|
Hi,
I experienced the following
twice in different projects concerning the time synchronisation when adding WXP
computers to a domain. In both projects the clients were rolled out using
images. The client in the image was configured in a workgroup and added to a
domain using sysprep. In both organisations the following policy
existed:
* the xp client must not have
automatic connections with external networks (e.g. the internet) (this applies
to several update mechanism in xp AND the time sync option in "Control Panel
-> Date and Time -> Internet Time -> Automatically sync time with a
internet time server" Concerning the last option it was disabled by unchecking
the option.
By unchecking this option one of
the following happend:
* When joining the xp client to
AD the client could not be added because of the time skew (more than 5 minutes)
(An XP client automatically syncs the time when it is joined to a domain)
Adjusting the time manually as local admin solved the problem and the client
could be added to the domain
* the client joined the domain
and after the reboot no one could log on to it because of the time skew (more
than 5 minutes) and policies were also not applied. Adjusting the time manually
as local admin solved the problem and the client could be added to the
domain
By the way: when checking to see
if the time on a client (using the systemtray) is OK also check for the correct
date!
In both situations the problems
were solved by NOT UNCHECKING the option "Control Panel -> Date and Time
-> Internet Time -> Automatically sync time with a internet time
server".
The first time I encountered
this I checked what the option did and to me it seemed that it had not impact on
the client when it was joined to a domain. The opposite was true as you
can read above. So my advise: do not uncheck the option "Control Panel ->
Date and Time -> Internet Time -> Automatically sync time with a internet
time server" Leave the default configured.
The client switches to a domain
controller as a time provider when it is added to a domain
Regards,
Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Thursday, February 19, 2004 22:32 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows XP time sync Some of the MVP folks in the XP NG's alluded to other
manufacturers as well but since Dell substantiated it by providing a patch, I
figured that must be the real deal :-) From: DeGrands, Charles [mailto:[EMAIL PROTECTED] Sent: Thursday, February 19, 2004 12:58 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows XP time sync After reading this thread, I checked my
recently purchased HP Evo and it too had the time pointed to Microsoft. So
it’s not hardware specific. From: Rich Milburn
[mailto:[EMAIL PROTECTED] Bob, you’re a genius! J Yes they are Dells, and not by
chance… and it’s not all of the Dells. One of my concerns here was fixing
the problem without knowing the cause. I don’t mind running a script, and
these commands work remotely, as long as we know how to avoid it in the
future. I agree with Joe about fixing an automatic process instead of
making it manual when it doesn’t work. I’ll look into this. They are Dell
OptiPlex GX270s I think, small profile mini-desktops, P4 2.4 I
think. Rich From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Free, Bob Yes, they are supposed to automagically
change to NT5DS upon joining a domain from all the MS
documentation. Is it happening to all of them? Are
they Dell PC's by chance? They actually have a patch because,
allegedly, some PCs were imaged with different processor stepping levels
than ended up in the final product which throws w23time for a loop.
The XP NG's are full of the complaint. Apparently the patch is just a batch file
to re-register the service correctly. A MS KB is (allegedly) forthcoming
:-) net stop
w32time From: Rich Milburn
[mailto:[EMAIL PROTECTED] Okay the MS consultant who worked on our AD
upgrade answered that adding an XP computer to a domain should set the time to
sync using NT5DS, which is what I thought I remembered was supposed to
happen. But it’s not happening. If I run the w32tm commands and the
setsntp: then it fixes the registry settings to use NT5DS. Anyone know why
we might be seeing this issue, or know more about
this? Thanks – Rich From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Byrd,
Todd The servers in a domain will automatically
update from each other, progressing upward toward the root PDC (ie each server
in a child domain will sync with the child domain PDC by default, and the child
PDC will sync with the root PDC, while all servers in the root domain will sync
with the root PDC….. ) the Root domain PDC should be allowed to sync with an
outside SNTP server…. For the workstations, the time server needs to be mandated
through a GPO, or through DHCP…. The GPO for setting a specific time server
is set under Computer Configuration > Admin templates > windows
components > system > windows time service > time providers
Hope this
helps… Todd From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Rich
Milburn I’ve seen it talked
about on this list that time should be sync’d automatically in a domain. I
was going along checking the SMS logs and found a number of them that said the
computers’ time was offset. I thought that was odd, and I looked into
it. The XP computers are set to time.windows.com when you do a net time
/querysntp on them. If they are actually trying to use that, it’s a
problem because SNTP is not allowed out. Besides, we want them getting
their time from the domain, not MS. So I can run a command against them to
clear this (/setsntp: ) and I can run w32tm /config /computer:name /update
/syncfromflags:domhier and it works – the time gets sync’d. I looked into
the issue further though, and see that all the XP computers are set like
that. This does not seem like what we want, so what am I missing
here? Do we have to set this up in the login script or is there a setting
I missed in GP that fixes it or ?? I assumed joining a computer to a
domain would fix this issue (never really paid attention to it before) but
apparently it doesn’t. Thanks Rich -------APPLEBEE'S INTERNATIONAL,
INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be
contained in this message or any attachments. This information is strictly
confidential and may be subject to attorney-client privilege. This message is
intended only for the use of the named addressee. If you are not the intended
recipient of this message, unauthorized forwarding, printing, copying,
distribution, or using such information is strictly prohibited and may be
unlawful. If you have received this in error, you should kindly notify the
sender by reply e-mail and immediately destroy this message. Unauthorized
interception of this e-mail is a violation of federal criminal law. Applebee's
International, Inc. reserves the right to monitor and review the content of all
messages sent to and from this e-mail address. Messages sent to or from this
e-mail address may be stored on the Applebee's International, Inc. e-mail
system. -------APPLEBEE'S INTERNATIONAL,
INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be
contained in this message or any attachments. This information is strictly
confidential and may be subject to attorney-client privilege. This message is
intended only for the use of the named addressee. If you are not the intended
recipient of this message, unauthorized forwarding, printing, copying,
distribution, or using such information is strictly prohibited and may be
unlawful. If you have received this in error, you should kindly notify the
sender by reply e-mail and immediately destroy this message. Unauthorized
interception of this e-mail is a violation of federal criminal law. Applebee's
International, Inc. reserves the right to monitor and review the content of all
messages sent to and from this e-mail address. Messages sent to or from this
e-mail address may be stored on the Applebee's International, Inc. e-mail
system. -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. |
- [ActiveDir] Windows XP time sync Rich Milburn
- RE: [ActiveDir] Windows XP time sync Byrd, Todd
- RE: [ActiveDir] Windows XP time sync Rich Milburn
- RE: [ActiveDir] Windows XP time sync Rich Milburn
- RE: [ActiveDir] Windows XP time sync james . blair
- RE: [ActiveDir] Windows XP time sync Rich Milburn
- RE: [ActiveDir] Windows XP time sync Free, Bob
- RE: [ActiveDir] Windows XP time sync Rich Milburn
- RE: [ActiveDir] Windows XP time sync DeGrands, Charles
- RE: [ActiveDir] Windows XP time sync Free, Bob
- RE: [ActiveDir] Windows XP time sync Jorge de Almeida Pinto
- RE: [ActiveDir] Windows XP time sync rmcdonald
