I have a domain with two domain controllers and eight member servers. All running Windows Server 2012R2.
I use GPO to instruct the PDCe to sync to an external NTP server. When everything is running, the PDCe is syncing to the external clock (DC1 advertising stratum 2), the other DC is syncing to the PDCe (DC2 advertising stratum 3), and the other member servers are syncing either to DC1 or DC2. At least according to `w32tm /query /source`.
Recently I discovered that my member servers' clocks were drifting:
- `w32tm /query /source` reported that they were using the free-running system clock instead of using one of the DCs.
- `w32tm /resync /force` refused with `the computer did not resync because no time data was available`.
- `w32tm /monitor` showed that DC1 and DC2 were offset by 6 seconds, DC1 was at stratum 2, and that DC2 was at stratum 0, which presumably meant that DC2 was using it's own CMOS/free-running clock (in other words: DC2 was fouled).
I rebooted DC2. Soon after, the member servers reported (via `w32tm /monitor`) that DC2 was healthy again and then member server's clocks fell back in line (via `w32tm /resync /force`).
I do not know why the DC2 clock became fouled; I do not know why rebooting DC2 resolved the problem; and I currently don't care. But I do want to understand:
Why did my member servers stop syncing to the domain, and start using their own free running clocks, in the presence of a fouled DC2 clock? My intention is that a single failure (the failure of the clock on DC2) will not cause all of the clocks in my entire domain to start free-running. Why bother running two domain controllers if the failure of one will take down the entire domain's time sync [and kerberos] mechanisms?
Thank you,
Chris
I use GPO to instruct the PDCe to sync to an external NTP server. When everything is running, the PDCe is syncing to the external clock (DC1 advertising stratum 2), the other DC is syncing to the PDCe (DC2 advertising stratum 3), and the other member servers are syncing either to DC1 or DC2. At least according to `w32tm /query /source`.
Recently I discovered that my member servers' clocks were drifting:
- `w32tm /query /source` reported that they were using the free-running system clock instead of using one of the DCs.
- `w32tm /resync /force` refused with `the computer did not resync because no time data was available`.
- `w32tm /monitor` showed that DC1 and DC2 were offset by 6 seconds, DC1 was at stratum 2, and that DC2 was at stratum 0, which presumably meant that DC2 was using it's own CMOS/free-running clock (in other words: DC2 was fouled).
I rebooted DC2. Soon after, the member servers reported (via `w32tm /monitor`) that DC2 was healthy again and then member server's clocks fell back in line (via `w32tm /resync /force`).
I do not know why the DC2 clock became fouled; I do not know why rebooting DC2 resolved the problem; and I currently don't care. But I do want to understand:
Why did my member servers stop syncing to the domain, and start using their own free running clocks, in the presence of a fouled DC2 clock? My intention is that a single failure (the failure of the clock on DC2) will not cause all of the clocks in my entire domain to start free-running. Why bother running two domain controllers if the failure of one will take down the entire domain's time sync [and kerberos] mechanisms?
Thank you,
Chris