im having problems getting my DC (PDC Role as it is the only DC in the network) to sync time with an external ntp server. My Server is running Windows Server 2016 x64 fully patched. The Windows Firewall is completely disabled just to rule out possible isues.
EDIT: It is not a VM, just a normal physical Supermicro 2U Server.
I keep getting the following message:
C:\Documents and Settings\Administrator>w32tm /resync /rediscover
Sending resync command to local computer...
The computer did not resync because no time data was available.
I tried configuring NTP the following ways:
Using w32tm
PS C:\Users\Administrator> w32tm.exe /config /manualpeerlist:”192.168.1.10 1.europe.pool.ntp.org 2.europe.pool.ntp.org 3.europe.pool.ntp.org” /syncfromflags:manual /reliable:YES /upda
te
Der Befehl wurde erfolgreich ausgeführt.
PS C:\Users\Administrator> w32tm.exe /config /update
Der Befehl wurde erfolgreich ausgeführt.
PS C:\Users\Administrator> Restart-Service w32time
Using GPO's using these guides (tried them both)
- https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/
- http://www.sysadminlab.net/windows/configuring-ntp-on-windows-using-gpo
EDIT: After any changes to the GPO's I did issue gpupdate /force to enforce the GPO
no matter which way I try to implement it I always get the following results:
Checking no other application is blocking port 123
C:\Users\Administrator>netstat -o -a -n | find ":123"
UDP 0.0.0.0:123 *:* 1248
UDP [::]:123 *:* 1248
Verifying that connection to the ntp server is working using /stripchart
C:\Users\Administrator>w32tm /stripchart /computer:0.europe.pool.ntp.org /samples:5 /dataonly
0.europe.pool.ntp.org wird verfolgt [195.46.37.22:123].
5 Proben werden gesammelt.
Es ist 26.01.2018 11:55:40.
11:55:40, -52.4480780s
11:55:42, -52.4482309s
11:55:44, -52.4482593s
11:55:46, -52.4484657s
11:55:49, -52.4482562s
w32tm configuration
C:\Users\Administrator>w32tm /query /configuration
[Konfiguration]
EventLogFlags: 2 (Lokal)
AnnounceFlags: 5 (Lokal)
TimeJumpAuditOffset: 28800 (Lokal)
MinPollInterval: 6 (Lokal)
MaxPollInterval: 10 (Lokal)
MaxNegPhaseCorrection: 172800 (Lokal)
MaxPosPhaseCorrection: 172800 (Lokal)
MaxAllowedPhaseOffset: 300 (Lokal)
FrequencyCorrectRate: 4 (Lokal)
PollAdjustFactor: 5 (Lokal)
LargePhaseOffset: 50000000 (Lokal)
SpikeWatchPeriod: 900 (Lokal)
LocalClockDispersion: 10 (Lokal)
HoldPeriod: 5 (Lokal)
PhaseCorrectRate: 7 (Lokal)
UpdateInterval: 100 (Lokal)
[Zeitanbieter]
NtpClient (Lokal)
DllName: C:\Windows\SYSTEM32\w32time.DLL (Lokal)
Enabled: 1 (Lokal)
InputProvider: 1 (Lokal)
AllowNonstandardModeCombinations: 1 (Lokal)
ResolvePeerBackoffMinutes: 15 (Lokal)
ResolvePeerBackoffMaxTimes: 7 (Lokal)
CompatibilityFlags: 2147483648 (Lokal)
EventLogFlags: 1 (Lokal)
LargeSampleSkew: 3 (Lokal)
SpecialPollInterval: 3600 (Lokal)
Type: NTP (Lokal)
NtpServer: 0.192.168.1.10 1.europe.pool.ntp.org 2.europe.pool.ntp.org 3.europe.pool.ntp.org (Lokal)
NtpServer (Lokal)
DllName: C:\Windows\SYSTEM32\w32time.DLL (Lokal)
Enabled: 1 (Lokal)
InputProvider: 0 (Lokal)
AllowNonstandardModeCombinations: 1 (Lokal)
w32tm status
C:\Users\Administrator>w32tm /query /status
Sprungindikator: 0(keine Warnung)
Stratum: 1 (Primärreferenz - synchron. über Funkuhr)
Präzision: -6 (15.625ms pro Tick)
Stammverzögerung: 0.0000000s
Stammabweichung: 10.0000000s
Referenz-ID: 0x4C4F434C (Quellname: "LOCL")
Letzte erfolgr. Synchronisierungszeit: 26.01.2018 11:32:13
Quelle: Local CMOS Clock
Abrufintervall: 6 (64s)
The source will always remain at Local CMOS Clock
The following commands did not change anything:
- w32tm /resync
- w32tm /resync /rediscover
- w32tm /resync /rediscover /nowait
In between "Tries" I did the following to reset my settings:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
Basicly no matter what I do I cannot get my DC to sync time with any NTP server (even tried my router using 192.168.1.10 because it runs an integrated NTP-Server but no luck as well)
Any ideas on how to fully reset NTP settings completely other than using w32tm /unregister && w32tm /register and rebooting?
EDIT: Server Configuration seems fine, when connected to my router (ntp-server) it works just fine.
The Switch is a HPE OfficeConnect Switch 1850-24G 2XGT (JL170A)
Any idea why the switch is "blocking" ntp traffic despite the fact that w32tm /stripchart is working fine?
regards
Best Answer
I found the Problem!
The server is connected to an HPE OfficeConnect 1850-24G 2XGT (JL170A).
This switch has a 'Security' feature named "Prevent UDP Blat Attack" after disabling said feature NTP works like a charm with both ways of configuration (cmd or GPO)
For reference, I found an article (different switch model though) describing the problem: http://www.gadjev.com/2014/06/23/auto-dos-feature-on-hp-v1810-switches-blocks-legitimate-network-traffic/