We have seen errors where users are not able to login to external SAAS applications on the Internet if the time sync is not correct. By default, the clients on a Windows network will get their time from a DC and DC gets its time from PDC. It is important that the PDC is syncronized from an external reliable source. Before you start this, make sure that if you have a firewall you open port 123 UDP both inbound and outbound.
1. Go to your PDC server, if you are not sure then open up a command prompt on a dc and type
c:\>netdom /query fsmo
You should see your PDC in the list
2. Login to the PDC and open up a command prompt and stop the W32time service
net stop w32time
3. Configure external time source, at the command prompt type:
C:\> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
4. Make the PDC a reliable time source for the clients on the network type:
c:\>w32tm /config /reliable:yes
5. Start the w32time service: c:\>net start w32time
6. The windows time service should now begin to synchronize the time, external NTP servers can be checked in the time configuration by typing:
c:\>w32tm /query /configuration
7. check the Event Viewer for any errors.
