| Author | Messages | |
Thomas Vuylsteke
Posts:207
 | | 10/26/2009 3:56 PM |
| Guys (and girls),
A customer of mine has a hardware NTP time source (attached to the network).. We are trying to sync our PDC with it, but we are unable to sync up with it...
Settings:
* OS Windows 2008 SP2
* The clock its vendor:
* NTP specifics:
* Announceflags 5
* Source: Clock.domain.customer.com,0x1
* Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same on my W7 laptop, things go fine...
I used a tool like "ntpquery" (free utility) to check wheter the PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks "official" NTP and that the windows server talks windows NTP which isn't the same as the one specified in RFC's and so on? Have you guys ever had issues syncing with specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
[cid:image001.gif@01CA5659.A3F0B620]<http://www.realdolmen.com/>
[cid:image002.gif@01CA5659.A3F0B620]<http://www.realdolmen.com/customercases>
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.
[cid:image003.gif@01CA5659.A3F0B620]
| | | |
| kennedyjim
Posts:89
| | 10/26/2009 4:04 PM |
| Sync'ing here with a Cisco 65xx for several years. I did have to do some minor config to the 65xx to tell it to serve time. Maybe your device needs that step?
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 11:55 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Windows NTP timesync with "hardware clock"
Guys (and girls),
A customer of mine has a hardware NTP time source (attached to the network).. We are trying to sync our PDC with it, but we are unable to sync up with it...
Settings:
* OS Windows 2008 SP2
* The clock its vendor:
* NTP specifics:
* Announceflags 5
* Source: Clock.domain.customer.com,0x1
* Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same on my W7 laptop, things go fine...
I used a tool like "ntpquery" (free utility) to check wheter the PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks "official" NTP and that the windows server talks windows NTP which isn't the same as the one specified in RFC's and so on? Have you guys ever had issues syncing with specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
[cid:image001.gif@01CA5634.3B8A7BE0]<http://www.realdolmen.com/>
[cid:image002.gif@01CA5634.3B8A7BE0]<http://www.realdolmen.com/customercases>
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.
[cid:image003.gif@01CA5634.3B8A7BE0]
| | | |
| mcasey
Posts:75
| | 10/26/2009 4:12 PM |
| Have you checked out this doc:
http://technet.microsoft.com/en-us/library/cc786897(WS.10).aspx
<http://technet.microsoft.com/en-us/library/cc786897(WS.10).aspx>-matt
On Mon, Oct 26, 2009 at 11:54 AM, Thomas Vuylsteke <
Thomas.Vuylsteke@realdolmen.com> wrote:
> Guys (and girls),
>
>
>
> A customer of mine has a hardware NTP time source (attached to the
> network). We are trying to sync our PDC with it, but we are unable to sync
> up with it…
>
>
>
> Settings:
>
> · OS Windows 2008 SP2
>
> · The clock its vendor:
>
> · NTP specifics:
>
> · Announceflags 5
>
> · Source: Clock.domain.customer.com,0x1
>
> · Type: NTP
>
>
>
> Doing a w32tm /resync gives a failure, If I configure the same on my W7
> laptop, things go fine…
>
>
>
> I used a tool like “ntpquery” (free utility) to check wheter the PDC can
> access the clock (network-wise) and that seems to succeed.
>
>
>
> Is it possible the device talks “official” NTP and that the windows server
> talks windows NTP which isn’t the same as the one specified in RFC’s and so
> on? Have you guys ever had issues syncing with specific devices?
>
>
>
> Kind regards,
>
>
> *Thomas Vuylsteke*
> *System Engineer Server Technology*
> thomas.vuylsteke@realdolmen.com
>
> Direct +32 (0)2 362 55 55
> <http://www.realdolmen.com/>
>
> <http://www.realdolmen.com/customercases>
>
> This e-mail message and any attachment are intended for the sole use of the
> recipient(s) named above and may contain information which is confidential
> and/or protected by intellectual property rights. Any use of the information
> contained herein (including, but not limited to, total or partial
> reproduction, communication or distribution in any form) by other persons
> than the designated recipient(s) is prohibited. If you have received this
> e-mail in error, please notify the sender either by telephone (+32 2 362 55
> 55) or by e-mail and delete the material from any computer. Please note that
> neither RealDolmen nor the sender accept any responsibility for viruses and
> it is your responsibility to scan or otherwise check this email and any
> attachments. RealDolmen is nor responsible for the correct and complete
> transfer of the contents of the sent e-mail, neither for the receipt on due
> time.
>
> [image: Think Green]
>
| | | |
| Thomas Vuylsteke
Posts:207
| | 10/26/2009 4:16 PM |
| The vendor stated that he had had issues in the past with windows in general. They advise using some software-in-between on the PDC to sync with the hardware device :S
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Kennedy, Jim
Sent: maandag 26 oktober 2009 17:03
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Sync'ing here with a Cisco 65xx for several years. I did have to do some minor config to the 65xx to tell it to serve time. Maybe your device needs that step?
