I have a domain controller running Server 2019. I have two other DCs in the domain. On the server that is running the PDC Emulator roll, I configured it to point to the Navy's time servers.
w32tm /config /manualpeerlist:"tick.usno.navy.mil tock.usno.navy.mil ntp2.usno.navy.mil" /syncfromflags:manual /reliable:yes /update
This completes successfully. I restart the time service:
net stop w32time && net start w32time
After a while, I noticed the time on my systems in the whole domain was wrong. I'm not always in this domain, so by the time that I noticed, it was 5 minutes behind actual time. Now it is 6.5 minutes behind.
If I restart the time service again and then query the peers, all three state are active:
C:\windows\system32>w32tm /query /peers /verbose
#Peers: 3
Peer: ntp2.usno.navy.mil
State: Active
Time Remaining: 54.2426825s
Mode: 1 (Symmetric Active)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 6 (64s)
Last Successful Sync Time: (null)
LastSyncError: 0x800705B4 (This operation returned because the timeout period expired. )
LastSyncErrorMsgId: 0x00000000 (Succeeded)
AuthTypeMsgId: 0x0000005A (NoAuth )
Resolve Attempts: 0
ValidDataCounter: 1
Reachability: 2
Peer: tock.usno.navy.mil
State: Active
Time Remaining: 54.2582623s
Mode: 1 (Symmetric Active)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 6 (64s)
Last Successful Sync Time: (null)
LastSyncError: 0x800705B4 (This operation returned because the timeout period expired. )
LastSyncErrorMsgId: 0x00000000 (Succeeded)
AuthTypeMsgId: 0x0000005A (NoAuth )
Resolve Attempts: 0
ValidDataCounter: 1
Reachability: 2
Peer: tick.usno.navy.mil
State: Active
Time Remaining: 54.2729373s
Mode: 1 (Symmetric Active)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 6 (64s)
Last Successful Sync Time: (null)
LastSyncError: 0x800705B4 (This operation returned because the timeout period expired. )
LastSyncErrorMsgId: 0x00000000 (Succeeded)
AuthTypeMsgId: 0x0000005A (NoAuth )
Resolve Attempts: 0
ValidDataCounter: 1
Reachability: 2
C:\windows\system32>
If I then run a resync, it says it did not resync because no time data was available.
If I run a strip chart against tick, I get an error.
C:\windows\system32>w32tm /stripchart /computer:tick.usno.navy.mil
Tracking tick.usno.navy.mil [192.5.41.40:123].
The current time is 6/9/2022 11:51:23 AM.
11:51:23, error: 0x800705B4
11:51:26, error: 0x800705B4
11:51:29, error: 0x800705B4
^C
C:\windows\system32>
If I run a strip chart against a network switch that is running an ntp service and it gets time from an authenticated time source, I am way off time:
C:\windows\system32>w32tm /stripchart /computer:*.*.*.1
Tracking *.*.*.1 [*.*.*.1:123].
The current time is 6/9/2022 11:54:00 AM.
11:54:00, d:+00.0016961s o:+396.5884202s [ | @]
11:54:02, d:+00.0015396s o:+396.5886677s [ | @]
11:54:04, d:+00.0017477s o:+396.5889037s [ | @]
^C
C:\windows\system32>
Also, after about 4 or 5 minutes, my peers change to the pending state:
C:\windows\system32>w32tm /query /peers /verbose
#Peers: 3
Peer: ntp2.usno.navy.mil
State: Pending
Time Remaining: 848.7510630s
Mode: 0 (reserved)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 0 (unspecified)
Last Successful Sync Time: (null)
LastSyncError: 0x00000000 (Succeeded)
LastSyncErrorMsgId: 0x00000000 (Succeeded)
AuthTypeMsgId: 0x0000005A (NoAuth )
Resolve Attempts: 1
ValidDataCounter: 0
Reachability: 0
Peer: tick.usno.navy.mil
State: Pending
Time Remaining: 848.7514333s
Mode: 0 (reserved)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 0 (unspecified)
Last Successful Sync Time: (null)
LastSyncError: 0x00000000 (Succeeded)
LastSyncErrorMsgId: 0x00000000 (Succeeded)
AuthTypeMsgId: 0x0000005A (NoAuth )
Resolve Attempts: 1
ValidDataCounter: 0
Reachability: 0
Peer: tock.usno.navy.mil
State: Pending
Time Remaining: 848.7518290s
Mode: 0 (reserved)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 0 (unspecified)
Last Successful Sync Time: (null)
LastSyncError: 0x00000000 (Succeeded)
LastSyncErrorMsgId: 0x00000000 (Succeeded)
AuthTypeMsgId: 0x0000005A (NoAuth )
Resolve Attempts: 1
ValidDataCounter: 0
Reachability: 0
C:\windows\system32>
Changing my peer list to the network switch, I still have all these same problems. This system is a VM. For a while, I had it configured to sync its time with the host, but I have removed that setting a couple hours ago and it has only seemed to get farther from correct time. I have also rebooted the DC, no change.
I have no idea what else to try to get this to have correct time. I'll also include results from me querying the status. I also don't see any errors in the Windows Time Service log and nothing jumps out at me when I set the w32tm debug log.
C:\windows\system32>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -23 (119.209ns per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source name: "LOCL")
Last Successful Sync Time: 6/9/2022 11:50:45 AM
Source: Local CMOS Clock
Poll Interval: 6 (64s)
I would appreciate any help.
Best Answer
I believe my problem was two fold. First, the instructions I originally followed was if I was a Forest root DC. But since then, we started over and I'm a child domain, so I should have pointed to the forest root DC as my source. Once I changed to the correct source, things straightened out for me. The other problem was, I think my network team blocked the NTP traffic to the Navy servers some time between when I configured it and when I noticed the problem. That is why my DC kept showing the local CMOS as the source. But when I tried Stacker's suggestion, the source changed to the forest root DC even though I hadn't configured it. This link below is the article that suggested that the local CMOS source could be caused by a firewall block. https://www.renanrodrigues.com/post/how-to-configure-ntp-server-in-active-directory-step-by-step