Solved

ntp won't select time server

Posted on 2009-07-15
10
591 Views
Last Modified: 2012-05-07
I have a Windows Server 2003 machine with ntp configured on it, running as a service.  There are two external time sources specified, but NTP will not choose either of the external sources as a master.  Attached is a screenshot of the 'peers' command using the ntpdc utility.

Thanks!
ntp.JPG
0
Comment
Question by:sureservice
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 16

Expert Comment

by:SteveJ
ID: 24866251
So . . . are the externals running NTP 1, 2, 3, 4? TCP/UDP? That is, are you sure your machine can actually connect to them and get a time? Are they so far apart in time ( or is you server "fast") that your server won't slew its clock?

Good luck,
SteveJ
0
 

Author Comment

by:sureservice
ID: 24869498
SteveJ,
Not sure what NTP version the servers are running.  Is there a command I can type to determine that information?  I would assume that it can get time updates based on the fact that it displays offset, dispersion, etc information.  Is that not necessarily true?

I'm not sure what you mean by "server won't slew its clock".  It seemed like the clock did come closer to the other servers' time, but neither were selected as time source (*).

Thanks
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 24869609
About the version . . . if your server is running NTP4 for example and the servers you are trying to connect to don't support NTP4 then you would have a problem. That said, that's not likely the issue.

What I mean by the slewing reference is . . . there are limits to how far back a server can go and update it's time. For example, if your server is 20 minutes behind the ntp source, your server will gradually "slew" its clock very gradually over time instead of simply jumping ahead 20 minutes. That kind of granularity (the slewing rate, whether or not to immediately jump ahead or back) is completely dependent on the NTP client. I don't have a lot of experience with Windows and NTP . . .  but I think you don't have much control over the default windows ntp client. You might download a different NTP client and play with it. Try this:

http://www.time.edu.cn/oneguy.htm

Good luck,
SteveJ
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:sureservice
ID: 24869648
SteveJ,

Thanks for the comments.  I see what you mean about the slewing --- while slewing, though, should NTP denote wit the * which server it's slewing towards?  Or does it slowly change the system clock and then when it's closer, switch the * to a new time master?

Our NTP client is on a process control server in a manufacturing environment and may "slew" more slowly than I'd like.
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 24869693
I'm not actually sure what the answer to your question is. You might run a packet trace on the server and see if it's actually going to one of those two servers. As I said, I don't have much experience with windows and NTP, and I don't have access to a server similar to yours to "play" with.

It's actually been quite some time since I used automachron and I decided to check out the site . . . the link is broken. If you want to play with a pretty good ntp client, try this.

http://www.softpedia.com/progDownload/Automachron-Download-81738.html

You're welcome.

Good luck,
SteveJ
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24871651
The problem with NTP synchronization to the outside world is the communications are often blocked by firewalls or NAT

To overcome this problem, download Symmtime on the PDCe and us it to synch your PDCe to an outside time server over port 80.

Symmtime was created by symmentricom, (a time server manufacturer).
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 24872161
ChiefIT . . . he's getting responses back from the NTP server. Clearly it's not being blocked by the firewall.
0
 

Author Comment

by:sureservice
ID: 24872272
I downloaded the Symmetricom software and I really like how that functions and actually ADJUSTS the time for me, but unfortunately, because of the regulated computer environments, I probably won't be able to use it.  I guess I'm looking for a detailed explanation on how NTP chooses it's time source.  Sometimes it looks like NTP is adjusting to clock closer to one of the "=" time sources, even though it has the "*" on another source.  I just haven't been able to figure out its behavior.

I have another situation where NTP has chosen an external time source, which is preferable, but randomly will switch back to LOCAL(1) as master.  I check it again a bit later and it's back on the external source...very confusing and frustrating to figure out.

Thanks!
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 24879928
I am an advocate of Symmtime. You can argue that symmtime prevents the need for opening NTP port 123. You can actually secure that port with Symmetricom's products.
___________________________________________________________

To directly answer your questions about NTP, you won't find a really crystal clear picture of it on the web. I spent a lot of time looking for such a site. I had to piece my knowledge together from a number of different sources.

Here is the very best explanation I found on the Time services:

On this link you will see a PDF to download. Remember NTP is the protocol and W32Time is the synchronization service:
http://www.spectracomcorp.com/Support/Library/IntegrationGuides/SynchwithW32Time/tabid/164/Default.aspx

>>Here is that PDF document:
http://www.spectracomcorp.com/portals/0/support/pdf/windows2000_2003_appnotes.pdf


NOTE: spectracom is another time server manufacturer.


The basics:

Basically, the PDCe of your LAN will synch to an outside time source, as we are trying to do now.

Then that time will be synchronized, using W32time service, with the clients. It will do so,  if and only if, they are outside the 5 minute phase offset. When clients logon, they will see some registry flags that tell who in the domian PDCe is, and make it the authoritative time server. Within those flags, there are other flags that tell what the phase offset is. So, it is the client's responsibility to synch with the server. The client will see these flags and see the broadcasted time. If the client is over +/- 5 minutes of the server, the client will synchronize its clock with the server.

Those synchronization flags can bee seen on this thread from Microsoft:
http://support.microsoft.com/kb/816042

Just so you know, there is no need to configure an authoritative time server through group policy as it states in that Microsoft link. In fact it is recommended you don't. Group policies often have problems with the PDCe. The reason is, most configure Time as the default domain policy. If you point the entire domain at the PDCe, the PDCe will try to synch with itself for time. In that case, you will get Time errors on your PDCe and you will not synch to an outside time source. If you configured any Group Policies for time, you should go back and unconfigure them. That will interfere with the default configuration of time that works fine.



0
 

Author Comment

by:sureservice
ID: 24880731
What port does Symmtime use to sync time then, if not on 123?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question