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 11:55 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Windows NTP timesync with "hardware clock"
Guys (and girls),
A customer of mine has a hardware NTP time source (attached to the network).. We are trying to sync our PDC with it, but we are unable to sync up with it...
Settings:
* OS Windows 2008 SP2
* The clock its vendor:
* NTP specifics:
* Announceflags 5
* Source: Clock.domain.customer.com,0x1
* Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same on my W7 laptop, things go fine...
I used a tool like "ntpquery" (free utility) to check wheter the PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks "official" NTP and that the windows server talks windows NTP which isn't the same as the one specified in RFC's and so on? Have you guys ever had issues syncing with specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
[cid:image001.gif@01CA565F.ECBA13A0]<http://www.realdolmen.com/>
[cid:image002.gif@01CA565F.ECBA13A0]<http://www.realdolmen.com/customercases>
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.
[cid:image003.gif@01CA565F.ECBA13A0]
| | | |
| kurtbuff
Posts:200
| | 10/26/2009 4:27 PM |
| There's your clue - if the vendor has issues, you're likely to as well.
Can you get a switch/router/something else to synch with the unit, then
synch your DC to that?
And, just so we know - what product does the client have?
On Mon, Oct 26, 2009 at 09:15, Thomas Vuylsteke <
Thomas.Vuylsteke@realdolmen.com> wrote:
> The vendor stated that he had had issues in the past with windows in
> general. They advise using some software-in-between on the PDC to sync with
> the hardware device :S
>
>
>
> Kind regards,
>
> Thomas
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *Kennedy, Jim
> *Sent:* maandag 26 oktober 2009 17:03
>
> *To:* activedir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Windows NTP timesync with "hardware clock"
> *Sensitivity:* Confidential
>
>
>
> Sync’ing here with a Cisco 65xx for several years. I did have to do some
> minor config to the 65xx to tell it to serve time. Maybe your device needs
> that step?
>
>
>
>
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *Thomas Vuylsteke
> *Sent:* Monday, October 26, 2009 11:55 AM
> *To:* activedir@mail.activedir.org
> *Subject:* [ActiveDir] Windows NTP timesync with "hardware clock"
>
>
>
> Guys (and girls),
>
>
>
> A customer of mine has a hardware NTP time source (attached to the
> network). We are trying to sync our PDC with it, but we are unable to sync
> up with it…
>
>
>
> Settings:
>
> · OS Windows 2008 SP2
>
> · The clock its vendor:
>
> · NTP specifics:
>
> · Announceflags 5
>
> · Source: Clock.domain.customer.com,0x1
>
> · Type: NTP
>
>
>
> Doing a w32tm /resync gives a failure, If I configure the same on my W7
> laptop, things go fine…
>
>
>
> I used a tool like “ntpquery” (free utility) to check wheter the PDC can
> access the clock (network-wise) and that seems to succeed.
>
>
>
> Is it possible the device talks “official” NTP and that the windows server
> talks windows NTP which isn’t the same as the one specified in RFC’s and so
> on? Have you guys ever had issues syncing with specific devices?
>
>
>
> Kind regards,
>
>
> *Thomas Vuylsteke*
> *System Engineer Server Technology*
> thomas.vuylsteke@realdolmen.com
>
> Direct +32 (0)2 362 55 55
> <http://www.realdolmen.com/>
>
> <http://www.realdolmen.com/customercases>
>
> This e-mail message and any attachment are intended for the sole use of the
> recipient(s) named above and may contain information which is confidential
> and/or protected by intellectual property rights. Any use of the information
> contained herein (including, but not limited to, total or partial
> reproduction, communication or distribution in any form) by other persons
> than the designated recipient(s) is prohibited. If you have received this
> e-mail in error, please notify the sender either by telephone (+32 2 362 55
> 55) or by e-mail and delete the material from any computer. Please note that
> neither RealDolmen nor the sender accept any responsibility for viruses and
> it is your responsibility to scan or otherwise check this email and any
> attachments. RealDolmen is nor responsible for the correct and complete
> transfer of the contents of the sent e-mail, neither for the receipt on due
> time.
>
> [image: Think Green]
>
| | | |
| blake.brown
Posts:1
| | 10/26/2009 4:31 PM |
| Try some decongestant. It has to be sinus buildup?
--------------------------
Sent via BlackBerry
________________________________
From: activedir-owner@mail.activedir.org <activedir-owner@mail.activedir.org>
To: activedir@mail.activedir.org <activedir@mail.activedir.org>
Sent: Mon Oct 26 11:08:59 2009
Subject: Re: [ActiveDir] Windows NTP timesync with "hardware clock"
Have you checked out this doc: http://technet.microsoft.com/en-us/library/cc786897(WS.10).aspx
<http://technet.microsoft.com/en-us/library/cc786897(WS.10).aspx>-matt
On Mon, Oct 26, 2009 at 11:54 AM, Thomas Vuylsteke <Thomas.Vuylsteke@realdolmen.com<mailto:Thomas.Vuylsteke@realdolmen.com>> wrote:
Guys (and girls),
A customer of mine has a hardware NTP time source (attached to the network). We are trying to sync our PDC with it, but we are unable to sync up with it…
Settings:
• OS Windows 2008 SP2
• The clock its vendor:
• NTP specifics:
• Announceflags 5
• Source: Clock.domain.customer.com<http://Clock.domain.customer.com>,0x1
• Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same on my W7 laptop, things go fine…
I used a tool like “ntpquery” (free utility) to check wheter the PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks “official” NTP and that the windows server talks windows NTP which isn’t the same as the one specified in RFC’s and so on? Have you guys ever had issues syncing with specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
<http://www.realdolmen.com/>
<http://www.realdolmen.com/customercases>
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.
