If you have machines in your network that are not part of the domain you might run into an issue with time synchronization. In AD, Domain Controllers are usually good and reliable time servers (if not you are at least in sync with the rest of your network), and domain members sync their automatically (more or less).
Now if you try to sync a non-domain Windows machine with a domain controller by running "net time \\mydc /set" you will get an Access Denied error.
The solution is fairly easy: You can switch your non-domain clients and server to use NTP instead of the Windows standard. Your domain controllers also run native NTP servers on UPD port 123 by default. To change your client edit the registry:
Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Change "Ntpserver" from "time.windows.com" to "mydc"
Change "Type" from "NT5DS" to "NTP"
Restart the Windows Time Service (w32time).
Run "w32time /resync /rediscover" to test your new settings
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment