game_over Posted November 7, 2006 Share Posted November 7, 2006 the time on every computer on my network is around 5 minutes ahead of real time. everytime i change the time manually it gets restored to the 5 minutes ahead time after a re-logon, i'm guessing the time is set centrally on the server however i cant find it, any ideas? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 7, 2006 MVC Share Posted November 7, 2006 And where do you have your server syncing time too? Yes by default all member machines of domain would sync with the DC.. normally the one running the PDC emulator. http://technet2.microsoft.com/WindowsServe...3.mspx?mfr=true Configuring a time source for the forest http://support.microsoft.com/kb/816042 How to configure an authoritative time server in Windows Server 2003 http://technet2.microsoft.com/WindowsServe...3.mspx?mfr=true Windows Time Service Technical Reference Link to comment Share on other sites More sharing options...
MazX_Napalm Posted November 8, 2006 Share Posted November 8, 2006 Goes to show that some people never check their Even Logs. If you do not have an authoritative time server in the domain you get regular w32time entries. Link to comment Share on other sites More sharing options...
game_over Posted November 13, 2006 Author Share Posted November 13, 2006 i found that quite confusing, i only want to set the time for the entire network, any ideas? i believe it can be done from dos Link to comment Share on other sites More sharing options...
bobbba Posted November 13, 2006 Share Posted November 13, 2006 guess we'll have to spell it out a bit more clearly for you then: Configure the Windows Time service on the PDC emulator http://technet2.microsoft.com/WindowsServe...3.mspx?mfr=true Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 13, 2006 MVC Share Posted November 13, 2006 heheeh - dude if he found the articles I posted too confusing.. I don't see how that one is going to make it any clearer ;) All workstations that are memebers of a domain, sync with the DC for their time - this is by default.. You need to make sure that the DCs time is valid.. What time source are you syncing with? Just its local clock?? Thats your problem then. Configure your DC.. if you have more than one - the one running the PDC emulator is the one you need to fix to sync its time with a valid outside source.. Say time.microsoft.com or time.nist.gov etc.. NTP uses port 123 UDP to sync time, so you will need to make sure your firewall allows this traffic to and from the outside world to your DC. If the DC can not sync time - than just manually adjust its time, your client machines will then sync to whatever time your server says it is. Link to comment Share on other sites More sharing options...
MazX_Napalm Posted November 13, 2006 Share Posted November 13, 2006 Yes what is so confusing? It tells you exactly which parts of the registry to edit. Anyone who can't follow the most basic steps in editing the registry should not have any admin rights on the server. Link to comment Share on other sites More sharing options...
Guest jgrodri Posted November 13, 2006 Share Posted November 13, 2006 Don't take it the wrong way but, who are you to decide whether he should have admin rights on his own network? it might not be advisable but the guy comes here asking for help and you tell him he shouldn't be an admin... Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 13, 2006 MVC Share Posted November 13, 2006 Well I have to kind of agree with MazX. If the "Windows Time Service Technical Reference" was "quite confusing" maybe computers are not their forte.. Let just hope this is his home private network, and not something he is actually getting paid to admin.. I'm sorry - but come on, someone that states "i believe it can be done from dos" hmmmm -- does that sound like someone you want to admin your network? ;) I mean no offense by that, atleast he is looking for help.. But to be honest the documents linked too where not very complicated, the Tech Reference for example goes into -- • What Is Windows Time Service? • How Windows Time Service Works • Windows Time Service Tools and Settings The Microsoft Windows Server 2003 Windows Time service, also known as W32Time, synchronizes the date and time for all computers running on a Windows Server 2003 network. Time synchronization is critical for the proper operation of many Windows services and line-of-business applications. The Windows Time service uses the Network Time Protocol (NTP) to synchronize computer clocks on the network so that an accurate clock value, or time stamp, can be assigned to network validation and resource access requests. The service integrates NTP and time providers, making it a reliable and scalable time service for enterprise administrators. This section will explain how the Windows Time service performs tasks such as time synchronization across an enterprise and how it determines what computers provide reliable time. At a higher level, it will also explain the services that the Windows Time service provides to other applications and services. -- This is a basic document that gives a good overview of the what and how, etc.. It does not go into low level details of the NTP protocol, etc.. Its not like I linked to the RFCs or something - even though those are great references.. http://www.faqs.org/rfcs/rfc1305.html Network Time Protocol (Version 3) Specification, Implementation and Analysis http://www.faqs.org/rfcs/rfc2030.html Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI It goes over basic info that anyone that is wanting to admin Active Directory should really understand.. atleast IMHO, and from his statement I would assume MazXs opinion as well.. I am sure he meant no offense by it, etc.. and neither do I. But the time on each machine in an AD can be a major factor.. if they are off by too much your going to have all kinds of issues.. Understanding the "basics" how time is kept in sync across your domain is a pretty basic concept that any admin should understand. Link to comment Share on other sites More sharing options...