________________________________
Please consider the environment before printing this email
This message and its attachments contains confidential information and is intended only for the highly valued individual customer or team member named. Please notify the Baker Group sender immediately by e-mail or telephone if you have received this e-mail by mistake and delete this e-mail from your system. Please do not distribute or copy this e-mail.
Because e-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses, Baker Group cannot accept liability for the contents of this message. If verification is required please request a hard-copy version. Thank you for the opportunity to work with you!
| | | |
| kbatkbslpcom
Posts:194
| | 10/26/2009 5:13 PM |
| Have you tried a 3rd-party Windows based NTP client to see if it can
extract time from that device? Worse comes to worse - you put the NTP
software on your 2008 PDC-E and use that rather than Windows time - at
least that would validate that your time sources "talk" NTP correctly.
I do that on my PC (and I've stopped the W32time service) - and use an
NTP monitoring tool to validate our time sources.
I'm using the meinberg distribution of NTP (they take the office NTP
code and compile it/make a distribution for Windows - they also sell
time devices) along with their monitoring tool. Although we also use
ntpq to query the time sources for standard operations - the GUI tool is
so much easier to read than NTPQ output is.
-----Original Message-----
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas
Vuylsteke
Sent: Monday, October 26, 2009 12:16 PM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware
clock"
Sensitivity: Confidential
The vendor stated that he had had issues in the past with
windows in general. They advise using some software-in-between on the
PDC to sync with the hardware device :S
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Kennedy, Jim
Sent: maandag 26 oktober 2009 17:03
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware
clock"
Sensitivity: Confidential
Sync'ing here with a Cisco 65xx for several years. I did have to
do some minor config to the 65xx to tell it to serve time. Maybe your
device needs that step?
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas
Vuylsteke
Sent: Monday, October 26, 2009 11:55 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Windows NTP timesync with "hardware clock"
Guys (and girls),
A customer of mine has a hardware NTP time source (attached to
the network). We are trying to sync our PDC with it, but we are unable
to sync up with it...
Settings:
* OS Windows 2008 SP2
* The clock its vendor:
* NTP specifics:
* Announceflags 5
* Source: Clock.domain.customer.com,0x1
* Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same
on my W7 laptop, things go fine...
I used a tool like "ntpquery" (free utility) to check wheter the
PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks "official" NTP and that the
windows server talks windows NTP which isn't the same as the one
specified in RFC's and so on? Have you guys ever had issues syncing with
specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com
<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
<http://www.realdolmen.com/>
<http://www.realdolmen.com/customercases>
This e-mail message and any attachment are intended for the sole
use of the recipient(s) named above and may contain information which is
confidential and/or protected by intellectual property rights. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by other persons than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone (+32 2 362 55 55) or by e-mail and delete the
material from any computer. Please note that neither RealDolmen nor the
sender accept any responsibility for viruses and it is your
responsibility to scan or otherwise check this email and any
attachments. RealDolmen is nor responsible for the correct and complete
transfer of the contents of the sent e-mail, neither for the receipt on
due time.
| | | |
| Thomas Vuylsteke
Posts:207
| | 10/26/2009 7:33 PM |
| I tried a third party app: "ntpquery" (http://www.bytefusion.com/products/fs/ntpquery/ntpquery.html)
It manages to get the time. So I guess we'll have to try the vendor its software.
I really wanted to do it withouth extra software. All I want is a GPO with a WMI filter for the PDC and whenver someone transfers the role, time sync stays in place.
But it seems like a lot of you are also using thirdy party apps 
Oh, now i see i forgot to mention the clock vendor: http://www.westerstrand..com/
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
<http://www.realdolmen.com/>
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt o
________________________________
From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] On Behalf Of Brown, Ken F. [Ken.Brown@kbslp.com]
Sent: Monday, October 26, 2009 18:12
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Have you tried a 3rd-party Windows based NTP client to see if it can extract time from that device? Worse comes to worse - you put the NTP software on your 2008 PDC-E and use that rather than Windows time - at least that would validate that your time sources "talk" NTP correctly.
I do that on my PC (and I've stopped the W32time service) - and use an NTP monitoring tool to validate our time sources.
I'm using the meinberg distribution of NTP (they take the office NTP code and compile it/make a distribution for Windows - they also sell time devices) along with their monitoring tool. Although we also use ntpq to query the time sources for standard operations - the GUI tool is so much easier to read than NTPQ output is.
