March 12th, 2010

Windows 2003 Domain Controller will not SYNC time correctly when set to NT5DS

If the following registry entries are set to NTP and the PDC Emulator hostname or IP Address respectively then Time synchronizes

If the following registry entry is set to NT5DS then there are errors in the event logs

It does not matter what this registry entry is set to because NT5DS means the server should sync time with the PDC Emulator

Errors in the event logs are along the lines of
The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 15 minutes.

The time provider NtpClient is configured to acquire time from one or more time sources; however; none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

This is usually caused When you move the FSMO Role : PDC Emulator to a new Domain Controller you will see this error on the previous PDC Emulator.

  • Log on to the previous PDC Emulator with admin privileges
  • Open a Command Prompt
  • Type : w32tm /config /syncfromflags:domhier /reliable:no /update
  • Type : net stop time
  • Type : net start time

This will set the time service to look to the domain hierarchy rather than itself for a reliable time providerA

One Response to “Time sync fails on DC when set to NT5DS”

  1. Bob Says:

    That solved my issue where despite having the FSMO roles taken away, the DC still thought it was in charge of the time.

Leave a Reply