0ms delay NTP: -146.4122820s offset from SRVDC1.MYDOMAIN.locale RefID: 80.84.77.86.rev.sfr.net [86.77.84.80] Stratum: 2 Warning: Reverse name resolution is best effort. It may not be correct since RefID field in time packets differs across NTP implementations and may not be using IP addresses. PS C:\Users\administrator.MYDOMAIN>After 15 minutes, the time gap is still there.
This is the query status command output (seems that the sync is working):
PS C:\Users\administrator.MYDOMAIN> w32tm /query /status /verbose Leap Indicator: 0(no warning) Stratum: 2 (secondary reference - syncd by (S)NTP) Precision: -6 (15.625ms per tick) Root Delay: 0.0000000s Root Dispersion: 0.0100000s ReferenceId: 0x564D5450 (source IP: 86.77.84.80) Last Successful Sync Time: 28/08/2014 08.52.00 Source: VM IC Time Synchronization Provider Poll Interval: 6 (64s) Phase Offset: 0.0051939s ClockRate: 0.0156215s State Machine: 2 (Sync) Time Source Flags: 3 (Authenticated Hardware ) Server Role: 64 (Time Service) Last Sync Error: 0 (The command completed successfully.) Time since Last Good Sync Time: 3.3291425sI don't know if it is important, but DC1 and DC2 are Virtual Machines in two different servers.
-
Greg Askew over 9 yearss32tm /query /status /verbose - confirm where the machines are synchronizing their time and if the last time sync was successful.
-
myron-semack over 9 yearsMake sure your PDCe/FSMO domain controller is configured to sync with a reliable outside NTP source, and then make sure your other domain controller is configured to sync with your PDCe. See here: serverfault.com/questions/584397/…
-
-
Tobia over 9 yearsI updated my question with your commands output
-
Eric Nord over 2 yearsLink is dead - can we get an updated link please?