-----Original Message-----
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 12:16 PM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
The vendor stated that he had had issues in the past with windows in general. They advise using some software-in-between on the PDC to sync with the hardware device :S
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Kennedy, Jim
Sent: maandag 26 oktober 2009 17:03
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Sync’ing here with a Cisco 65xx for several years. I did have to do some minor config to the 65xx to tell it to serve time. Maybe your device needs that step?
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 11:55 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Windows NTP timesync with "hardware clock"
Guys (and girls),
A customer of mine has a hardware NTP time source (attached to the network).. We are trying to sync our PDC with it, but we are unable to sync up with it…
Settings:
• OS Windows 2008 SP2
• The clock its vendor:
• NTP specifics:
• Announceflags 5
• Source: Clock.domain.customer.com,0x1
• Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same on my W7 laptop, things go fine…
I used a tool like “ntpquery” (free utility) to check wheter the PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks “official” NTP and that the windows server talks windows NTP which isn’t the same as the one specified in RFC’s and so on? Have you guys ever had issues syncing with specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
[cid:904150717@26102009-16FE]<http://www.realdolmen.com/>
[cid:904150717@26102009-1705]<http://www.realdolmen.com/customercases>
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.
[cid:904150717@26102009-170C]
| | | |
| weemat2
Posts:3
| | 10/27/2009 6:30 PM |
|
A w32time debug log would be beneficial to know what is happening. Do you even see a response from the server when you do /resync? I admit I have had little issues with NTP sources. The only real issue I had was when a customer was pointing at some Unix box an we wouldn't even get a response from the source until we added 0x08 at the end of the ntpserver reg key like so
Clock.domain.customer.com,0x8 .
I also recommend this http://blogs.technet.com/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering..aspx link.
More details of ntpserver reg key below from http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx#w2k3tr_times_tools_uhlp.
NtpServer
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Version
Windows Server 2003 and Windows Server 2008
This entry specifies a space-delimited list of peers from which a computer obtains time stamps, consisting of one or more DNS names or IP addresses per line. Each DNS name or IP address listed must be unique. Computers connected to a domain must synchronize with a more reliable time source, such as the official U.S. time clock.
0x01 SpecialInterval
0x02 UseAsFallbackOnly
0x04 SymmatricActive
0x08 Client
From: Thomas.Vuylsteke@realdolmen.com
To: activedir@mail.activedir.org
Date: Mon, 26 Oct 2009 20:31:36 +0100
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
I tried a third party app: "ntpquery" (http://www.bytefusion.com/products/fs/ntpquery/ntpquery.html)
It manages to get the time. So I guess we'll have to try the vendor its software.
I really wanted to do it withouth extra software. All I want is a GPO with a WMI filter for the PDC and whenver someone transfers the role, time sync stays in place.
But it seems like a lot of you are also using thirdy party apps
Oh, now i see i forgot to mention the clock vendor: http://www.westerstrand.com/
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com
Direct +32 (0)2 362 55 55
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt o
From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] On Behalf Of Brown, Ken F. [Ken.Brown@kbslp.com]
Sent: Monday, October 26, 2009 18:12
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Have you tried a 3rd-party Windows based NTP client to see if it can extract time from that device? Worse comes to worse - you put the NTP software on your 2008 PDC-E and use that rather than Windows time - at least that would validate that your time sources "talk" NTP correctly.
I do that on my PC (and I've stopped the W32time service) - and use an NTP monitoring tool to validate our time sources.
I'm using the meinberg distribution of NTP (they take the office NTP code and compile it/make a distribution for Windows - they also sell time devices) along with their monitoring tool. Although we also use ntpq to query the time sources for standard operations - the GUI tool is so much easier to read than NTPQ output is.
-----Original Message-----
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 12:16 PM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
The vendor stated that he had had issues in the past with windows in general. They advise using some software-in-between on the PDC to sync with the hardware device :S
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Kennedy, Jim
Sent: maandag 26 oktober 2009 17:03
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Sync’ing here with a Cisco 65xx for several years. I did have to do some minor config to the 65xx to tell it to serve time. Maybe your device needs that step?
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 11:55 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Windows NTP timesync with "hardware clock"
Guys (and girls),
A customer of mine has a hardware NTP time source (attached to the network).. We are trying to sync our PDC with it, but we are unable to sync up with it…
Settings:
· OS Windows 2008 SP2
· The clock its vendor:
· NTP specifics:
· Announceflags 5
· Source: Clock.domain.customer.com,0x1
· Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same on my W7 laptop, things go fine…
I used a tool like “ntpquery” (free utility) to check wheter the PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks “official” NTP and that the windows server talks windows NTP which isn’t the same as the one specified in RFC’s and so on? Have you guys ever had issues syncing with specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com
Direct +32 (0)2 362 55 55
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.
