当前位置:网站首页>A strange event of domain controlled time synchronization

A strange event of domain controlled time synchronization

2020-12-07 19:23:41 shawyang

【 The problem background 】

The time of a user's feedback domain member is suddenly out of sync with the domain controller , Time goes in sync ntpupdate.tencentyun.com, Here's the picture

【 Troubleshooting steps 】

The user-defined image is based on the public image , So let's test the public image first , Let's get rid of the public image

1、 The test found the public image 2008R2~2019 They did ntpserver: ntpupdate.tencentyun.com, And time service (w32time) It's all boot mode

powershell -command "& { (gwmi win32_service|where {$_.name -eq 'w32time'}).startmode }"

-command It can be abbreviated -c

powershell -c $psversiontable

powershell -v 2 -c "get-service -DisplayName *windows*time*|select Name,StartType,DisplayName

powershell -v 3 -c "get-service -DisplayName *windows*time*|select Name,StartType,DisplayName

powershell -v 4 -c "get-service -DisplayName *windows*time*|select Name,StartType,DisplayName

powershell -v 5 -c "get-service -DisplayName *windows*time*|select Name,StartType,DisplayName

PowerShell3.0 after ,Get-Service The result of the project comes with “ Start type (StartType)”, stay 3.0 You need to use win32_service Of startmode attribute

2、 use regscanner Scan registry string ntpupdate.tencentyun.com The default registry for finding public images is as follows

3、 front 2 Click to indicate that the time service is configured for the public image and boot is set , The general setting time service is 2 Ways of planting : Registry and group policy , You can refer to this post

function gpedit.msc Check the group policy and find that it is not configured , The description is by importing .reg Or other ways to modify the registry to achieve the time service

4、 Compared with Alibaba cloud, Alibaba cloud is No 3 Point to the same registry implementation , This approach is somewhat misleading

The difference is , The startup mode of Alibaba cloud time service is AUTO_START (DELAYED)-- Automatically ( Delayed start )

5、 Parse the event itself

The time of domain members fed back by users is suddenly out of sync with domain controllers , Time synchronization is normal before a certain time , And then I left ntpupdate.tencentyun.com.

Check the log and find that there is an update record , Make it clear that you must restart to enable updates , And then you see that it's enabled , Indicates that a restart has occurred .

Before restarting , When the user configures the domain synchronization time, the time service of domain members is turned off , So the domain control synchronization time of domain members at that time , After the restart, the time service is automatically started , So we went to the domain member's own ntpupdate.tencentyun.com Synchronization time .

【 Proper use 】 In the context of domain controlled time synchronization , Domain members do not require any configuration , Just enter the domain . With Windows For example, the system installed on the system CD , Its time service is not configured by default , It's not boot up . The picture below shows me in Tencent cloud CVM On the use of .iso CD image installation 2012R2 The original system , No changes have been made .

ntpserver The default is time.windows.com

For domain members , No configuration required , Just entering the domain can achieve the same time as domain controller . If the domain member is configured with the time service and the boot is set , Then time synchronization goes to the nearest domain member's own settings .

【 Think about improving 】 Because the ordinary user usually configures the service through the graphical interface , High level users only use the registry , When the average user sees group policy, it shows “ Not configured ” I think it's not configured , It will mislead other related configurations such as domain control time synchronization . The subsequent public image production should use group policy to enable time service .

Original statement , This article is authorized by the author + Community publication , Unauthorized , Shall not be reproduced .

If there is any infringement , Please contact the yunjia_community@tencent.com Delete .

版权声明
本文为[shawyang]所创,转载请带上原文链接,感谢
https://chowdera.com/2020/11/202011190317425044.html