Domain Controller is not advertising as a time server Error in dcdiag (Windows)
When performing a dcdiag on a Windows domain controller the following error can appear:
Starting test: Advertising The DC DC1 is advertising itself as a DC and having a DS. The DC DC1 is advertising as an LDAP server The DC DC1 is advertising as having a writeable directory The DC DC1 is advertising as a Key Distribution Center Warning: DC1 is not advertising as a time server. The DS DC1 is advertising as a GC. ......................... DC1 failed test Advertisingche
The exact command run to produce this test is: dcdiag /v /test:advertising
Another error can appear within a different check in dcdiag:
Starting test: FsmoCheck Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355 A Good Time Server could not be located.
The exact command run to produce this test is: dcdiag /test:fsmocheck
The dcdiag tool detects that the time service is either not running or is running but not announcing itself as a reliable time server.
Try each of these solutions one step at a time, re-testing after completing each step until the problem is resolved.
- Ensure the Windows Time service is running. On a DC it is part of the core AD functonality and should be runing even if synchronised time is not essential.
net start w32time
- Restart the Windows time service
net stop w32time && net start w32time
- Check that Network problems are not stopping NTP form functioning. Note that Windows clients do not synchronise with the DCs via NTP, this only tests the ability for DC themselves to check an external time source:
w32tm /stripchart /computer:time.windows.com /samples:2 /dataonlyError 0x800705B4 is a network timeout on the port - 123. Time.winfows.com should be replaced with the external time server you are using for a more complete test.
netdiag /fixNetdiag is part of Windows Server 2003 Service Pack 1 Support Tools. This can also be used on Server 2008.
- If you received the error message: The service name is invalid earlier the Windows Time service is not even registered. Re-registering the W32time service can also fix some issues so perform these steps anyway: Re-registering the Windows Time Service
w32tm /resync /redisscover
- Check that the DC has the PDC role:
netdom query fsmoIf it is run the following command:
w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /updateMicrosoft's own free NTP server can be used as shown here, but I would recommend using one in your country if not in thr US. For the UK I can recommend ntp2d.mcc.ac.uk but there are many others.
- Ensure that the DC is announcing itself correctly through changing the AnnounceFlags are set correctly in the Registry. Edit the [HKLM\SYSTEM\CurrentControlSet\Services\w32time\Config\AnnounceFlags] key to a (the letter a) in hexadecimal. To allow the w32time service read the config change:
w32tm /config /update
Re-registering the Windows Time Service
w32tm /unregister rem Ignore Access denied message if it appears and repeat w32tm /unregister w32tm /register rem Before the re-register command will work you may have to reboot.This gives a vanilla set of settings, after which the service can be restarted:
net start w32timeIf you receive an error message regarding SIDs then DC will need to be rebooted again.