2

im having problems getting my DC (PDC Role as it is the only DC in the network) to sync time with an external ntp server. My Server is running Windows Server 2016 x64 fully patched. The Windows Firewall is completely disabled just to rule out possible isues. EDIT: It is not a VM, just a normal physical Supermicro 2U Server.

I keep getting the following message:

C:\Documents and Settings\Administrator>w32tm /resync /rediscover
Sending resync command to local computer...
The computer did not resync because no time data was available.

I tried configuring NTP the following ways:

Using w32tm

PS C:\Users\Administrator> w32tm.exe /config /manualpeerlist:”192.168.1.10 1.europe.pool.ntp.org 2.europe.pool.ntp.org 3.europe.pool.ntp.org” /syncfromflags:manual /reliable:YES /upda

te Der Befehl wurde erfolgreich ausgeführt. PS C:\Users\Administrator> w32tm.exe /config /update Der Befehl wurde erfolgreich ausgeführt. PS C:\Users\Administrator> Restart-Service w32time

Using GPO's using these guides (tried them both)

EDIT: After any changes to the GPO's I did issue gpupdate /force to enforce the GPO

no matter which way I try to implement it I always get the following results:

Checking no other application is blocking port 123

C:\Users\Administrator>netstat -o -a -n | find ":123"
UDP    0.0.0.0:123            *:*                                    1248
UDP    [::]:123               *:*                                    1248

Verifying that connection to the ntp server is working using /stripchart

C:\Users\Administrator>w32tm /stripchart /computer:0.europe.pool.ntp.org /samples:5 /dataonly
0.europe.pool.ntp.org wird verfolgt [195.46.37.22:123].
5 Proben werden gesammelt.
Es ist 26.01.2018 11:55:40.
11:55:40, -52.4480780s
11:55:42, -52.4482309s
11:55:44, -52.4482593s
11:55:46, -52.4484657s
11:55:49, -52.4482562s

w32tm configuration

C:\Users\Administrator>w32tm /query /configuration
[Konfiguration]

EventLogFlags: 2 (Lokal)
AnnounceFlags: 5 (Lokal)
TimeJumpAuditOffset: 28800 (Lokal)
MinPollInterval: 6 (Lokal)
MaxPollInterval: 10 (Lokal)
MaxNegPhaseCorrection: 172800 (Lokal)
MaxPosPhaseCorrection: 172800 (Lokal)
MaxAllowedPhaseOffset: 300 (Lokal)

FrequencyCorrectRate: 4 (Lokal)
PollAdjustFactor: 5 (Lokal)
LargePhaseOffset: 50000000 (Lokal)
SpikeWatchPeriod: 900 (Lokal)
LocalClockDispersion: 10 (Lokal)
HoldPeriod: 5 (Lokal)
PhaseCorrectRate: 7 (Lokal)
UpdateInterval: 100 (Lokal)


[Zeitanbieter]

NtpClient (Lokal)
DllName: C:\Windows\SYSTEM32\w32time.DLL (Lokal)
Enabled: 1 (Lokal)
InputProvider: 1 (Lokal)
AllowNonstandardModeCombinations: 1 (Lokal)
ResolvePeerBackoffMinutes: 15 (Lokal)
ResolvePeerBackoffMaxTimes: 7 (Lokal)
CompatibilityFlags: 2147483648 (Lokal)
EventLogFlags: 1 (Lokal)
LargeSampleSkew: 3 (Lokal)
SpecialPollInterval: 3600 (Lokal)
Type: NTP (Lokal)
NtpServer: 0.192.168.1.10 1.europe.pool.ntp.org 2.europe.pool.ntp.org 3.europe.pool.ntp.org (Lokal)

NtpServer (Lokal)
DllName: C:\Windows\SYSTEM32\w32time.DLL (Lokal)
Enabled: 1 (Lokal)
InputProvider: 0 (Lokal)
AllowNonstandardModeCombinations: 1 (Lokal)

w32tm status

C:\Users\Administrator>w32tm /query /status
Sprungindikator: 0(keine Warnung)
Stratum: 1 (Primärreferenz - synchron. über Funkuhr)
Präzision: -6 (15.625ms pro Tick)
Stammverzögerung: 0.0000000s
Stammabweichung: 10.0000000s
Referenz-ID: 0x4C4F434C (Quellname:  "LOCL")
Letzte erfolgr. Synchronisierungszeit: 26.01.2018 11:32:13
Quelle: Local CMOS Clock
Abrufintervall: 6 (64s)

The source will always remain at Local CMOS Clock The following commands did not change anything:

  • w32tm /resync
  • w32tm /resync /rediscover
  • w32tm /resync /rediscover /nowait

In between "Tries" I did the following to reset my settings:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time

Basicly no matter what I do I cannot get my DC to sync time with any NTP server (even tried my router using 192.168.1.10 because it runs an integrated NTP-Server but no luck as well)

Any ideas on how to fully reset NTP settings completely other than using w32tm /unregister && w32tm /register and rebooting?

