[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 507
  • Last Modified:

How Do I Stop Windows Time Server from Flooding My Network

I have set up a Wndows XP machine on my LAN as an Authorative Time Server. It is connected to a hardware clock and serves time information to other WIndows XP machines on the same LAN. These other machines are NTPClient enabled via the registry settings. One of the NTPClient machines ia a WiFi Tablet PC. As such there is no gurantee of always having a strong wireless signal and hence is subject to a number of TCP/IP socket connection/disconnections. During this connection process and when the signal strength is low I have noticed that the time server is flooding the network with UDP/NTP packets directed to WiFi Tablet. This was picked up using the Tamosoft CommView packet analyser. The flooding might last for about 10-20 seconds but it is enough to cause the End User's application software to disconnect its own working copper based socket and report an alarm. When the signal strenth is low, I don't know why the Time Server starts to flood the network with NTP requests every 300-500ms? Looking at the packet analyser, it appears that the Time Server is deciding to do this off its own back. There does not seem to be any indication that it has come form the WiFi Tablet client.

Does anyone know why the Time Server might suddenly decides to send multiple NTP commands? Can I control this in the WS32 registry settings?
Thanks, Gary
0
Elisys
Asked:
Elisys
  • 10
  • 6
  • 2
1 Solution
 
Kamaraj SubramanianApplication Support AnalystCommented:
http://technet.microsoft.com/en-us/library/cc781400.aspx

Administrative Credentials

To perform this procedure on the local computer, you must be a local Administrator on the PDC emulator. To perform this procedure on a remote computer, you must be a member of the Domain Admins group.
To disable the Windows Time service

   1.

      Open the Services snap-in.
   2.

      Right-click Windows Time, and select Properties. The Windows Time Properties dialog box appears.
   3.

      In the Startup type box, select Disabled from the drop-down menu.
   4.

      Click OK. Verify that the Startup Type for the time service appears as Disabled.
0
 
Kamaraj SubramanianApplication Support AnalystCommented:
start -> run -> services.msc

0
 
Donald StewartNetwork AdministratorCommented:
You can change the poll interval

To do this, follow these steps:
Locate and then click  the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
      In the right pane, right-click SpecialPollInterval, and then click Modify.
      In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.    

Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.

0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
Donald StewartNetwork AdministratorCommented:
Also configure the time correction settings

 To do this, follow these steps
:Locate and then click  the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
      In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
In Edit DWORD Value, click to select Decimal in the Base box.
      In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.  

Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
Locate and then click the following registry subkey:
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection  
In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
In Edit DWORD Value, click to select Decimal in the Base box.
      In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.  

Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.

0
 
ElisysAuthor Commented:
I had disabled the WS32Time service on the Tablet PC shortly after posting, and the network has not failed to date. I will leave it running like this overnight to be sure. However that leaves me with the porblem of how to synchronise my Tablet PC using NTP. Before we upgraded the system to Windows XP we used the old Timeserv.exe program from Windows NT, but I don't think Windows XP will allow me to use that instead of WS32Time?
0
 
Donald StewartNetwork AdministratorCommented:
when you set up your authoritative server did you follow this guide?

http://support.microsoft.com/kb/816042
0
 
ElisysAuthor Commented:
I used the guide, Article ID: 314054 - Last Review: April 12, 2006 - Revision: 6.4
How to configure an authoritative time server in Windows XP'

From what I understand the MaxPollInterval and MinPollInterval are only limits that the time algorythm will work to dependent on network status. The algorythm will decide the actual poll rate. In my case I am seeing requests made every 300ms. Immediately prior to this happening the Tablet sent a NTP request with a NTP Poll Interval of 4 (16 secs). Every 300ms after this the server sends back a NTP packet with the Poll Interval set to 10 (1024 secs). Because the Tablet was making a connection it used the minimum poll interval allowed so that it could synchronise as a priority. After synchronisation is confirmed then it will increase its poll rate to the maximum allowed. What I find difficult to understand is that none of these parameters reflect the 300ms rate I am seeing. Also it is the exact same packet that is sent each time ( i.e. the IP/UDP and NTP fields are the same), only the Ethenet Frame Number is different. I will try and upload the packet file in a readable format.
0
 
Donald StewartNetwork AdministratorCommented:
And do all the clients have the configured registry settings?

0
 
ElisysAuthor Commented:
Please find attached JPEG of CommView Log File.
42302 - shows NTP request from Tablet with Poll Interval of 4 (16 secs)
42303 - response from the Authorised Time Server increasing the Poll Interval to 10 (1024 secs)
42306 - another response with the exact same packet sent previously
42310 - another response etc. etc approximately every 300 ms.

All clients are configured as NTPClient Enabled and point ot the same Authorised Time Server.
0
 
Donald StewartNetwork AdministratorCommented:
Are all the recommended registry settings above configured on all the client machines??
0
 
ElisysAuthor Commented:
In fact there are two Authorised TIme Servers configured on the network. These are listed correctly in each Clinet's Registery under W32Time/Parameters -> NtpServer (FileserverA,0x1 FileserverB,0x1)
0
 
ElisysAuthor Commented:
All the recommended settings are configured as above on all the client machines.
The JPEG file is not uploading (325kB) so have sent it by email. Did you recv?
0
 
Donald StewartNetwork AdministratorCommented:
I received it yes, I will upload so others can view

WS32Time-Flooding-NTP-Requests.JPG
0
 
Donald StewartNetwork AdministratorCommented:
0
 
Donald StewartNetwork AdministratorCommented:
0
 
ElisysAuthor Commented:
I'll check over my registry settings again tomorrow. The Server 2003 article has more info in it than the XP one. I did notice that it refered to a flag called 'SpecialInterval' under TimeProviders\NtpClient. I don't have this on my XP box, just the SpecialPollInterval entry.

Thanks for the pointer to the discussion group. It does appear to be similar, although I am using a closed LAN and so would not be vulnerable to attacks.
0
 
Donald StewartNetwork AdministratorCommented:
Ok, good more info is better, I have set it up in our environment using the 2003 article along with group policies
0
 
Donald StewartNetwork AdministratorCommented:
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 10
  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now