Unable to get time to sync on Server 2012 R2 DC
-
I have a DC running Windows Server 2012 R2. It's behind a Untangle firewall.
I can't get it to maintain time for some reason. My understanding is that outbound traffic isn't blocked with Untangle.
I have set up several servers for NTP sync and not run into this many issues. It says it's successful but is 7 minutes off.
Any ideas?
[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NTP (Local)
NtpServer: 0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8 3.pool.ntp.org,0x8 (Local)NtpServer (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)Windows Time Agent (Local)
DllName: w32tmdt.cpl (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 0 (Local)
InputProvider: 1 (Local)Leap Indicator: 0(no warning)
Stratum: 2 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0312500s
Root Dispersion: 16.0100000s
ReferenceId: 0xCC093677 (source IP: 204.9.54.119)
Last Successful Sync Time: 7/25/2017 4:59:17 PM
Source: 1.pool.ntp.org,0x8
Poll Interval: 6 (64s) -
@ccwtech said in Unable to get time to sync on Server 2012 R2 DC:
vers for NTP sync and not run into this many issues. It says it's successful but is 7 minutes off.
Any ideas?Is this Server a VM under a HYpervisor? If so, what is your hypervisor.
Have you also taken a look at the below?
http://support.ntp.org/bin/view/Support/TroubleshootingNTP -
Physical box (no VM).
I looked at the link you referenced but not sure that is 100% applicable as it's talking about /etc folders.
-
Is the port open on the UT?
-
From what I have read UT is open from LAN to WAN by default. So I believe so.
-
Is the UT box maintaining time? It's been a few years since I had a UT system online, so I'm a tad off on it.
If your UT system is maintaining time, you can set you ur server to pull time from it.
-
Can you telnet to port 123 from your DC To the NTP servers? Have you also checked that your DC hardware BIOS is keeping the time properly.
-
UT has the correct time. I am able to Telnet to pool.ntp.org port 123 (I don't get anything on the screen, but it connects via Putty)
-
What does the event log show for the time? I really would check what is the clock time in the BIOS.
-
The time provider NtpClient is currently receiving valid time data from 3.pool.ntp.org,0x8 (ntp.m|0x8|0.0.0.0:123->69.50.219.51:123).
The time service is now synchronizing the system time with the time source 3.pool.ntp.org,0x8 (ntp.m|0x8|0.0.0.0:123->69.50.219.51:123).Result of /sync command.
I can't get into the BIOS right this minute. I am currently remoting into the server and would have to schedule downtime to check. Shouldn't Windows time and BIOS time be the same? (Sync with each other)
-
@ccwtech BIOs time is not the same as the OS time. The OS time will be affected by the BIOS time but not viceversa. So if there is a time difference between the OS and BIOS, BIOS will always win.
-
Interesting... this just popped up in the log as well:
Time Provider NtpClient: No valid response has been received from manually configured peer 3.pool.ntp.org,0x8 after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.
-
@ccwtech change all the Ntp servers to known good addresses.
-
Just using pool.ntp.org now.
Getting this:
The system time has changed to 2017-07-26T03:59:47.234000000Z from 2017-07-26T03:59:47.247242200Z.But it's still 7 minutes behind...
-
I'm reading that if it is off only by a few minutes it slowly changes the clock to run faster until it 'catches up'.
Check again in the AM and report back.
Goodnight all.
-
@ccwtech said in Unable to get time to sync on Server 2012 R2 DC:
I'm reading that if it is off only by a few minutes it slowly changes the clock to run faster until it 'catches up'.
Check again in the AM and report back.
Goodnight all.
That's correct.
-
With the fact that it slowly 'catches up' last night I adjusted the time to be within 2 minutes of current time hoping that it would 'catch up' more quickly. As of this morning it's still at 2 minutes behind, so no joy....
-
When I've had time sync issues in the past to help I've just installed a atomic clock sync tool onto the server.
-
Check Group Policy setting in the default domain controller OU to make sure NTP/SNTP is not disabled. See this article:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/95733420-c3c8-456d-a5c1-b426ebafb53e/pdc-will-not-sync-with-external-time-source-ntp-using-w32time?forum=winserverNIS
Also, try an IP address instead of name. I use 132.163.4.103 and 129.6.15.29 for my testing, then set to pool.ntp.org when testing's complete. -
@hobbit666 I have tried a couple of those.
It's weird to me as it seems like it's able to sync the time, but no matter if it is 7 minutes late or 2 minutes late the server 'thinks' it's off by 0 ms so it doesn't change.
It's just odd.