W32Time and External Time Sources

From FactotumNW Wiki

Jump to: navigation, search

Contents

Snippet 1:

Command:
Net time /setsntp:servername
There is no default value for this registry entry on domain members. The default value on stand-alone clients and servers is time.microsoft.com,0x1.


Snippet 2:

Time.nist.gov,0x1 bigben.cac.washington.edu,0x1 tick.ucla.edu,0x1
Net stop w32time && net start w32time
W32tm /resync /rediscover
Type NT5DS ; NTP = authoritative
0x1 ; 0x8 = client mode
\parameters
\timeproviders\ntpserver\enabled=1 is active mode, otherwise client mode.


To synchronize the domain controller with an external time source

1. Click Start, and then click Command Prompt.
2. In the Command Prompt window, type the following line, where peers is a comma-separated list of IP addresses of the appropriate time sources, and press ENTER:
w32tm /config /manualpeerlist: peers /syncfromflags:MANUAL
The time sources you choose depend on your time zone. For example, if your domain controller is located in the Pacific Time zone, this line might read:
w32tm /config /manualpeerlist:131.107.1.10 /syncfromflags:MANUAL
In this example, the IP address of the timeserver is used instead of the fully qualified domain name for security purposes.
3. Press ENTER. You should get a message that the command completed successfully.
4. Type w32tm /config /update
5. Press ENTER. You should get a message that the command completed successfully.
W32time uses a variable poll interval based on the quality of timesync with the server. On DCs, this interval defaults to between 64 and 1024 seconds.
6. To immediately synchronize with the external time server, type w32tm /resync and press ENTER. You should get a message that the command completed successfully.
7. Type Exit and press ENTER.


Synching to an External Time Source

If you want to ensure that the clocks on your machines are more accurate in terms of absolute (and not just relative) time, you can sync the PDC Emulator in your forest root domain to one of the reliable time servers available on the Internet. This is a good idea if your company is a large enterprise with sites spanning several countries, or if your organization has two or more forests linked by forest trusts. The procedure for doing this on a PDC Emulator running Windows Server 2003 in the forest root domain is as follows. Open Registry Editor (regedit.exe) and configure the following registry entries:
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
This registry entry determines which peers W32Time will accept synchronization from. Change this REG_SZ value from NT5DS to NTP so the PDC Emulator synchronizes from the list of reliable time servers specified in the NtpServer registry entry described below.
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
This registry entry controls whether the local computer is marked as a reliable time server (which is only possible if the previous registry entry is set to NTP as described above). Change this REG_DWORD value from 10 to 5 here.
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer
This registry entry specifies a space-delimited list of stratum 1 time servers from which the local computer can obtain reliable time stamps. The list may consist of one or more DNS names or IP addresses (if DNS names are used then you must append ,0x1 to the end of each DNS name). For example, to synchronize the PDC Emulator in your forest root domain with tock.usno.navy.mil, an open-access SNTP time server run by the United States Naval Observatory, change the value of the NtpServer registry entry from time.windows.com,0x1 to tock.usno.navy.mil,0x1 here. Alternatively, you can specify the IP address of this time server, which is 192.5.41.209 instead.
Now stop and restart the Windows Time service using the following commands:
net stop w32time
net start w32time
It may take an hour or so for the PDC Emulator to fully synchronize with the external time server because of the nature of the polling method W32Time uses. Depending on the latency of your Internet connection, the accuracy of the CMOS clock on your forest root PDC Emulator may be within a second or two of UTC. If you need more accurate time however, you can purchase a hardware time source like an atomic clock and connect it to your PDC emulator.
Alternatively, if you don’t want to wait for time convergence to occur between your stratum 2 time server (your forest root PDC Emulator) and the external stratum 1 time server, you can run the following command on your PDC Emulator:
w32tm /resync /rediscover
Tip
There are additional registry settings you can configure to ensure external time synchronization operates effectively, see this article in the Microsoft Knowledge Base for details.
Additional Resources
The following resources can be of use in configuring and troubleshooting operation of the Windows Time service in Windows-based environments:
  • How to configure an authoritative time server in Windows Server 2003 - This KB article outlines in further detail how to sync your forest root PDC Emulator to both internal and external time sources. It also has several tips for troubleshooting time synchronization problems involving W32Time.
  • How to configure an authoritative time server in Windows XP - This KB article is useful if you need to sync standalone XP machines to an external time source.
  • Windows Time Service Tools and Settings - This section of the online Windows Server 2003 Technical Reference describes the tools, registry settings, and Group Policy settings that can be used for configuring the Windows Time service.
  • USNO NTP Network Time Servers - This page on the website for the Time Service Department of the United States Naval Observatory lists the different stratum 1 external time servers operated by the USNO that you can use to establish reliable time on your Active Directory-based network.
Final Tip
Be sure to open UDP port 123 on the firewall at your network’s edge if you are syncing your forest root PDC Emulator to an external time source on the Internet. This is because UDP port 123 is the default port used by SNTP, which is the protocol used by W32Time for time synchronization over a network.
Furthermore, if you have deployed Windows XP Service Pack 2 then you need to ensure UDP port 123 is also opened on Windows Firewall on your desktop machines as well.


U.S. PACIFIC TIME ZONE

montpelier.caltech.edu (CNAME ntp-caltech.usno.navy.mil)
Location: California Institute of Technology, Pasadena, CA
Synchronization: NTP V3 primary (TrueTime GPS-VME)
Access Policy: open access for stratum 2 servers and Caltech clients, others by arrangement
bigben.cac.washington.edu (CNAME ntp-uw.usno.navy.mil)
Location: University of Washington, Seattle, Washington
Synchronization: NTP V3 primary (TrueTime GPS-VME)
Access Policy: open access for stratum 2 servers and UW clients, others by arrangement
tick.ucla.edu (CNAME ntp-ucla.usno.navy.mil)
Location: University of California, Los Angeles
Synchronization: NTP V3 primary (Brandywine Syncclock32/Oncore GPS)
Access Policy: open access for stratum 2 servers and UCLA clients; others by arrangement
usno.pa-x.dec.com (CNAME ntp-dec.usno.navy.mil)
Location: Compaq Corporation, Palo Alto, CA
Synchronization: NTP V3 primary (Brandywine Syncclock32/Oncore GPS)
Access Policy: open access for stratum 2 servers, Compaq, others by arrangement
from http://tycho.usno.navy.mil/ntp.html
Personal tools