FIXED: Group Policies not applying due to PDC not advertising as a time server
Contents
show
This article is for you if…
- You are trying to get your clients to process new or existing Group Policy changes and they are having issues in doing so
- You want to get client to process new group policies
- You are struggling with client machines processing new or existing group policies
Issue / Fault definition
- Client computers are unable to process new or existing Group Policies
- AD Connect is unable to push changes to Azure AD
- Cloud Connect is unable to push changed to Azure AD
Known / associated error messages
- Running DCDiag on your Domain Controller gives one or more of the following errors –
- Warning: DcGetDcName(TIME_SERVER_ call failed, error 1355
- A Time Server could not be located
- The Server holding the PDC role is down
- Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
- A Good Time Server could not be located
- Failed test Locator check
- Warning: %DCNAME% is not advertising as a time server
- Failed test Advertising
Known Fixes / Solutions
- Configuring the PDC as a reliable time source fixes this issue. This can be done with the below command ran as Administrator
w32tm /config /manualpeerlist:”0.uk.pool.ntp.org 1.uk.pool.ntp.org 2.uk.pool.ntp.org 3.uk.pool.ntp.org” /syncfromflags:manual /reliable:yes /update
w32tm /config /update
net stop w32time
net start w32time
w32tm /resync /rediscover
Mitigation
- Ensure when creating a new Forest domain that the first Domain Controller is setup correctly as a reliable time source.
Prerequisites
N/A
External Links
N/A
Internal Links
N/A
Words of caution
You are reading this guide with the knowledge that anything provided here is given as is, we do not hold any responsibility for damage or loss of property, customers, profits and or loss of data.