2 PDC + Time Sync (ntp) problem

Michał Półrolniczak michal.polrolniczak at warp.org.pl
Thu Dec 18 03:38:42 MST 2014 

I added reverse DNS;
I added the broadcast for ntp
I remove any gpo related to Windows Time Client, because it should sync 
with PDC as I readed on wiki.
Now is there a specific command line (like w32tm /monitor ) to check if 
windows client sync with server and if it dose which one he use ?

using w32tm /resync give "The computer did not resync because no time 
data was available "

I followed: http://support2.microsoft.com/kb/929276/ didnt helped

Resynching to the domain controller via:
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time

Windows got open port UDP 123 and the server too.

Using this:
w32tm /debug /enable /file:c:/temp/test.txt /entries:0-300 /size:10000
I was manage to capture this error:
Logging error: NtpClient has been configured to acquire time from one or 
more time sources, however none of the sources are currently accessible 
and no attempt to contact a source will be made for 1 minutes. NTPCLIENT 
HAS NO SOURCE OF ACCURATE TIME.

Ntp client is trying to sync with melanippe (backup domain controler) 
mayby the problem is that melanippe sync with arne, and arne use ntp.org 
for sync ? (which is accurate?)


W dniu 2014-12-12 o 16:07, Daniele Dario pisze:
> Hi Michai
>
> On ven, 2014-12-12 at 14:28 +0100, Michał Półrolniczak wrote:
>> im using samba 4.1.6-Ubuntu from repo (14.04.01)
>> arne is PDC with SYSVOL (192.168.0.4)
>> melanippe is Backup PDC with rsync (from wiki) replication of SYSVOL
>> (192.168.0.5)
>> any modification to AD is made by arne
>> domain is: domain.local
>>
>> Windows Clients dosn't sync time from PDC (arne)
>> when runing: w32tm /resync im getting "Access Denied. (0x80070005)
>> w32tm /monitor im getting MELANIPPE.domain.local *** PDC
>> ***[192.168.0.5:123]:
>> ICMP: 0ms delay
>> NTP: error ERROR_TIMEOUT - no respond from server for 1000ms
>> arne.domain.local *** PDC ***[192.168.0.4:123]:
>> ICMP: 0ms delay
>> NTP: +9.2623479s shift from MELANIPPE.domain.local
>> RefID: (here is some strange host name with ip not from my pool)
>> Layer: 3
>> Warning:
>> Reverse dns it optimal for the solution. (sorry im using translator to
>> give you english messages)
>>
>> So looking into the problem I:
>> nslookup arne.domain.local
>> (root) ??? unnow type 41 ???
>> Server: UnKnow
>> Address: 192.168.0.4
>> Name: arne.domain.local
>> Address: 192.168.0.4
>>
>> nslookup 192.168.0.4
>> (root) ??? unnow type 41 ???
>> Server: UnKnow
>> Address: 192.168.0.4
>> (root) ??? unnow type 41 ???
>> *** No records availble internal type for both IPv4 and IPv6 Addresses
>> (A+AAAA) for 192.168.0.4
>>
>> Same gose for 192.168.0.5
>> Im using the build in DNS (not bind), ntp 4.2.6.p5+dfsg-3ubuntu2
>> Using DNS Manager from Windows Admin Tools im getting Empty Reverse DNS
>>
>> arne: cat /etc/ntp.conf
>> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
>> server 127.127.1.0
>> fudge 127.127.1.0 stratum 10
>>
>> driftfile       /var/lib/ntp/ntp.drift
>> logfile         /var/log/ntp
>> ntpsigndsocket  /var/lib/ntp_signd/
>>
>> server 0.pl.pool.ntp.org        iburst pref
>> restrict default kod nomodify notrap nopeer mssntp
>>
>> restrict 127.0.0.1
>>
>> restrict 0.pl.pool.ntp.org      mask 255.255.255.255    nomodify notrap
>> nopeer noquery
>>
>>
>> melanippe: cat /etc/ntp.conf
>> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
>> server 127.127.1.0
>> fudge 127.127.1.0 stratum 10
>>
>> server arne.domain.local  iburst prefer
>>
>> driftfile /var/lib/ntp/ntp.drift
>> logfile /var/log/ntp
>>
>> restrict default kod nomodify notrap nopeer mssntp
>>
>> restrict 127.0.0.1
>>
>> restrict arne.domain.local        mask 255.255.255.255    nomodify
>> notrap nopeer noquery
> >From what I know you have to manually create the reverse DNS zone. You
> can do it using samba-tool dns zonecreate <server> <zone> or using DNS
> manager from Windows Admin Tools. Than you need to populate the zone
> adding your hosts (again samba-tool dns add <server> <zone> <name> <A|
> AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data> or using DNS manager from Windows
> Admin Tools).
>
> About ntp: I'm not using samba from ubuntu/debian package but I compiled
> it myself so paths are different. In my case ntpsignedsocket is
> in /usr/local/samba/var/run/ntp_signd/ and I had to
> modify /etc/apparmor.d/usr.sbin.ntpd adding
>
> ...
>    # for signed ntp requests
>    /usr/local/samba/var/run/ntp_signd/** rw,
>    /usr/local/samba/var/run/ntp_signd/ rw,
> ...
>
> and reload apparmor profiles
>
> Another thing (but not sure if relevant 'cause can't find anything to
> prove it) is that on ntp.conf of "master" DC I added the line
> broadcast BROADCAST_ADDRESS_OF_YOUR_LAN (e.g. 192.168.0.255)
>
> Hope this helps,
> Daniele.
>
>

More information about the samba-technical mailing list