We have a two-domain Active Directory forest: ourcompany.com at the root, and prod.ourcompany.com for production servers. Time is propagating properly through the root domain, but servers in the child domain are unable to sync via NTP. So the time on these servers is starting to drift, since they're relying only on the hardware clock.
WHen I type "net time" on one of the production servers, I get the following error:
Could not locate a time-server.
More help is available by typing NET HELPMSG 3912.
When I type "w32tm /resync", i get the following:
Sending resync command to local computer
The computer did not resync because no time data was available.
"w32tm /query /source" shows the following:
Free-running System Clock
We have three domain controllers in the prod.ourcompany.com subdomain (overkill, but the result of a migration - we haven't gotten rid of one of the old ones yet.) To complicate matters, the domain controllers are all virtualized, running on two different physical hosts. But the time on the domain controllers themselves is accurate - the servers that aren't DCs are the ones having problems.
Two of the DCs are running Server 2003, including the PDC emulator. The third DC is running Server 2008. (I could move the PDC emulator role to the 2008 machine if that would help.) The non-DC servers are all running Server 2008.
All other Active Directory functionality works fine in the production domain - we're only seeing problems with NTP.
I can manually sync each machine to the time source (the PDC emulator) by doing the following:
net time \\dc1.prod.ourcompany.com /set /y
But this is just a one-off, and it doesn't cause automated time syncing to start working. I guess I could create a scheduled task which runs the above command periodically, but I'm hoping there's a better way.
Does anyone have any ideas as to why this isn't working, and what we can do to fix it?
Thanks for your help,
Richard