KB ID 0001464
Problem
I was involved in a question on Experts Exchange this week where the asker could not get their PDC to sync time from an external NTP server.
He was seeing an Event ID 12 Error;
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
Also See: Windows – Setting Domain Time
Solution
If you see this error in the event log, then when you try and ‘resync’ you may see;
The computer did not resync because no time data was available
Then look at the following
UDP Port 123 (NTP) is not opened, (outbound) for this host on the corporate firewall.
This is easy to check, use NTPTool, if it looks like this either the hostname/IP address you are going to is incorrect, or the PORT is blocked on your firewall.
If it looks like this then your hostname/IP is correct, and the port IS open.
Is the Server a Virtual Machine?
If so it might be getting its time set at the Hyper Visor level, (this is not good for Windows machines). Check the VM Settings
VMware 6
VMware 5
There is a GPO enforced on the PDC emulator that is enforcing the incorrect time settings
Again easy to check, open an administrative command Window and run ‘rsop’
Navigate to;
[box]Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers [/box]
Note: The Time servers must be in Name(comma) Stratum-level (space) format. For troubleshooting just try pool.ntp.org, 0x1 (Then you can specify ones closer to home, as you prove they work ok, if you get the stratum level or the syntax wrong then you will see the “The computer did not resync because no time data was available,” error.
If theres a GPO being applied higher up in the domain, you need to change it, so that it does not apply (at least to the PDC Emulator). In the next post I’ll discuss how to set the PDC Emulator to correctly get its time via GPO.
Check What your Server ‘Thinks’ is the Correct NTP Settings
Firstly use;
[box]w32tm /query /status[/box]
Below we can see the server is using its own internal clock, this is not what we want! You need to go back to square one if you see this!
Assuming it’s not using its own clock as a time source, use the following;
[box]w32tm /query /configuration[/box]
You are looking for;
- AnnounceFlags 5 (Local)
- NtpClient (Local)
- DllName C:\WINDOWS\SYSTEM32\w32time.DLL (Local)
- (Under NTPClient) NtpServer {your-public-ntp-server}(Local)
- (Under NTLClient) Enabled 1 (Local)
Assuming that’s all OK you can also se the status;
[box]w32tm /query /status /verbose[/box]
You are looking for;
- Server Role 576 (Reliable Time Service)
Related Articles, References, Credits, or External Links
Sync Microsoft Domain Time To A Cisco NTP Device