MazX_Napalm Posted November 13, 2006 Share Posted November 13, 2006 Just how confusing is this? 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags 3. In the right pane, right-click AnnounceFlags, and then click Modify. 4. In Edit DWORD Value, type A in the Value data box, and then click OK. 5. Quit Registry Editor. 6. At the command prompt, type the following command to restart the Windows Time service, and then press ENTER: net stop w32time && net start w32time And there is a second section that is a bit longer If you can't follow instructions like that, then you shouldn't be allowed to admin any computer. I'm not being offensive, but that is the truth. Link to comment Share on other sites More sharing options...
Guest jgrodri Posted November 14, 2006 Share Posted November 14, 2006 lol... I admit i hadn't actually read the instructions myself :blush: yeah... those seem pretty easy. Link to comment Share on other sites More sharing options...
game_over Posted November 15, 2006 Author Share Posted November 15, 2006 Just how confusing is this? If you can't follow instructions like that, then you shouldn't be allowed to admin any computer. I'm not being offensive, but that is the truth. what you quoted there was not difficult, but it was the document itself i was having trouble with. I'm sorry i asked for further assistance i thought that's what this website was for. :rolleyes: and i doubt a problem as small as this determines my ability as a network administrator. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 15, 2006 MVC Share Posted November 15, 2006 Which document were you having trouble with then? Which concept did you not get about syncing time with your DC? Or that the DC needs to have the correct time, and that it needs a valid time source? Or whatever other time source your machines might be using needs to be correct? You really need to ensure that your time across your domain is going to be correct going forward, setting the time from a command line now and then when you notice its off is not what you should be looking to do! Be happy to help - but what did you find "quite confusing"? Link to comment Share on other sites More sharing options...
Chode Posted November 16, 2006 Share Posted November 16, 2006 NTP uses port 123 UDP to sync time, so you will need to make sure your firewall allows this traffic to and from the outside world to your DC. I hadn't given too much thought to it, but I'd noticed that my client time (commonly out due to ghosting) was not syncing with the client. I thought nothing of it, but it does seem likely now that Windows Firewall was blocking the time synchronisation. Thanks for saving me a quick google :) Time syncing can be done from DOS, and I've seen some configurations that use the following in a Batch File Logon Script to do just this: NET TIME \\SERVER /SET /YES (where SERVER is the Server or workstation that you wan't to read the time from). Though if memory serves me, this can only be done by a user with local administrative rights. Not sure if it works in a logon-script for non-administrative users. Link to comment Share on other sites More sharing options...
bobbba Posted November 16, 2006 Share Posted November 16, 2006 I hadn't given too much thought to it, but I'd noticed that my client time (commonly out due to ghosting) was not syncing with the client. I thought nothing of it, but it does seem likely now that Windows Firewall was blocking the time synchronisation. Thanks for saving me a quick google :) Time syncing can be done from DOS, and I've seen some configurations that use the following in a Batch File Logon Script to do just this: NET TIME \\SERVER /SET /YES (where SERVER is the Server or workstation that you wan't to read the time from). Though if memory serves me, this can only be done by a user with local administrative rights. Not sure if it works in a logon-script for non-administrative users. you should not have to do this on dmoain members, they are meant to synchronise with the pdc emualtor automatically Link to comment Share on other sites More sharing options...
Recommended Posts