1

I am seeing some weird behavior that started after the last round of windows patches.

My forest root PDC emulator no longer applies the EDT offset from UTC and instead just uses UTC. This of course propagates though the network and bam we are 4 hours ahead.

I remove the GPO for my internal time source, point the host to its own cmos and bam all time is correct. I've looked at the following:

Technet PDC Emulator

How Windows Time Works

And still no love.

Tried the same settings using regedit, same result.

Any Thoughts?

Tom Seibert
  • 189
  • 1
  • 10
  • What time zone is your PDC DC set to? How about your clients? – newmanth Jun 30 '11 at 18:44
  • Both servers and hosts are EDT – Tom Seibert Jul 01 '11 at 16:57
  • How are you telling your machines to use NTP? Are you doing this via GPO, or running w32tm directly at the PDC? For domain joined clients, you should NOT be using Group Policy to direct them to use NTP. Only the PDC emulator should be directed to use NTP, and the rest of the machines continue to use Windows Time Service. – newmanth Jul 05 '11 at 20:16
  • DCs have GPO settings to manage NTP settings. All other servers and workstations use the default: windows time services. – Tom Seibert Jul 06 '11 at 19:01

1 Answers1

1

NTP always broadcasts time in UTC; it is up to the NTP client to transform that to its local time zone. For whatever reason, your PDC is not honoring the time delta correctly.

A few suggestions:

  1. Set your PDC time zone to UTC. I am not sure if this is possible in your environment, but if it broadcasts time as UTC to the domain, the clients will adjust their time accordingly. This could prevent your issue from occurring (even if you don't discover the root cause). We have our DCs set to use UTC, and clients with their local time zone set.
  2. If there is a significant delta between CMOS time and NTP time, the two will either take a long time to sync, or won't resync at all. You will need to force a resync using w32tm.
  3. Don't use a GPO to have your DCs use NTP, otherwise your non-PDC DCs will not use the PDC for authoritative time. I would recommend NOT using GPOs at all, but configuring your PDC directly using w32tm. This is a one time set and forget, so it won't be an issue.

Hopefully, one or a combination of these will work for you. Let me know how it goes... good luck.

newmanth
  • 3,913
  • 4
  • 25
  • 46