Solved

Time Server

Posted on 2009-04-13
10
467 Views
Last Modified: 2012-06-27
I want to configure my Windows 2003 server as the authoritative time server, ergo keeping all client computers with the correct time. It is the primary DC holding all of the FSMO roles. We are going to demote the secondary at some point as it is a PIII just waiting to fail, but that is a different story entirely. I would like to synchonize to a reputable source on the Internet. As we are a small company (35 employees) we don't want to incur any fees. I got this as instructions from a microsoft site but i don't see where any URL is specified:

Configuring the Windows Time service to use an external time source
To configure an internal time server to synchronize with an external time source, follow these steps:
Change the server type to NTP. To do this, follow these steps:
Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
In the right pane, right-click Type, and then click Modify.
In Edit Value, type NTP in the Value data box, and then click OK.
Set AnnounceFlags to 5. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
In the right pane, right-click AnnounceFlags, and then click Modify.
In Edit DWORD Value, type 5 in the Value data box, and then click OK.
Enable NTPServer. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
In the right pane, right-click Enabled, and then click Modify.
In Edit DWORD Value, type 1 in the Value data box, and then click OK.
Specify the time sources. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
In the right pane, right-click NtpServer, and then click Modify.
In Edit Value, type Peers in the Value data box, and then click OK.

Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect.
Select the poll interval. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
In the right pane, right-click SpecialPollInterval, and then click Modify.
In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.
Configure the time correction settings. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
In Edit DWORD Value, click to select Decimal in the Base box.
In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
In Edit DWORD Value, click to select Decimal in the Base box.
In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
Quit Registry Editor.
At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
net stop w32time && net start w32time

Is there an easier way?

Thnaks,

JPertchik
0
Comment
Question by:jpertchik
  • 5
  • 5
10 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 24131006
You can do that from the command line, on the PDC emulator:
w32tm /config /update /manualpeerlist:,0x8 /syncfromflags:MANUAL
w32tm /resync

Pick an ntp server here:
A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet
http://support.microsoft.com/kb/262680

There should be no need to do anything on the other machines, AD has a default time sync: DCs will sync with the PDCe, members will sync with the DC authenticating them.
0
 

Author Comment

by:jpertchik
ID: 24131061
OK, Sounds simple enough...I assume that <ntp-server>, refers to one of the internet Time Servers?

What is all this horse hocky about all this other registry garbage?
0
 

Author Comment

by:jpertchik
ID: 24131081
Also do i use the ip address or translated name?
0
 
LVL 83

Expert Comment

by:oBdA
ID: 24131125
You've probably used the article "How to configure an authoritative time server in Windows Server 2003" (http://support.microsoft.com/kb/816042/)?
That's an article on how to configure *any* W2k3 server to be a reliable time source.
A DC is a reliable time source for domain members by default, no need to change anything except the NTP server address.
You can use either IP or the FQDN; the ",0x8" at the end, btw, tells the time service to use client mode, otherwise the sync might not work with some time servers.
Time synchronization may not succeed when you try to synchronize with a non-Windows NTP server in Windows Server 2003
http://support.microsoft.com/kb/875424
Oh, and another time sync possibility is pool.ntp.org; check here:
How do I use pool.ntp.org?
http://www.pool.ntp.org/en/use.html
0
 

Author Comment

by:jpertchik
ID: 24131522
OK...So i ran this: w32tm /config /update /manualpeerlist:tock.usno.navy.mil
,0x8 /syncfromflags:MANUAL
w32tm /resync

It did the trick on syncing the DC.

The clients however have not caught up.

Even when i rebooted the client.

How do i proceed next?

Thanks

JPertchik
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 83

Expert Comment

by:oBdA
ID: 24131568
Try to reset the time service on the client, from the command line:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
0
 

Author Comment

by:jpertchik
ID: 24131866
w32tm /unregister is giving me

The following error occured: Access denied <0x80070005>

The other commands work, but still no sync
0
 
LVL 83

Expert Comment

by:oBdA
ID: 24132943
You're doing this as administrator on the client?
Check the event log on the client for errors after restarting the time service.
Check the value of "Type" in HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters, should be NT5DS.
What exactly do you mean with "no sync"? No sync at all, when you change the system time manually, it stays at the changed value, or does it sync with an offset to the DC? If the latter, check the time zone on the client and whether the latest DST patches are installed.
0
 

Author Comment

by:jpertchik
ID: 24140724
I ran the following on all of my clients except two of them:

At the command prompt, type the following commands in the order that they are given. After you type each command, press ENTER.
w32tm /config /manualpeerlist:time-a.nist.gov,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time
w32tm /resync

This synchronized everyone including my Win 2003 servers to time-a.nist.gov

I do however have two Win XP machine that this is not working on, in addition, I have a Win2K server that it won't wotk on. How should i handle these situations?

Thanks,

JPertchik
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 24140920
I would strongly advise *against* letting your clients sync with an outside source; the clients should be using the default time sync hierarchy.
Try to run the "w32tm /unregister" command twice, after making sure that the W32Time service is actually stopped.
Resetting the time service as described is usually the method that produces the fastest and best results.
If the above command worked, try it with
w32tm /config /update /syncfromflags:DOMHIER
w32tm /resync
(there should be no need to restart the time service if /update is used in the /config command).
For the W2k machine, you should make sure that the "Type" registry entry is set to "NT5DS"; the W2k versions of the time service and w32tm are somewhat limited, you can't use these commands on it.
You need to be more precise than "this is not working"; you need to give the *exact* error you're getting,  any error messages from "w32tm /resync", and/or anything related in the event log.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Learn about cloud computing and its benefits for small business owners.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now