0

I've got a Server 2019 DC (standalone/solo), running on physical hardware, which is configured and presenting as a reliable time source (TIMESRV and GTIMESRV flags are set), but all domain clients are not syncing with it.

These are set to NT5DS and can see the NTP service on the DC if using any third-party NTP tools to query it, so there are no (obvious) firewall issues.

The domain instance itself has been upgraded over a decade or more from 2003->2008->2019 and has moved server multiple times; but there's no ghost servers showing and all the FSMO roles are intact on that machine. dcdiag is clean.

Event log entries suggest that the clients are aware it is there as a time source, but are unwilling to use it:

Ntp Client is receiving time data from the following NTP Servers: dc.domain.local (ntp.d|0.0.0.0:123->X.X.X.X:123); and the chosen reference time server is .

Anyone any ideas before I give up and set a GPO to change to NTP rather than NT5DS?

Cian
  • 1
  • How are you determining that they're not using the DC? What does **w32tm /query /source** and **w32tm /query /configuration** show you on a domain client? – joeqwerty Sep 14 '21 at 14:24
  • The first thing would be the ~90 second difference that one has "Local CMOS Clock" is given as the source The /query /configuration gives: [TimeProviders] NtpClient (Local) DllName: C:\WINDOWS\SYSTEM32\w32time.DLL (Local) Enabled: 1 (Local) InputProvider: 1 (Local) CrossSiteSyncFlags: 2 (Local) AllowNonstandardModeCombinations: 1 (Local) ResolvePeerBackoffMinutes: 15 (Local) ResolvePeerBackoffMaxTimes: 7 (Local) CompatibilityFlags: 2147483648 (Local) EventLogFlags: 1 (Local) LargeSampleSkew: 3 (Local) SpecialPollInterval: 3600 (Local) Type: NT5DS (Local) – Cian Sep 15 '21 at 13:04

0 Answers0