Over the last couple of days I have had to track down a very weird time issue. Most, but not all, of the workstations were off from the server and domain controller times by ~4 minutes. Took a bit to finally straighten everything out but this is what I found:
For some unfathomable reason the previous sys admin had the servers set to NT5DS in order to pull time from the PDC - which was also set to NT5DS! Meanwhile all the workstations but a few random workstation domain groups were set to NTP via GPO so they were pulling from an outside time source while the domain controllers were pulling from the PDC's internal clock. Of course I wasted a bit of time trying to figure out why the time sync wasn't working when the registry showed NT5DS but a query showed NTP being used.
I thought I was all set but nope. It seems the Citrix servers had their own local GPO setting to use NTP which overrode the domain GPO of 'Not configured' for the servers
Why in the world would someone set things up like this??
For some unfathomable reason the previous sys admin had the servers set to NT5DS in order to pull time from the PDC - which was also set to NT5DS! Meanwhile all the workstations but a few random workstation domain groups were set to NTP via GPO so they were pulling from an outside time source while the domain controllers were pulling from the PDC's internal clock. Of course I wasted a bit of time trying to figure out why the time sync wasn't working when the registry showed NT5DS but a query showed NTP being used.
I thought I was all set but nope. It seems the Citrix servers had their own local GPO setting to use NTP which overrode the domain GPO of 'Not configured' for the servers
Why in the world would someone set things up like this??
Facebook
Twitter