1

I work at a dental office (and am not an IT professional, hence this post haha), and we have several computers using Windows 10 on a domain using Windows Server 2012. The time is right on the domain controller but it's a few minutes off on the normal computers in the domain and that's messing with the software we use to schedule appointments.

In Command Prompt on the PDC, I ran

w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update
net stop w32tm
net start w32tm
w32tm /resync /rediscover

but it says "The computer did not resync because no time data was available."

I have everything set to "Not configured" for Windows Time Service under the "Default Domain Policy" and "Default Domain Controllers Policy" group policies (idk which one is important for this). Also on the normal computers I ran w32tm /config /syncfromflags:domhier /update and verified in the registry editor that the type value was set to "NT5DS".

Additionally, w32tm /query /configuration shows that time.windows.com is the server, but running w32tm /query /source says the source is still "Local CMOS Clock," which apparently is the default if unable to connect to the NTP server. So it's a connection problem right? From what I've read it could my firewall is blocking the connection, so in Windows Firewall Advanced Settings I added new rules for both outbound and inbound calls for UDP port 123 which is apparently what the NTP uses. I installed netcat and tried ncat -u -v -z -w 2 time.windows.com 123 which appears successful so I'm not sure what the problem is. I've also heard that time.windows.com just kinda sucks so maybe I can try a different time server if no one has a solution.

Again I have no idea what I'm doing and I'm just going off the internet and ChatGPT so hopefully someone can point out what I'm missing. Thanks!

Edit Here is the "Time Providers" section of w32tm /query /configuration on both client and server:

Client:

[TimeProviders]

NtpClient (Local)
DllName: C:\WINDOWS\SYSTEM32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NT5DS (Local)

NtpServer (Local)
DllName: C:\WINDOWS\SYSTEM32\w32time.DLL (Local)
Enabled: 0 (Local)
InputProvider: 0 (Local)

Server:

[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NTP (Local)
NtpServer: 0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8 3.pool.ntp.o
rg,0x8 (Local)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 0 (Local)
InputProvider: 1 (Local)

I also reviewed the event logs on the PDC and it's logged the following warning every so often for the past 8 months:

The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

And on a client event log I have these under Time-Service:

Information:

The time provider 'VMICTimeProvider' has indicated that the current hardware and operating environment is not supported and has stopped. This behavior is expected for VMICTimeProvider on non-HyperV-guest environments. This may be the expected behavior for the current provider in the current operating environment as well.

Warning:

NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

Information:

The time provider NtpClient is currently receiving valid time data from pool.ntp.org,0x8 (ntp.m|0x8|0.0.0.0:123->131.243.64.12:123).

Warning:

Time Provider NtpClient: No valid response has been received from domain controller Server.Dental.local after 8 attempts to contact it. This domain controller will be discarded as a time source and NtpClient will attempt to discover a new domain controller from which to synchronize. The error was: The peer is unreachable.

and similar to what appeared on the PDC, Warning:

The time service has not synchronized the system time for the last 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients after 0 seconds. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization. You can control the frequency of the time source rediscovery using ClockHoldoverPeriod W32time config setting. Modify the EventLogFlags W32time config setting if you wish to disable this message.

So obviously something is going wrong, I just haven't discovered it yet.

