In one of our domains, we have two Server 2003 servers (JUDY and ASTRO). We recently switched all the FSMO roles over to JUDY, from ASTRO. That seemed to work fine, and running "netdom query fsmo" shows that JUDY holds all the FSMO roles. However, when I run dcdiag on JUDY, it passes all the tests EXCEPT the Advertising and FSMO checks. The errors state that JUDY is not advertising as a time server and also that "The server holding the PDC role is down" (even though JUDY reports that it is the PDC emulator.
I have looked through countless articles online and have followed all the suggestions: changed the Registry settings related to Time Service, unregistered and re-registered the time service; uninstalled and then re-installed Hyper-V Integration Services (JUDY is a virtual server running on Hyper-V); changed the settings on ASTRO so that it looks to the domain hierarchy for time settings, etc. So far, nothing has worked.
One question I have is: which problem should I be trying to solve first? Getting JUDY to advertise as a time server, or dealing with the "PDC role is down" error? Which one is dependent on the other? When I've googled the PDC role issue, I find that most of the responses involve checking the time server settings, so I feel like I'm chasing my tail.
Also, since this is a virtual server, if I'm planning to use an external time server (like time.windows.com) should I remove the integrated time service option in Hyper-V? Or can that stay installed, as long as I change the registry to sync to an external time source?
Any advice would be GREATLY appreciated.
Best Answer
Don't use a VM for your PDC emulator. Hyper-V "hardware" causes sync issues with the time server service, even with the Hyper-V integration service. There is just too much room for 'flexibility' and adjustment of the time through all of the layers of hardware, software, software-that's-pretending-to-be-hardware, and then software-on-software-pretending-to-be-hardware.
Always keep at least one DC physical. If possible, keep one per site physical (I prefer to keep at least two at my main site physical as well), and then build up VM DCs from there.
As an aside, why do you have all of your FSMO roles on one server? If for some reason you don't trust ASTRO, retire it after getting a new DC in there.