Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, May 12, 2014 6:43 PM
I get the Error " The server's clock is not synchronized with the primary domain controller" when i try joining the domain afte changing the clock settings on the domain controller.
All replies (4)
Tuesday, May 13, 2014 11:58 AM ✅Answered
sounds like you have to set up time sync from external source to your domain controller containing the PDC-emulator.
On your DC with the PDC emulator open an elevtated command prompt and type the following: "w32tm /config /manualpeerlist:"pool.ntp.org" /syncfromflags:manual /reliable:yes /update" and restart the time service with
net stop w32time
net start w32time
On your other domain controllers you can run: "w32tm /config /syncfromflags:domhier /reliable:no /update" and restart the time service with
net stop w32time
net start w32time
Lastly, go to your client, adjust it's time to match the DC, less than 5 minutes difference, and you should be able to join the domain.
Regards Per-Torben Sørensen http://pertorben.wordpress.com/
Wednesday, May 14, 2014 7:44 PM ✅Answered
Follow Per-Torben's suggestions to fix this.
Also to add, if any machines are VMs, make sure to disable time sync.
In addition, and this is important, to make sure only the internal DNS servers are being used on the NICs of all mschines (can't use an external DNS, such as an ISP, or the router, etc).
Here's an easy to follow step by step I put together that should help:
Configuring Windows Time Service in a Forest
http://blogs.msmvps.com/acefekay/tag/time-service-synchronization/
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Monday, May 12, 2014 6:47 PM
Could you please give us some more information? Is the timer on the domain controller and the client you are sitting on different more than 5 minutes? Is the client or domain controller virtual? What OS versions?
Regards Per-Torben Sørensen http://pertorben.wordpress.com/
Tuesday, May 13, 2014 9:52 AM
The timer is on the Domain Controller, and the clients are 5 mins late. The domain controller is a Physical Hardware. I get the follwoing warning in Event Viewer
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 12
Date: 3/13/2014
Time: 9:46:33 AM
User: N/A
Computer: AC1-PDC-SR1
Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.