_________________________________________________________________
New Windows 7: Find the right PC for you. Learn more.
http://www.microsoft.com/uk/windows/buy/
| | | |
| Thomas Vuylsteke
Posts:207
| | 10/27/2009 9:10 PM |
| Thnx for the source, however I already read them (that's where I got my inspiration with the GPO  )
However, you mention those flags:
* 0x01 SpecialInterval
* 0x02 UseAsFallbackOnly
* 0x04 SymmatricActive
* 0x08 Client
Not getting a response is actually what I was encountering (says wireshark).. So perhaps we could try 0x09 as flags? I like the idea we can hard-code the specialinterval (0x01). I'm wondering though, what's the use of 0x8 and why do some situations require it. I'll test it out for sure! They explain it as "client" but actually, what does it do.
Thnx for the reply, I'll post our results some days later.
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of admin admin
Sent: dinsdag 27 oktober 2009 19:28
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
A w32time debug log would be beneficial to know what is happening. Do you even see a response from the server when you do /resync? I admit I have had little issues with NTP sources. The only real issue I had was when a customer was pointing at some Unix box an we wouldn't even get a response from the source until we added 0x08 at the end of the ntpserver reg key like so
Clock.domain.customer.com,0x8 .
I also recommend this http://blogs.technet.com/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering..aspx link.
More details of ntpserver reg key below from http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx#w2k3tr_times_tools_uhlp.
NtpServer
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Version
Windows Server 2003 and Windows Server 2008
This entry specifies a space-delimited list of peers from which a computer obtains time stamps, consisting of one or more DNS names or IP addresses per line. Each DNS name or IP address listed must be unique. Computers connected to a domain must synchronize with a more reliable time source, such as the official U.S. time clock.
* 0x01 SpecialInterval
* 0x02 UseAsFallbackOnly
* 0x04 SymmatricActive
* 0x08 Client
________________________________
From: Thomas.Vuylsteke@realdolmen.com
To: activedir@mail.activedir.org
Date: Mon, 26 Oct 2009 20:31:36 +0100
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
I tried a third party app: "ntpquery" (http://www.bytefusion.com/products/fs/ntpquery/ntpquery.html)
It manages to get the time. So I guess we'll have to try the vendor its software.
I really wanted to do it withouth extra software. All I want is a GPO with a WMI filter for the PDC and whenver someone transfers the role, time sync stays in place.
But it seems like a lot of you are also using thirdy party apps
Oh, now i see i forgot to mention the clock vendor: http://www.westerstrand..com/
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt o
________________________________
From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] On Behalf Of Brown, Ken F. [Ken.Brown@kbslp.com]
Sent: Monday, October 26, 2009 18:12
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Have you tried a 3rd-party Windows based NTP client to see if it can extract time from that device? Worse comes to worse - you put the NTP software on your 2008 PDC-E and use that rather than Windows time - at least that would validate that your time sources "talk" NTP correctly.
I do that on my PC (and I've stopped the W32time service) - and use an NTP monitoring tool to validate our time sources.
I'm using the meinberg distribution of NTP (they take the office NTP code and compile it/make a distribution for Windows - they also sell time devices) along with their monitoring tool. Although we also use ntpq to query the time sources for standard operations - the GUI tool is so much easier to read than NTPQ output is.
-----Original Message-----
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 12:16 PM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
The vendor stated that he had had issues in the past with windows in general. They advise using some software-in-between on the PDC to sync with the hardware device :S
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Kennedy, Jim
Sent: maandag 26 oktober 2009 17:03
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Sync'ing here with a Cisco 65xx for several years. I did have to do some minor config to the 65xx to tell it to serve time. Maybe your device needs that step?
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 11:55 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Windows NTP timesync with "hardware clock"
Guys (and girls),
A customer of mine has a hardware NTP time source (attached to the network).. We are trying to sync our PDC with it, but we are unable to sync up with it...
Settings:
* OS Windows 2008 SP2
* The clock its vendor:
* NTP specifics:
* Announceflags 5
* Source: Clock.domain.customer.com,0x1
* Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same on my W7 laptop, things go fine...
I used a tool like "ntpquery" (free utility) to check wheter the PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks "official" NTP and that the windows server talks windows NTP which isn't the same as the one specified in RFC's and so on? Have you guys ever had issues syncing with specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas..vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
[cid:image001.gif@01CA5751.C029C1D0]<http://www.realdolmen.com/>
[cid:image002.gif@01CA5751.C029C1D0]<http://www.realdolmen.com/customercases>
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.
[cid:image003.gif@01CA5751.C029C1D0]
________________________________
New Windows 7: Find the right PC for you. Learn more.<http://www.microsoft.com/uk/windows/buy/>
| | | |
| decrosby
Posts:101
| | 11/03/2009 10:52 AM |
| We have seen similar problems when using symmetricom gps clocks as a originating time source. In summary the Windows Time Service will look to talk in "active" mode rather than standard "client" and some time sources respond incorrectly. You can turn this feature off on the Windows hosts so it talks RFC compliant "client" and it seems to work however we took a sw upgrade from the vendor and it fixed our problem.
