Solved

Time Server

Posted on 2009-04-13
10
474 Views
Last Modified: 2012-06-27
I want to configure my Windows 2003 server as the authoritative time server, ergo keeping all client computers with the correct time. It is the primary DC holding all of the FSMO roles. We are going to demote the secondary at some point as it is a PIII just waiting to fail, but that is a different story entirely. I would like to synchonize to a reputable source on the Internet. As we are a small company (35 employees) we don't want to incur any fees. I got this as instructions from a microsoft site but i don't see where any URL is specified:

Configuring the Windows Time service to use an external time source
To configure an internal time server to synchronize with an external time source, follow these steps:
Change the server type to NTP. To do this, follow these steps:
Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
In the right pane, right-click Type, and then click Modify.
In Edit Value, type NTP in the Value data box, and then click OK.
Set AnnounceFlags to 5. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
In the right pane, right-click AnnounceFlags, and then click Modify.
In Edit DWORD Value, type 5 in the Value data box, and then click OK.
Enable NTPServer. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
In the right pane, right-click Enabled, and then click Modify.
In Edit DWORD Value, type 1 in the Value data box, and then click OK.
Specify the time sources. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
In the right pane, right-click NtpServer, and then click Modify.
In Edit Value, type Peers in the Value data box, and then click OK.

Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect.
Select the poll interval. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
In the right pane, right-click SpecialPollInterval, and then click Modify.
In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.
Configure the time correction settings. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
In Edit DWORD Value, click to select Decimal in the Base box.
In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
In Edit DWORD Value, click to select Decimal in the Base box.
In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
Quit Registry Editor.
At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
net stop w32time && net start w32time

Is there an easier way?

Thnaks,

JPertchik
0
Comment
Question by:jpertchik
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 24131006
You can do that from the command line, on the PDC emulator:
w32tm /config /update /manualpeerlist:,0x8 /syncfromflags:MANUAL
w32tm /resync

Pick an ntp server here:
A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet
http://support.microsoft.com/kb/262680

There should be no need to do anything on the other machines, AD has a default time sync: DCs will sync with the PDCe, members will sync with the DC authenticating them.
0
 

Author Comment

by:jpertchik
ID: 24131061
OK, Sounds simple enough...I assume that <ntp-server>, refers to one of the internet Time Servers?

What is all this horse hocky about all this other registry garbage?
0
 

Author Comment

by:jpertchik
ID: 24131081
Also do i use the ip address or translated name?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 84

Expert Comment

by:oBdA
ID: 24131125
You've probably used the article "How to configure an authoritative time server in Windows Server 2003" (http://support.microsoft.com/kb/816042/)?
That's an article on how to configure *any* W2k3 server to be a reliable time source.
A DC is a reliable time source for domain members by default, no need to change anything except the NTP server address.
You can use either IP or the FQDN; the ",0x8" at the end, btw, tells the time service to use client mode, otherwise the sync might not work with some time servers.
Time synchronization may not succeed when you try to synchronize with a non-Windows NTP server in Windows Server 2003
http://support.microsoft.com/kb/875424
Oh, and another time sync possibility is pool.ntp.org; check here:
How do I use pool.ntp.org?
http://www.pool.ntp.org/en/use.html
0
 

Author Comment

by:jpertchik
ID: 24131522
OK...So i ran this: w32tm /config /update /manualpeerlist:tock.usno.navy.mil
,0x8 /syncfromflags:MANUAL
w32tm /resync

It did the trick on syncing the DC.

The clients however have not caught up.

Even when i rebooted the client.

How do i proceed next?

Thanks

JPertchik
0
 
LVL 84

Expert Comment

by:oBdA
ID: 24131568
Try to reset the time service on the client, from the command line:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
0
 

Author Comment

by:jpertchik
ID: 24131866
w32tm /unregister is giving me

The following error occured: Access denied <0x80070005>

The other commands work, but still no sync
0
 
LVL 84

Expert Comment

by:oBdA
ID: 24132943
You're doing this as administrator on the client?
Check the event log on the client for errors after restarting the time service.
Check the value of "Type" in HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters, should be NT5DS.
What exactly do you mean with "no sync"? No sync at all, when you change the system time manually, it stays at the changed value, or does it sync with an offset to the DC? If the latter, check the time zone on the client and whether the latest DST patches are installed.
0
 

Author Comment

by:jpertchik
ID: 24140724
I ran the following on all of my clients except two of them:

At the command prompt, type the following commands in the order that they are given. After you type each command, press ENTER.
w32tm /config /manualpeerlist:time-a.nist.gov,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time
w32tm /resync

This synchronized everyone including my Win 2003 servers to time-a.nist.gov

I do however have two Win XP machine that this is not working on, in addition, I have a Win2K server that it won't wotk on. How should i handle these situations?

Thanks,

JPertchik
0
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 24140920
I would strongly advise *against* letting your clients sync with an outside source; the clients should be using the default time sync hierarchy.
Try to run the "w32tm /unregister" command twice, after making sure that the W32Time service is actually stopped.
Resetting the time service as described is usually the method that produces the fastest and best results.
If the above command worked, try it with
w32tm /config /update /syncfromflags:DOMHIER
w32tm /resync
(there should be no need to restart the time service if /update is used in the /config command).
For the W2k machine, you should make sure that the "Type" registry entry is set to "NT5DS"; the W2k versions of the time service and w32tm are somewhat limited, you can't use these commands on it.
You need to be more precise than "this is not working"; you need to give the *exact* error you're getting,  any error messages from "w32tm /resync", and/or anything related in the event log.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question