EDIT: Server Configuration seems fine, when connected to my router (ntp-server) it works just fine.

The Switch is a HPE OfficeConnect Switch 1850-24G 2XGT (JL170A)

Any idea why the switch is "blocking" ntp traffic despite the fact that w32tm /stripchart is working fine?

regards

Alkahna
  • 161
  • 1
  • 1
  • 7
  • 1
    How long did you wait after committing the changes? I discovered that Windows Server takes _forever_ to update its timesettings sometimes. I'd delete the list, set `w32tm /config /syncfromflags:manual /update /reliable:yes /manualpeerlist:"0.de.pool.ntp.org"` and check `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time` and subkeys if something is wrong there. And reset `w32time` service of course. – Lenniey Jan 26 '18 at 12:17
  • I waited a few minutes but also trying to force an resync with `w32tm /resync /rediscover /nowait` anda fter giving up last night (having the GPO in place) nothing changed overnight... – Alkahna Jan 26 '18 at 12:34
  • Ah yes, forgot that: disable the GPOs and force a gpupdate via `gpupdate /force`. Try it locally first. Also check if some other GPO overwrites your settings `gpresult /R` and `gpresult /H gpresult.html` – Lenniey Jan 26 '18 at 12:38
  • edited my post. I issued `gpupdate /force` after every change to the GPO. I generated the GPO result via `gpresult /H gpresult.html` like you suggested. There is no sign of any ntp settings left as I now (again) try to configure NTP via w32tm commands – Alkahna Jan 26 '18 at 13:01
  • You can also try to just delete / reset all ntp settings in registry and start over (as last resort). But be careful! – Lenniey Jan 26 '18 at 13:03
  • @Alkahna: Is the computer a physical or virtual? – Greg Askew Jan 26 '18 at 15:50
  • cleaning registry is done with unregistering & registering the w32tm service and the registry looks fine to me. @Greg Askew its a physical machine – Alkahna Jan 26 '18 at 16:01
  • What happens if you try to sync with time.Windows.com? – Jim B Jan 27 '18 at 01:32
  • Same thing, neither windows ntp nor any other (any pool.ntp.org or my router) will sync – Alkahna Jan 27 '18 at 12:16

2 Answers2

3

I found the Problem!

The server is connected to an HPE OfficeConnect 1850-24G 2XGT (JL170A).

This switch has a 'Security' feature named "Prevent UDP Blat Attack" after disabling said feature NTP works like a charm with both ways of configuration (cmd or GPO)

For reference, I found an article (different switch model though) describing the problem: http://www.gadjev.com/2014/06/23/auto-dos-feature-on-hp-v1810-switches-blocks-legitimate-network-traffic/

Alkahna
  • 161
  • 1
  • 1
  • 7
  • Wow. That was a weird one. Nice catch. – joeqwerty Jan 27 '18 at 22:48
  • Yeah spent way too much time on looking at the server rather than other network components. Hopefully this will help others to help troubleshoot their problems :-) – Alkahna Jan 28 '18 at 00:30
2

I suspect that after resetting the Windows Time service that you didn't reconfigure it. Resetting it sets it back to default. You'll need to reconfigure it to your specific needs, as such:

w32tm.exe /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:YES /update

using whichever time sources you want to use.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • after every reset I did configure it again to test if the new configuration would work. – Alkahna Jan 26 '18 at 16:36
  • OK. I'm at a loss then. – joeqwerty Jan 26 '18 at 16:37
  • This does work, but not immediately. My server clock was 5 minutes behind, I ran your command in command prompt, it said it was successful. The time didn't change but when I clicked the clock (bottom right in desktop view) I noticed it was ticking very quickly. When it caught up to the actual time it started ticking at a normal pace. – JJJ Apr 13 '19 at 19:51
  • @JJJ This is expected behavior. The system clock tick duration is quartered or halved (depending on the size of the gap between current and correct time) which allows the clock to catch up gradually and avoid the side effects of a sudden large jump in time. – AlsoKnownAsJazz Aug 06 '19 at 18:13