Now developing this thread further we thought we could mitigate the loss of the PDCE or reliable time source in the forest by setting non PDCE DC's in the root to be "allsync" so in the event of the PDCE not being discovered the DC's would fallback to NTP and use the external time sources and this would cascade downwards. What we found tho was that the non PDCE DC's even when the PDCE was online were taking time form the external time sources suggesting that the discovery process was failing. We failed to get a good answer on this from MSFT so decided to set all non PDCE DC's to use NTDS5.
Does anyone else have any lessons learned they would like to share?
Thanks.
Damian.
________________________________
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Brown, Ken F.
Sent: 26 October 2009 17:12
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Have you tried a 3rd-party Windows based NTP client to see if it can extract time from that device? Worse comes to worse - you put the NTP software on your 2008 PDC-E and use that rather than Windows time - at least that would validate that your time sources "talk" NTP correctly.
I do that on my PC (and I've stopped the W32time service) - and use an NTP monitoring tool to validate our time sources.
I'm using the meinberg distribution of NTP (they take the office NTP code and compile it/make a distribution for Windows - they also sell time devices) along with their monitoring tool. Although we also use ntpq to query the time sources for standard operations - the GUI tool is so much easier to read than NTPQ output is.
-----Original Message-----
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 12:16 PM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
The vendor stated that he had had issues in the past with windows in general. They advise using some software-in-between on the PDC to sync with the hardware device :S
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Kennedy, Jim
Sent: maandag 26 oktober 2009 17:03
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Sync'ing here with a Cisco 65xx for several years. I did have to do some minor config to the 65xx to tell it to serve time. Maybe your device needs that step?
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 11:55 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Windows NTP timesync with "hardware clock"
Guys (and girls),
A customer of mine has a hardware NTP time source (attached to the network). We are trying to sync our PDC with it, but we are unable to sync up with it...
Settings:
* OS Windows 2008 SP2
* The clock its vendor:
* NTP specifics:
* Announceflags 5
* Source: Clock.domain.customer.com,0x1
* Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same on my W7 laptop, things go fine...
I used a tool like "ntpquery" (free utility) to check wheter the PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks "official" NTP and that the windows server talks windows NTP which isn't the same as the one specified in RFC's and so on? Have you guys ever had issues syncing with specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
[cid:994014610@03112009-24AA]<http://www.realdolmen.com/>
[cid:994014610@03112009-24B1]<http://www.realdolmen.com/customercases>
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.
[cid:994014610@03112009-24B8]
--------------------------------------------------------------------------
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
| | | |
| Thomas Vuylsteke
Posts:207
| | 11/04/2009 2:56 PM |
| Perhaps a related question:
http://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx contains a nice picture explaining the domain hierarchy time source selection thingy (http://i.technet.microsoft.com/cc773013.4d3b9294-477c-49eb-a06a-7a330ae0cf58(en-us).gif)
I can see how a client selects a DC in it's own Domain and which DC or PDC the DC's choose. But what about "site awareness" of the time synchronization stuff for the clients/member servers. A customer of mine has (member) servers in their main site synchronizing time with DC's in remote sites. Is this "normal" behavior? Can this be tuned?
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
Sent: dinsdag 3 november 2009 11:52
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
We have seen similar problems when using symmetricom gps clocks as a originating time source. In summary the Windows Time Service will look to talk in "active" mode rather than standard "client" and some time sources respond incorrectly. You can turn this feature off on the Windows hosts so it talks RFC compliant "client" and it seems to work however we took a sw upgrade from the vendor and it fixed our problem.
Now developing this thread further we thought we could mitigate the loss of the PDCE or reliable time source in the forest by setting non PDCE DC's in the root to be "allsync" so in the event of the PDCE not being discovered the DC's would fallback to NTP and use the external time sources and this would cascade downwards. What we found tho was that the non PDCE DC's even when the PDCE was online were taking time form the external time sources suggesting that the discovery process was failing. We failed to get a good answer on this from MSFT so decided to set all non PDCE DC's to use NTDS5.
Does anyone else have any lessons learned they would like to share?
Thanks.
Damian.
________________________________
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Brown, Ken F.
Sent: 26 October 2009 17:12
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Have you tried a 3rd-party Windows based NTP client to see if it can extract time from that device? Worse comes to worse - you put the NTP software on your 2008 PDC-E and use that rather than Windows time - at least that would validate that your time sources "talk" NTP correctly.
I do that on my PC (and I've stopped the W32time service) - and use an NTP monitoring tool to validate our time sources.
I'm using the meinberg distribution of NTP (they take the office NTP code and compile it/make a distribution for Windows - they also sell time devices) along with their monitoring tool. Although we also use ntpq to query the time sources for standard operations - the GUI tool is so much easier to read than NTPQ output is.
-----Original Message-----
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 12:16 PM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
The vendor stated that he had had issues in the past with windows in general. They advise using some software-in-between on the PDC to sync with the hardware device :S
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Kennedy, Jim
Sent: maandag 26 oktober 2009 17:03
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Sync'ing here with a Cisco 65xx for several years. I did have to do some minor config to the 65xx to tell it to serve time. Maybe your device needs that step?