Colby Wright
  • 11
  • 2
  • Use `W32TM /query /status` on DC and computers to check Source and Last Successful Sync Time. `w32tm /monitor` to list all the peers that machine might connect to, and their sources. Run `W32TM /query /peers` on a computer and verify the active Peer is your DC (and not an old/missing DC). I think you should not use rediscover in `w32tm /resync /rediscover` on the DC. – Cpt.Whale Jul 11 '23 at 22:09
  • See https://www.windowscentral.com/how-manage-time-servers-windows-10 to set the time server and troubleshoot. Also, try another server, e.g., pool.ntp.org. Seehttps://timetoolsltd.com/information/public-ntp-server/ – DrMoishe Pippik Jul 12 '23 at 01:30
  • @Cpt.Whale on DC and computers source says Local CMOS Clock, although on the computers it also says "not synchronized" with last succesful sync time "unspecified". Peer says Server."MyServerName".local. – Colby Wright Jul 12 '23 at 16:02
  • DrMoishe Pippik the "Internet Time" tab that they use isn't there for me. – Colby Wright Jul 12 '23 at 16:09
  • @ColbyWright Have you checked the group policies set on your domain controllers on the OU those servers reside? Check the GPO and the settings you have set on them. Here's a snippet of a configuration that seems to work for example using WIM filter for applying it only to the DC with PDC fsmo role assigned though: https://i.imgur.com/85ElVDM.png and the WMI query here: https://i.imgur.com/SaDpqUl.png with `authenticated users` having the access in "security filtering" for the GP object and it's applying to the `Domain Controllers` OU. – Vomit IT - Chunky Mess Style Jul 13 '23 at 19:27
  • Or even a computer configuration policies for your workstations using settings similar to these may help but wanted to share just in case: https://i.imgur.com/eoTFM6s.png. Maybe with those things, you can do some trial and error, poke over the settings, and see if some variation helps, or at least ensure there is no policy set currently causing you conflict and the issues you are seeing taking precedent over the other things you are trying. @ColbyWright – Vomit IT - Chunky Mess Style Jul 13 '23 at 19:35
  • @VomitIT-ChunkyMessStyle I was told to leave all group policies on "Not configured" and that the configurations set through the command prompt would then be applied. So I'd assume there's no conflicting policies because I haven't set anything. However, I can take a closer look and maybe try enabling and applying the settings you sent to see if that helps. My workstations match those configurations you shared in your second comment. – Colby Wright Jul 13 '23 at 20:38

1 Answers1

0

Run these commands on the DC - the main difference is to force it into client mode (0x8) and not attempt to discover other sources:

w32tm /config /manualpeerlist:"time.windows.com",0x8 /syncfromflags:MANUAL
net stop "windows time"
net start "windows time"
w32tm /resync

Then on the clients, try and run w32tm /stripchart /computer:myServer.local to verify they can communicate with the DC. If that works, then try w32tm /resync to have them sync up immediately.

Cpt.Whale
  • 4,501
  • 2
  • 13
  • 25
  • The resync just fails on the DC still. "The computer did not resync because no time data was available" Here's some of the output on a client: `C:\WINDOWS\system32>w32tm /stripchart /computer:myserver.local Tracking myserver.local [192.168.1.***:123]. The current time is 7/12/2023 12:53:48 PM. 12:53:48, d:+00.0005064s o:+149.0768773s [ | @] 12:53:50, d:+00.0006767s o:+149.0769041s [ | @] 12:53:52, d:+00.0006667s o:+149.0769146s [ | @]` (Sorry it won't format) – Colby Wright Jul 12 '23 at 18:01
  • @ColbyWright try `w32tm /resync /rediscover` on the client instead. It is able to get time info from the DC, since it can see the DC is over two minutes ahead – Cpt.Whale Jul 12 '23 at 21:21
  • That does makes sense and I guess rules out any problems with the firewall or like the port not being open, but running `w32tm /resync /rediscover` on the client still gives "The computer did not sync because no time data was available." – Colby Wright Jul 12 '23 at 22:52
  • @ColbyWright I've seen a few answers like the one here https://superuser.com/a/1194892/673426 that suggest the resync may succeed even though the error message says otherwise (try and check with stripchart again to see if it's improved). That answer also has some slightly different suggestions that may help you – Cpt.Whale Jul 13 '23 at 15:10
  • I tried what I saw on that post but yeah stripchart says (and the actual clock says) that the client time is 2.5 minutes behind the server. I'm so confused why it doesn't just sync if it has no problem getting this data. – Colby Wright Jul 13 '23 at 15:51
  • My solution for now is to configure each individual computer to sync directly with pool.ntp.org and hopefully that's good enough. – Colby Wright Jul 13 '23 at 19:16