PDC Emulator: Cannot Sync Time From External NTP Server

KB ID 0001464

Problem

I was involved in a question on Experts Exchange this week where the asker could not get their PDC to sync time from an external NTP server.

He was seeing an Event ID 12 Error;

Event ID 12

Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

Also See: Windows – Setting Domain Time

Solution

If you see this error in the event log, then when you try and ‘resync’ you may see;

Computer Did not Resync no time data available

The computer did not resync because no time data was available

Then look at the following

UDP Port 123 (NTP) is not opened, (outbound) for this host on the corporate firewall.

This is easy to check, use NTPTool, if it looks like this either the hostname/IP address you are going to is incorrect, or the PORT is blocked on your firewall.

NTP Tool Port Blocked

If it looks like this then your hostname/IP is correct, and the port IS open.

NTP Tool Port Open

Is the Server a Virtual Machine? 

If so it might be getting its time set at the Hyper Visor level, (this is not good for Windows machines). Check the VM Settings

VMware 6

ESX 6 Disable Time Sync To Guest

VMware 5

ESX 5 Disable Time Sync To Guest

There is a GPO enforced on the PDC emulator that is enforcing the incorrect time settings

Again easy to check, open an administrative command Window and run ‘rsop’

Navigate to;

Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers

Enable windows NTP Server

Note: The Time servers must be in Name(comma) Stratum-level (space) format. For troubleshooting just try pool.ntp.org, 0x1 (Then you can specify ones closer to home, as you prove they work ok, if you get the stratum level or the syntax wrong then you will see the “The computer did not resync because no time data was available,” error.

If theres a GPO being applied higher up in the domain, you need to change it, so that it does not apply (at least to the PDC Emulator). In the next post I’ll discuss how to set the PDC Emulator to correctly get its time via GPO.

Check What your Server ‘Thinks’ is the Correct NTP Settings

Firstly use;

w32tm /query /status

Below we can see the server is using its own internal clock, this is not what we want! You need to go back to square one if you see this!

 Check Server Time Source

Assuming it’s not using its own clock as a time source, use the following;

w32tm /query /configuration

Check Server Time Settings

You are looking for;

  • AnnounceFlags 5 (Local)
  • NtpClient (Local)
  • DllName C:\WINDOWS\SYSTEM32\w32time.DLL (Local)
  • (Under NTPClient) NtpServer {your-public-ntp-server}(Local)
  • (Under NTLClient) Enabled 1 (Local)

 Assuming that’s all OK you can also se the status;

w32tm /query /status /verbose

You are looking for;

  • Server Role 576 (Reliable Time Service)
 
 

Related Articles, References, Credits, or External Links

Sync Microsoft Domain Time To A Cisco NTP Device

Windows – Setting Domain Time

Cisco ASA – Configuring for NTP

Windows – Error ‘A Good Time server could not be located’

Author: PeteLong

Share This Post On

Submit a Comment

Your e-mail address will not be published. Required fields are marked *