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 11:55 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Windows NTP timesync with "hardware clock"
Guys (and girls),
A customer of mine has a hardware NTP time source (attached to the network). We are trying to sync our PDC with it, but we are unable to sync up with it...
Settings:
* OS Windows 2008 SP2
* The clock its vendor:
* NTP specifics:
* Announceflags 5
* Source: Clock.domain.customer.com,0x1
* Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same on my W7 laptop, things go fine...
I used a tool like "ntpquery" (free utility) to check wheter the PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks "official" NTP and that the windows server talks windows NTP which isn't the same as the one specified in RFC's and so on? Have you guys ever had issues syncing with specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
[cid:image001.gif@01CA5D67.3A899430]<http://www.realdolmen.com/>
[cid:image002.gif@01CA5D67.3A899430]<http://www.realdolmen.com/customercases>
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.
[cid:image003.gif@01CA5D67.3A899430]
________________________________
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
| | | |
| weemat2
Posts:3
| | 11/05/2009 5:28 PM |
|
http://blogs.msdn.com/w32time/archive/2007/09/04/keeping-the-domain-on-time..aspx explains requirements for a time source. Blog is maintained by Ryan who develops the time service code. Do the member servers have a DC of their own domain in their site?
Any news on adding the 0x8 and the result?
M
From: Thomas.Vuylsteke@realdolmen.com
To: activedir@mail.activedir.org
Date: Wed, 4 Nov 2009 15:55:27 +0100
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Perhaps a related question:
http://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx contains a nice picture explaining the domain hierarchy time source selection thingy (http://i.technet.microsoft.com/cc773013.4d3b9294-477c-49eb-a06a-7a330ae0cf58(en-us).gif)
I can see how a client selects a DC in it’s own Domain and which DC or PDC the DC’s choose. But what about “site awareness” of the time synchronization stuff for the clients/member servers. A customer of mine has (member) servers in their main site synchronizing time with DC’s in remote sites. Is this “normal” behavior? Can this be tuned?
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
Sent: dinsdag 3 november 2009 11:52
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
We have seen similar problems when using symmetricom gps clocks as a originating time source. In summary the Windows Time Service will look to talk in "active" mode rather than standard "client" and some time sources respond incorrectly. You can turn this feature off on the Windows hosts so it talks RFC compliant "client" and it seems to work however we took a sw upgrade from the vendor and it fixed our problem.
Now developing this thread further we thought we could mitigate the loss of the PDCE or reliable time source in the forest by setting non PDCE DC's in the root to be "allsync" so in the event of the PDCE not being discovered the DC's would fallback to NTP and use the external time sources and this would cascade downwards. What we found tho was that the non PDCE DC's even when the PDCE was online were taking time form the external time sources suggesting that the discovery process was failing. We failed to get a good answer on this from MSFT so decided to set all non PDCE DC's to use NTDS5.
Does anyone else have any lessons learned they would like to share?
Thanks.
Damian.
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Brown, Ken F.
Sent: 26 October 2009 17:12
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Have you tried a 3rd-party Windows based NTP client to see if it can extract time from that device? Worse comes to worse - you put the NTP software on your 2008 PDC-E and use that rather than Windows time - at least that would validate that your time sources "talk" NTP correctly.
I do that on my PC (and I've stopped the W32time service) - and use an NTP monitoring tool to validate our time sources.
I'm using the meinberg distribution of NTP (they take the office NTP code and compile it/make a distribution for Windows - they also sell time devices) along with their monitoring tool. Although we also use ntpq to query the time sources for standard operations - the GUI tool is so much easier to read than NTPQ output is.
-----Original Message-----
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 12:16 PM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
The vendor stated that he had had issues in the past with windows in general. They advise using some software-in-between on the PDC to sync with the hardware device :S
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Kennedy, Jim
Sent: maandag 26 oktober 2009 17:03
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Sync’ing here with a Cisco 65xx for several years. I did have to do some minor config to the 65xx to tell it to serve time. Maybe your device needs that step?
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 11:55 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Windows NTP timesync with "hardware clock"
Guys (and girls),
A customer of mine has a hardware NTP time source (attached to the network). We are trying to sync our PDC with it, but we are unable to sync up with it…
Settings:
· OS Windows 2008 SP2
· The clock its vendor:
· NTP specifics:
· Announceflags 5
· Source: Clock.domain.customer.com,0x1
· Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same on my W7 laptop, things go fine…
I used a tool like “ntpquery” (free utility) to check wheter the PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks “official” NTP and that the windows server talks windows NTP which isn’t the same as the one specified in RFC’s and so on? Have you guys ever had issues syncing with specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com
Direct +32 (0)2 362 55 55
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
_________________________________________________________________
Download Messenger onto your mobile for free
http://clk.atdmt.com/UKM/go/174426567/direct/01/
| | | |
| Thomas Vuylsteke
Posts:207
| | 11/05/2009 7:46 PM |
| I have a visit at the customer 17th of november. However the custerom mailed me today they implemented some client software of the vendor on the PDC, so I'm not sure whether i'll be able to test the 0x8 sux!
kind regards
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
<http://www.realdolmen.com/>
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt o
________________________________
From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] On Behalf Of admin admin [admin@weemat.com]
Sent: Thursday, November 05, 2009 18:27
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
http://blogs.msdn.com/w32time/archive/2007/09/04/keeping-the-domain-on-time.aspx explains requirements for a time source. Blog is maintained by Ryan who develops the time service code. Do the member servers have a DC of their own domain in their site?
