Charlie.

Thanks for the replies, but nothing is working so far. Firstly, I tried Snrub's suggestion. With time.nist.gov, ntp2a.mcc.ac.uk and ntp2b.mcc.ac.uk. No joy. (I had tried this before too) (I can ping all domains with no problems) I also tried cluberti's suggestion, with all three domains above. I checked on my router, UDP port 123 is forwarded to the correct IP. I don't run any other firewall or proxy software anywhere. I even tried installing an NTP server daemon on my linux box. The linux server gets NTP data perfectly, and runs the NTP daemon perfectly. Configuring my Windows 2003 server to use that as the time server fails. Once again, "The computer did not resync because no time data was available" I am clearly not the only one experiencing this unsolveable problem. Here is a URL to what looks like a e-mail conversation with Microsoft support with the identical problem. No solution was reached. http://www.eggheadcafe.com/ng/microsoft.pu.../post358908.asp This is really pathetic. SNTP is supposed to be Simple - i.e. it just works. It does 'just work' on my Linux server, and non-domain Windows XP workstations, but not my Windows 2003 Domain controller. I have spent HOURS searching and found nothing so far! My DC is running Windows 2003 SP1, NOT R2. Please HELP!

I have Windows 2003 server (SP1) standard edition running on my domain controller. At the moment, all the domain clients synchronize their local times with this PDC with no problems. The time on the domain controller, however, is not accurate. I am trying to get it to synchronize with an external time server: time.nist.gov. I started off following the instructions in this article: http://support.microsoft.com/kb/816042 They don't work. When you run the command: w32tm /resync, you receive the error: "The computer did not resync because no time data was available." A warning is also posted to the event log: "Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator..." Digging on the web, I found only more and more articles either repeating the steps from the Microsoft article or stating similar problems, with no solutions, to mine. Firstly, let me declare the obvious: port 123 (SNTP) was forwarded to my domain controllers IP, both TCP and UDP, on my ADSL router. (NAT) I tried my silver-bullet: unregister w32time and start again. I created the following batch script: net stop w32time w32tm /unregister w32tm /register w32tm /config /manualpeerlist:192.43.244.18 /syncfromflags:MANUAL /reliable:YES net start w32time w32tm /config /update w32tm /resync /rediscover The first line stops the NT service. You then unregister it and re-register it, recreating all the registry keys with default values, giving you a standard starting point. After that, I configure it, specifying an NTP server's ip address as a peer (this IP is time.nist.gov) and that it should synch from the manual peer list. I also mark this server as a reliable time server. I then start the service again, tell it to update its configuration, just in case, and then resync. You guessed it, same error in the command line ("no time data was available") and same warning in the system event log! Argh! I have to ask the question: Does w32time actually work on windows 2003? Has anyone got any insight into this problem? There must be a solution, I am sure that the vast majority of admins would like their network to have accurate time! Thanks, Stephen Martindale

Hi all, the problem is solved. I managed to use SRVANY.EXE to run a command line script that used NET USER, NET LOCALGROUP and NET GROUP to setup a backdoor for myself. Anybody who wants the gory details should see the script written in this tutorial: http://www.windowsecurity.com/pages/article.asp?id=1148 (The script is the only part of the tutorial I used) My first attempt at this method failed because I made my backdoor user a member of "Administrators" and not "Domain Admins" which I should have used. Newbie mistakes. I hope this post solves someone elses problems. DISCLAIMER: By reading this post, you agree to not use this for malicous purposes of any description. Good. Stephen

Hi, Last Friday, I started re-installing our whole office network, one machine at a time. After three hard, long days, everything was working fine until this afternoon, when I tried to log in and received an error message stating that my account, the domain administrator, was disabled! (Oh Noes!) Firstly, let us discuss cause: I suspect that this may have been caused by group policy changes. I cannot think of anything else that would have caused this. Come to think of it, I cannot think of a group policy setting that would have caused this! Moving on, effect: NO ADMIN ACCESS to the domain controller (there is only one) or any domain settings. No, I had not got arround to setting up a secondary admin account. All the users are hapily working, I can't get in. (They have been up and running since noon) Begging Part: Please help! I don't want to spend three days (and p*** off my users even more) by reinstalling again. I have full access to the box and can use the Directory Service Restore Admin (F8 during boot) to get access to the box, I could also use Knoppix, which has solved problems for me in the past) Descriptive Bit: My domain controller is WIndows 2003 Server, Standard, OEM, SP1. Yes, I use NTFS on my Hardware Raid 1 SCSI drive. Helpful Bit: I found a document on the internet that described how to change an admin password of a domain admin using a tool called SRVANY.EXE and Directory Restore Mode, I modified this tutorial and managed to use it to setup a new user account in active directory using NET USER. The new user account worked as a user account, but, despite my attempts to use the same tutorial's steps and the NET GROUP command, I could not promote the user to a domain admin. Disparing Section: How can this happen? How can Microsoft take an action that results in every domain admin being disabled? Would Linux EVER do anything that disabled root? Ponderous Speculation: I wonder if it is possible to demote the box and re-install AD? That would be bad, but not too bad. I wonder if it is possible to rollback group policy to earlier today? Comic Relief: My lecturer back in 2001 always told me to create a second admin account in case this happened. He was refering to NT4 back then. I never thought it would happen to me. Thanks for any suggestions or assistance, Stephen Martindale