[Samba] Samba4 Windows Client Time Sync Issue

Marco Shmerykowsky PE marco at sce-engineers.com
Tue Jun 27 18:46:02 UTC 2023 

scratch that.  Logged into a "non-working" client and even though
the logon server is listed as the primary DC, the clock source
is still listing "Local CMOS Clock"

The two DC's are configured the same.  One is the primary and
one is the backup.

Results of w32tm /monitor (results similar on both working
and non-working clients):

Getting AD DC list for default domain... 

Analyzing: -- -- (0 of 2)
xxxx.xxxx.sce-engineers.com[xxx.xxx.xxx.xxx:123]:
     ICMP: 1ms delay
     NTP: -0.0009824s offset from xxxx.xxxx.sce-engineers.com
         RefID: (unknown) [0xFE00A8C0]
         Stratum: 4
xxxx.xxxx.sce-engineers.com *** PDC ***[xxx.xxx.xxx.xxx:123]:
     ICMP: 1ms delay
     NTP: +0.0000000s offset from xxxx.xxxx.sce-engineers.com
         RefID: (unknown) [0xFE00A8C0]
         Stratum: 4

Warning:
Reverse name resolution is best effort. It may not be
correct since RefID field in time packets differs across
NTP implementations and may not be using IP addresses.


Results of w32tm /query /status on Working Client:

Leap Indicator: 0(no warning)
Stratum: 4 (secondary reference - syncd by (S)NTP)
Precision: -23 (119.209ns per tick)
Root Delay: 0.1429251s
Root Dispersion: 1.9549461s
ReferenceId: 0xC0A800FE (source IP:  xxx.xxx.xxx.xxx)
Last Successful Sync Time: 6/27/2023 1:16:43 PM
Source: xxx.xxx.xxx.xxx,0x9
Poll Interval: 10 (1024s)

Phase Offset: 0.0000159s
ClockRate: 0.0156249s
State Machine: 2 (Sync)
Time Source Flags: 0 (None)
Server Role: 0 (None)
Last Sync Error: 2 (The computer did not resync because only stale time 
data was available.)
Time since Last Good Sync Time: 3080.4862280s

Results of w32tm /query /status on Working Client:

Leap Indicator: 3(not synchronized)
Stratum: 0 (unspecified)
Precision: -23 (119.209ns per tick)
Root Delay: 0.0000000s
Root Dispersion: 0.0000000s
ReferenceId: 0x00000000 (unspecified)
Last Successful Sync Time: unspecified
Source: Local CMOS Clock
Poll Interval: 10 (1024s)

Phase Offset: 0.0000000s
ClockRate: 0.0156250s
State Machine: 0 (Unset)
Time Source Flags: 0 (None)
Server Role: 0 (None)
Last Sync Error: 1 (The computer did not resync because no time data was 
available.)
Time since Last Good Sync Time: 2847.4972876s

On 6/27/2023 2:25 PM, Marco Shmerykowsky PE via samba wrote:
> Interestingly, 'w32tm /monitor' return the same results and seem
> to be connecting to the correct servers when working & non-working
> clients are checked.
> 
> However checking the logon server (ie running 'set l') reveals
> that the working clients are logging into the Primary DC and
> the non-working clients apparently are loggin in to the backup DC.
> 
> I guess two questions:
> 
> 1) Why isn't the logging into backup DC producing the sync'd time
> 
> 2) How do the clients decide which machine to log in to?
> 
> On 6/27/2023 12:05 PM, Luis Peromarta via samba wrote:
>> I had a similar issue some time ago. Some clients would sync with DCs 
>> some other didn’t.
>>
>> I recently had issues also with bookworm and NTP (bookwork installing 
>> ntpsec). I decided to move all DCs to chrony, worked perfectly, and 
>> all member servers to systemd-timesyncd with a minimal config from 
>> samba wiki that just *works*
>>
>> Re. Windows clients, I have not seen may Local CMOS clocks lately 
>> after these changes.
>>
>> This question may have been asked before, but how many DCs do you run, 
>> and do all have the same config for time (ntp, chrony) ?
>>
>> What’s the output of  w32tm /monitor in the clients ? What’s the 
>> output of w32tm /query /status ?
>>
>> On a good client (syncing with a DC) what is the logon server ? ( Run 
>> set l )
>> On a bad client (not syncing with a DC) what is the logon server ? Is 
>> there a pattern ?
>>
>> Regards, LP
>> On 26 Jun 2023 at 20:35 +0200, Marco Shmerykowsky PE 
>> <marco at sce-engineers.com>, wrote:
>>>
>>> That's exactly what I thought I had done. The DC's point to
>>> the netgate server. I was under the impression that the clients
>>> would automatically time sync by logging into the domain.
>>>
>>> Some PC's/Clients are syncing. Others are connecting to "Local
>>> CMOS Clock".
>

More information about the samba mailing list