Any news on adding the 0x8 and the result?
M
________________________________
From: Thomas.Vuylsteke@realdolmen.com
To: activedir@mail.activedir.org
Date: Wed, 4 Nov 2009 15:55:27 +0100
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Perhaps a related question:
http://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx contains a nice picture explaining the domain hierarchy time source selection thingy (http://i.technet.microsoft.com/cc773013.4d3b9294-477c-49eb-a06a-7a330ae0cf58(en-us).gif)
I can see how a client selects a DC in it’s own Domain and which DC or PDC the DC’s choose. But what about “site awareness” of the time synchronization stuff for the clients/member servers. A customer of mine has (member) servers in their main site synchronizing time with DC’s in remote sites. Is this “normal” behavior? Can this be tuned?
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
Sent: dinsdag 3 november 2009 11:52
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
We have seen similar problems when using symmetricom gps clocks as a originating time source. In summary the Windows Time Service will look to talk in "active" mode rather than standard "client" and some time sources respond incorrectly. You can turn this feature off on the Windows hosts so it talks RFC compliant "client" and it seems to work however we took a sw upgrade from the vendor and it fixed our problem.
Now developing this thread further we thought we could mitigate the loss of the PDCE or reliable time source in the forest by setting non PDCE DC's in the root to be "allsync" so in the event of the PDCE not being discovered the DC's would fallback to NTP and use the external time sources and this would cascade downwards. What we found tho was that the non PDCE DC's even when the PDCE was online were taking time form the external time sources suggesting that the discovery process was failing. We failed to get a good answer on this from MSFT so decided to set all non PDCE DC's to use NTDS5.
Does anyone else have any lessons learned they would like to share?
Thanks.
Damian.
________________________________
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Brown, Ken F.
Sent: 26 October 2009 17:12
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Have you tried a 3rd-party Windows based NTP client to see if it can extract time from that device? Worse comes to worse - you put the NTP software on your 2008 PDC-E and use that rather than Windows time - at least that would validate that your time sources "talk" NTP correctly.
I do that on my PC (and I've stopped the W32time service) - and use an NTP monitoring tool to validate our time sources.
I'm using the meinberg distribution of NTP (they take the office NTP code and compile it/make a distribution for Windows - they also sell time devices) along with their monitoring tool. Although we also use ntpq to query the time sources for standard operations - the GUI tool is so much easier to read than NTPQ output is.
-----Original Message-----
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 12:16 PM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
The vendor stated that he had had issues in the past with windows in general. They advise using some software-in-between on the PDC to sync with the hardware device :S
Kind regards,
Thomas
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Kennedy, Jim
Sent: maandag 26 oktober 2009 17:03
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Windows NTP timesync with "hardware clock"
Sensitivity: Confidential
Sync’ing here with a Cisco 65xx for several years. I did have to do some minor config to the 65xx to tell it to serve time. Maybe your device needs that step?
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Thomas Vuylsteke
Sent: Monday, October 26, 2009 11:55 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Windows NTP timesync with "hardware clock"
Guys (and girls),
A customer of mine has a hardware NTP time source (attached to the network). We are trying to sync our PDC with it, but we are unable to sync up with it…
Settings:
• OS Windows 2008 SP2
• The clock its vendor:
• NTP specifics:
• Announceflags 5
• Source: Clock.domain.customer.com,0x1
• Type: NTP
Doing a w32tm /resync gives a failure, If I configure the same on my W7 laptop, things go fine…
I used a tool like “ntpquery” (free utility) to check wheter the PDC can access the clock (network-wise) and that seems to succeed.
Is it possible the device talks “official” NTP and that the windows server talks windows NTP which isn’t the same as the one specified in RFC’s and so on? Have you guys ever had issues syncing with specific devices?
Kind regards,
Thomas Vuylsteke
System Engineer Server Technology
thomas.vuylsteke@realdolmen.com<mailto:thomas.vuylsteke@realdolmen.com>
Direct +32 (0)2 362 55 55
[cid:image001.gif@01CA5D67.3A899430]<http://www.realdolmen.com/>
[cid:image002.gif@01CA5D67.3A899430]<http://www.realdolmen.com/customercases>
This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 362 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.
[cid:image003.gif@01CA5D67.3A899430]
________________________________
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
________________________________
Download Messenger onto your mobile for free. Learn more.<http://clk.atdmt.com/UKM/go/174426567/direct/01/>
| | | |
|
|