On Thu, Jun 4, 2015 at 1:28 PM, Free Jr., Bob <[email protected]> wrote: > Sounds like you may have more than one DC advertising as reliable. Probably > not a recommended configuration :-)
You're probably right ... > > I suspect you have the GTIMESERV (always reliable) flag set on the old DC > and now on the new one. > > NetLogon provides two flags that are created specifically for w32time's use, > TIMESERV flag indicates that the machine is currently synchronized and can > provide time sync responses. > > The GTIMESERV flag means that a machine is "special" because it is a "good" > source of time and gives it the highest criteria in the hierarchy used by a > client DC when selecting a source. > > Look to see if the old DC is advertising that flag with nltest or check it's > registry. > > nltest /dsgetdc:mydomain /server:mydc > /snip > Flags: PDC GC DS LDAP KDC *GTIMESERV* WRITABLE DNS_DC DNS_DOMAIN > DNS_FOREST CLOSE_SITE FULL_SECRET > > They might work it out by themselves when you demote the old one by my > experience tells me there's a good chance you will have to do a /rediscover > if you don't compensate for it first. As it turns out, it did work itself out. I demoted the old DC, removed it from the domain, and powered it down. It took a while, but now the other DCs are showing the "source" as the new DC. > > --gory details Good info to know, thanks.
