March 12th, 2010

Problem:
Windows 2003 Domain Controller will not SYNC time correctly when set to NT5DS

Symptoms
If the following registry entries are set to NTP and the PDC Emulator hostname or IP Address respectively then Time synchronizes
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeParametersType
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeParametersNtpServer

If the following registry entry is set to NT5DS then there are errors in the event logs
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeParametersType

It does not matter what this registry entry is set to because NT5DS means the server should sync time with the PDC Emulator
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeParametersType

Errors in the event logs are along the lines of
Warning
The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 15 minutes.

Error
The time provider NtpClient is configured to acquire time from one or more time sources; however; none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

Resolution
This is usually caused When you move the FSMO Role : PDC Emulator to a new Domain Controller you will see this error on the previous PDC Emulator.

  • Log on to the previous PDC Emulator with admin privileges
  • Open a Command Prompt
  • Type : w32tm /config /syncfromflags:domhier /reliable:no /update
  • Type : net stop time
  • Type : net start time

This will set the time service to look to the domain hierarchy rather than itself for a reliable time providerA

One Response to “Time sync fails on DC when set to NT5DS”

  1. Bob Says:

    That solved my issue where despite having the FSMO roles taken away, the DC still thought it was in charge of the time.
    Thanks!

Leave a Reply