Category: Windows Server

Configuring NTP Server for Time Synchronization

Posted on by admin

This post is about how to process a Windows Server 2012 or 2016 domain controller to synchronize its time with a trusted external resource.  Having a valid and accurate time source is critical for a properly configured domain.

Use your favorite search engine to locate the trusted NTP time servers for your area.  I am located in Canada and so I will be using

0.ca.pool.ntp.org
1.ca.pool.ntp.org
2.ca.pool.ntp.org
3.ca.pool.ntp.org

Log into your domain controller with administrative credentials and launch a command prompt.

Stop the time service:

net stop w32time

Enter the following to configure your NTP time servers:

w32tm /config /syncfromflags:manual /manualpeerlist:"0.ca.pool.ntp.org, 1.ca.pool.ntp.org, 2.ca.pool.ntp.org, 3.ca.pool.ntp.org"

and then hit Enter.  Remember to use your time servers in place of *.ca.pool.ntp.org.

Let the domain controller know that these are your trusted servers:

w32tm /config /reliable:yes

Restart the Time Service:

net start w32time

Review the results:

w32tm /query /configuration

Ensure everything is proper and typed correctly and if so, close the command prompt.

NTDS General Event ID 2147486534

Posted on by admin

You may notice the warning event “NTDS General – The security of this directory server can be significantly enhanced by configuring the server to reject SASL….” in event viewer for the Active Directory Domain Services with regards to LDAP bind.  To get rid of the event warning, you can add a Group Policy to configure all domain controllers to reject unsigned and simple LDAP bind requests.
Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.  Perform the following on a domain controller or a computer that has Remote Server Administration Tools installed.

  • Open the Group Policy Management Console
  • Expand Forest, Domains objects until you locate the domain object for the set of domain controllers you want to configure.
  • Expand the Domain Controllers object, right-click Default Domain Controllers Policy and then click Edit.
  • Expand the following objects in the Group Policy Management Editor: Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies, Security Options.
  • In the right hand pane, double-click the Domain controller: LDAP server signing requirements policy.
  • Ensure that the Define this policy setting check box is checked and then select Require Signing in the drop down box and click OK.
  • Review the information in the Confirm Setting Change dialog box and then click the Yes button to continue and save the change.

That should stop the warning events for LDAP signing in event viewer.

One or More Server Folders are Located on the System Hard Drive – Server 2012 Essentials

Posted on by admin

If you don’t use the ‘default’ shared folders in Server Essentials and are tired of getting the alert warning daily in your logs, you can remove those shared folders by following these instructions.

  • In Explorer, stop sharing the folder
  • Remove the registry entries for the shared folders in HKLM\Software\Microsoft\Windows Server\Storage Service\Folders
  • Restart the service "Windows Server Essentials Storage Service"

That should stop the errors.