Windows 7 machines won't sync time

Question

I configured my Windows Server 2008 box as an authoritative time server using the instructions here: http://support.microsoft.com/kb/816042

Port 123 is open for incoming and outgoing connections on the server.

However, the other computers on the domain (which are all running Windows 7) will not sync time with it.

I get the following output from various w32tm commands (run on the Windows 7 machines):

C:\Windows\system33>w32tm /config /syncfromflags:domhier /update
The command completed successfully.

C:\Windows\system32>net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

C:\Windows\system32>net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.

C:\Windows\system32>w32tm /query /source
Local CMOS Clock

C:\Windows\system32>w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Local)
AnnounceFlags: 10 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 10 (Local)
MaxPollInterval: 15 (Local)
MaxNegPhaseCorrection: 4294967295 (Local)
MaxPosPhaseCorrection: 4294967295 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 1 (Local)
UpdateInterval: 30000 (Local)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NT5DS (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 0 (Local)
InputProvider: 0 (Local)

C:\Windows\system32>w32tm /resync /rediscover
Sending resync command to local computer
The computer did not resync because no time data was available.

I also get the following error in my event log:

NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

How can I fix this?

@Dan Just UDP when I wrote the question, but I've just tried opening up TCP too and it doesn't appear to have made any difference. — Rich, Jan 19 '11 at 16:21
Do you get the correct server names when you type w32tm /monitor ? — Cold T, Feb 22 '12 at 17:11
@ColdT No! I get: `GetDcList failed with error code: 0x8007054B. Exiting with error 0x8007054B` — Rich, Feb 23 '12 at 13:36
Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Parameters, set the Type to "NT5DS" without the quote. If it was already there, the value is correct. If it needs changing, then after this type in w32tm /resync /rediscover, I'd assume it would provide you with some info and then finally w32tm /monitor. Let me know if that helps. — Cold T, Feb 23 '12 at 16:30
@ColdT The `Type` registry value is already set to `NT5DS` for me. The output for `w32tm /resync /rediscover` is the same as the output I pasted into the question: `Sending resync command to local computer. The computer did not resync because no time data was available.` — Rich, Feb 24 '12 at 10:12

score 1 · Answer 1 · edited Feb 22 '12 at 16:54

On your server, how exactly have you entered the peer servers (step 4c in the Microsoft KB article referenced)? If you just typed in the word peers as stated in the KB, that certainly won't do. The entry should be something like: us.pool.ntp.org,0x1 time.windows.com,0x1 some.other.time.server,0x1

You can verify these settings with the command 'net time /querysntp'

If the server is unable to get a usable timestamp from the upstream peer, it will not advertise itself as authoritative to your clients, and the clients may not synchronize with it. I have found that time.windows.com regularly fails to provide usable timestamps to my servers; therefore I do not use it.

The setting I used is: `time.windows.com,0x1 tock.usno.navy.mil,0x1` — Rich, Feb 22 '12 at 15:46

score 1 · Answer 2 · answered Nov 10 '11 at 07:35

1

Keep in mind that Group Policy may be overriding your local registry settings.

w32tm /query /configuration in 2008 to find out, I can find no equivalent for 2003.

answered Nov 10 '11 at 07:35

Jure Sah

11
1

I'm running 2008! 2003 was a typo. What should I be looking for in the output of w32tm /query /configuration? If it turns out Group Policy is the problem, how do I fix it? – Rich Feb 22 '12 at 15:58
Machines in a domain usually need to be time sync'd to the domain controller as AD uses kerberos to authenticate, and kerberos is time-sensitive. It may be easier to sync the DC to the external servers, then the domain itself will keep computers in the domain in sync with the DC. – Chris J Feb 22 '12 at 17:01
@ChrisJ That's what I'm trying to do. I can't get it to work, though. – Rich Feb 23 '12 at 13:39

Windows 7 machines won't sync time

2 Answers2

Linked