Active Directory
Domain-wide Time Synchronization: Part 2
Jun 23rd
Ok, sorry for the delay, but I want to dive right in. Let’s break down the steps from part 1:
1 – Configure NTP time source for PDC domain contoller
For this step, you want to configure the PDC to check in with a reliable Internet time server. A couple of ones that I prefer to use are hosted by the US Naval Observatory (tock.usno.navy.mil) and NIST (time.nist.gov). To configure the necessary settings, you’ll need to make a bunch of registry changes, which you can find here. But, since I’m always looking for an easier way, I found this handy utility that will make the necessary changes for you, after entering a few settings. The only gotcha that I found with this utility was that you need to enter a space before the name of your preferred NTP server; otherwise, the registry doesn’t get updated correctly. Check the event logs afterward to verify that everything worked ok.
2 – Configure poll interval on member servers (15 minutes; my preference)
On each member server, I change the “poll interval” on domain controllers and member servers to 15 minutes (900 seconds)
Edit the following registry value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval = "900" (DWORD)
3 – Ensure that all member servers and workstations are configured for the NTP time source type of “NT5DS”
From command prompt:
w32tm /dumpreg /subkey:Parameters
4 – Test and verify time sync
Verify NTP servers:
Net time /querysntp
Compare time difference on PDC to other machines:
w32tm /stripchart /computer:[computer name] /samples:1
For more info, check out the following:
Windows Time Service Tools and Settings
How to configure an authoritative time server in Windows Server 2003
Using and configuring Windows time service
NtFrs Error 13559 OR When in Doubt, Read the Error
May 20th
A customer was complaining that their “sysvol” share on their Windows Server 2003 R2 domain controllers was not replicating content (updated group policies, login scripts, etc.). Upon initial examination, I ran across this error in the event logs:
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13559
Date: 5/18/2009
Time: 6:53:52 AM
User: N/A
Computer: DC2
Description:
The File Replication Service has detected that the replica root path has changed from "c:\windows\sysvol\domain" to "c:\windows\sysvol\domain". If this is an intentional move then a file with the name NTFRS_CMD_FILE_MOVE_ROOT needs to be created under the new root path.
This was detected for the following replica set:
"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Changing the replica root path is a two step process which is triggered by the creation of the NTFRS_CMD_FILE_MOVE_ROOT file.
[1] At the first poll which will occur in 60 minutes this computer will be deleted from the replica set.
[2] At the poll following the deletion this computer will be re-added to the replica set with the new root path. This re-addition will trigger a full tree sync for the replica set. At the end of the sync all the files will be at the new location. The files may or may not be deleted from the old location depending on whether they are needed or not.
