NtpClient Error 0x800706E1


When W32Time starts to output warning in your system logs you may often get the following message for NtpClient Error 0x800706E1: “NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)”.

As the message mentions the error occurs because the W32Time service cannot find the time source it thinks it needs:

  • If it is a client computer or member server, it should be a Domain Controller of its domain
  • It it is a stand-alone computer, by default it it an external source
  • If it is a domain controller, this should be the domain controller holding the PDC Emulator role in the top domain of the forest

Firewall / Time Difference between computers

Easy thought as usual: check your firewall rules: the NTP ans SNTP protocol operate on UDP/123. One easy way to check this from a Windows computer is:

<pre class="lang:default decode:true" title="w32tm time check">w32tm /stripchart /computer:NameOfTheOtherComputer /samples:5

This command will try to connect to the remote computer and check the clock difference between that computer and yours.

If there is no NTP server out there, you’ll get an answer such as error: 0x80070584

The delay (d) is the delay between computers and the offset is the time difference between the 2 computers

Checking the configuration

To check the configuration, you have two options:

  • looking at the registry under HKLM\System\CurrentControlSet\Services\W32Time; Two subkeys are often of interest: Parameters and Config
  • Use w32tm to display that configuration. This one has the advantage to let you know if the configuration was set up locally or using a Group Policy Object (GPO). Result sample is: ```
      EventLogFlags: 2 (Local)
      AnnounceFlags: 10 (Local)
      TimeJumpAuditOffset: 28800 (Local)
      MinPollInterval: 6 (Local)
      MaxPollInterval: 10 (Local)
      MaxNegPhaseCorrection: 172800 (Local)
      MaxPosPhaseCorrection: 172800 (Local)
      MaxAllowedPhaseOffset: 300 (Local)
      FrequencyCorrectRate: 4 (Local)
      PollAdjustFactor: 5 (Local)
      LargePhaseOffset: 50000000 (Local)
      SpikeWatchPeriod: 900 (Local)
      LocalClockDispersion: 10 (Local)
      HoldPeriod: 5 (Local)
      PhaseCorrectRate: 7 (Local)
      UpdateInterval: 100 (Local)
      NtpClient (Local)
      DllName: C:\Windows\system32\w32time.dll (Local)
      Enabled: 1 (Local)
      InputProvider: 1 (Local)
      CrossSiteSyncFlags: 2 (Local)
      AllowNonstandardModeCombinations: 1 (Local)
      ResolvePeerBackoffMinutes: 15 (Policy)
      ResolvePeerBackoffMaxTimes: 7 (Policy)
      CompatibilityFlags: 2147483648 (Local)
      EventLogFlags: 2 (Policy)
      LargeSampleSkew: 3 (Local)
      SpecialPollInterval: 3600 (Policy)
      Type: NTP (Policy)
      NtpServer: server1.ntp.org,0x8 server2.ntp.org,0x8 (Policy)
      NtpServer (Local)
      DllName: C:\Windows\system32\w32time.dll (Local)
      Enabled: 1 (Local)
      InputProvider: 0 (Local)
      AllowNonstandardModeCombinations: 1 (Local)
      VMICTimeProvider (Local)
      DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
      Enabled: 1 (Local)
      InputProvider: 1 (Local)

Common mistakes

Common configuration mistakes include

    • using a comma separated list for the NTP Server list whereas the separator is the space. The comma is used to indicate flags if any. Even Microsoft based websites have issues with that but this page is right. So typically you would have for a standalone: <pre class="lang:batch decode:true" title="NTP External source w32tm command">w32tm /config /syncfromflags:MANUAL /manualpeerlist:"server1.some.dom server2.some.dom" /update

      You can even update a configuration remotely by using
      <pre class="lang:batch decode:true" title="remote NTP External source w32tm command">w32tm /config /computer:MachineName /syncfromflags:MANUAL /manualpeerlist:"server1.some.dom server2.some.dom" /update
      ``` - Using anything else than synchronization to domain controllers for domain-joined machines. The following command will help you reset the flag Type to NT5DS ```
      <pre class="lang:batch decode:true" title="w32tm synchronize to DC">w32tm /config /computer:MachineName /syncfromflags:DOMHIER /update
      ``` - Synchronizing all Domain Controllers to an external NTP Source. All Domain controllers but the PDC emulator in the top domain must also have the NT5DS type as for a domain-joined machine - However, you’d better not set the current PDC regitry entry to NTP. Since your PDC emulator server may change over time, you must have a strategy to have the entry set to NTP whenever the server is holding the PDC emulator role and revert back to NT5DS when it is no longer a PDC.  
      To accommodate the floating FSMO issue, the trick is to: 
      - create a WMI-filter based GPO which tells you if you’re the PDC.
      - apply a GPO about the external source only when the filter matches
      - Every step is mentioned in the following article [Configuring an Authoritative Time Server with Group Policy Using WMI Filtering](https://blogs.technet.microsoft.com/askds/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering/) - For non-PDC DC servers, you would think to create another GPO to apply the NT5DS setting. This is cumbersome and highly risky. Instead remember that a GPO reverts the setting back to its previous value when it is no longer applied. Therefore, make sure every DC has the correct setting NT5DS when it is not holding the PDC role and you’re fine (You may still have to transfer the role once for the current PDC holder to be set up correctly)

If this section doesn’t soilve your issue you have to dive into the logs

Enabling the debug log

To enable the debug log you can once again use of the two following methods:

  • registry as described in article KB 816043.
  • running the w32tm command. Contrary to other w32tm commands you cannot use the computer parameter and therefore you must run this command locally (Or use powershell remote sessions, etc.)
<pre class="lang:batch decode:true" title="enablr w32time debug log">w32tm /debug /enable /file:C:\windows\debug\ntpdebug.log /size:10000000 /entries:0-300 /truncate

To disable the debug log, you can issue

<pre class="lang:batch decode:true" title="disable w32time debug log">w32tm /debug /disable

Searching for 0x800706E1 error

Once the logs are enabled, you may run into several different cases:

  • you see LDAP connections attempts to check the nearest Domain Controller and they fail. The scenario has been described here altogether with its solution
  • another alternative is you don’t even see LDAP Requests. In this case the log loooks like ```
    14851 02:51:04.6778750s – NetLogonGetTimeServiceParentDomain dwErr = 1355 netlogonbits = 0.
      14851 02:51:05.0841250s – Retrying resolution for domain hierarchy. Retry 1 will be in 15 minutes. 
      14851 02:51:05.0841250s – Logging warning: NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
      You may then want to check the AnnounceFlags registry settings. It should be 5 on a PDC but [10 on any other machine](https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/get-started/windows-time-service/windows-time-service-tools-and-settings).