Solved

ntp won't select time server

Posted on 2009-07-15
10
539 Views
Last Modified: 2012-05-07
I have a Windows Server 2003 machine with ntp configured on it, running as a service.  There are two external time sources specified, but NTP will not choose either of the external sources as a master.  Attached is a screenshot of the 'peers' command using the ntpdc utility.

Thanks!
ntp.JPG
0
Comment
Question by:sureservice
  • 4
  • 4
  • 2
10 Comments
 
LVL 16

Expert Comment

by:SteveJ
Comment Utility
So . . . are the externals running NTP 1, 2, 3, 4? TCP/UDP? That is, are you sure your machine can actually connect to them and get a time? Are they so far apart in time ( or is you server "fast") that your server won't slew its clock?

Good luck,
SteveJ
0
 

Author Comment

by:sureservice
Comment Utility
SteveJ,
Not sure what NTP version the servers are running.  Is there a command I can type to determine that information?  I would assume that it can get time updates based on the fact that it displays offset, dispersion, etc information.  Is that not necessarily true?

I'm not sure what you mean by "server won't slew its clock".  It seemed like the clock did come closer to the other servers' time, but neither were selected as time source (*).

Thanks
0
 
LVL 16

Expert Comment

by:SteveJ
Comment Utility
About the version . . . if your server is running NTP4 for example and the servers you are trying to connect to don't support NTP4 then you would have a problem. That said, that's not likely the issue.

What I mean by the slewing reference is . . . there are limits to how far back a server can go and update it's time. For example, if your server is 20 minutes behind the ntp source, your server will gradually "slew" its clock very gradually over time instead of simply jumping ahead 20 minutes. That kind of granularity (the slewing rate, whether or not to immediately jump ahead or back) is completely dependent on the NTP client. I don't have a lot of experience with Windows and NTP . . .  but I think you don't have much control over the default windows ntp client. You might download a different NTP client and play with it. Try this:

http://www.time.edu.cn/oneguy.htm

Good luck,
SteveJ
0
 

Author Comment

by:sureservice
Comment Utility
SteveJ,

Thanks for the comments.  I see what you mean about the slewing --- while slewing, though, should NTP denote wit the * which server it's slewing towards?  Or does it slowly change the system clock and then when it's closer, switch the * to a new time master?

Our NTP client is on a process control server in a manufacturing environment and may "slew" more slowly than I'd like.
0
 
LVL 16

Expert Comment

by:SteveJ
Comment Utility
I'm not actually sure what the answer to your question is. You might run a packet trace on the server and see if it's actually going to one of those two servers. As I said, I don't have much experience with windows and NTP, and I don't have access to a server similar to yours to "play" with.

It's actually been quite some time since I used automachron and I decided to check out the site . . . the link is broken. If you want to play with a pretty good ntp client, try this.

http://www.softpedia.com/progDownload/Automachron-Download-81738.html

You're welcome.

Good luck,
SteveJ
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
The problem with NTP synchronization to the outside world is the communications are often blocked by firewalls or NAT

To overcome this problem, download Symmtime on the PDCe and us it to synch your PDCe to an outside time server over port 80.

Symmtime was created by symmentricom, (a time server manufacturer).
0
 
LVL 16

Expert Comment

by:SteveJ
Comment Utility
ChiefIT . . . he's getting responses back from the NTP server. Clearly it's not being blocked by the firewall.
0
 

Author Comment

by:sureservice
Comment Utility
I downloaded the Symmetricom software and I really like how that functions and actually ADJUSTS the time for me, but unfortunately, because of the regulated computer environments, I probably won't be able to use it.  I guess I'm looking for a detailed explanation on how NTP chooses it's time source.  Sometimes it looks like NTP is adjusting to clock closer to one of the "=" time sources, even though it has the "*" on another source.  I just haven't been able to figure out its behavior.

I have another situation where NTP has chosen an external time source, which is preferable, but randomly will switch back to LOCAL(1) as master.  I check it again a bit later and it's back on the external source...very confusing and frustrating to figure out.

Thanks!
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
Comment Utility
I am an advocate of Symmtime. You can argue that symmtime prevents the need for opening NTP port 123. You can actually secure that port with Symmetricom's products.
___________________________________________________________

To directly answer your questions about NTP, you won't find a really crystal clear picture of it on the web. I spent a lot of time looking for such a site. I had to piece my knowledge together from a number of different sources.

Here is the very best explanation I found on the Time services:

On this link you will see a PDF to download. Remember NTP is the protocol and W32Time is the synchronization service:
http://www.spectracomcorp.com/Support/Library/IntegrationGuides/SynchwithW32Time/tabid/164/Default.aspx

>>Here is that PDF document:
http://www.spectracomcorp.com/portals/0/support/pdf/windows2000_2003_appnotes.pdf


NOTE: spectracom is another time server manufacturer.


The basics:

Basically, the PDCe of your LAN will synch to an outside time source, as we are trying to do now.

Then that time will be synchronized, using W32time service, with the clients. It will do so,  if and only if, they are outside the 5 minute phase offset. When clients logon, they will see some registry flags that tell who in the domian PDCe is, and make it the authoritative time server. Within those flags, there are other flags that tell what the phase offset is. So, it is the client's responsibility to synch with the server. The client will see these flags and see the broadcasted time. If the client is over +/- 5 minutes of the server, the client will synchronize its clock with the server.

Those synchronization flags can bee seen on this thread from Microsoft:
http://support.microsoft.com/kb/816042

Just so you know, there is no need to configure an authoritative time server through group policy as it states in that Microsoft link. In fact it is recommended you don't. Group policies often have problems with the PDCe. The reason is, most configure Time as the default domain policy. If you point the entire domain at the PDCe, the PDCe will try to synch with itself for time. In that case, you will get Time errors on your PDCe and you will not synch to an outside time source. If you configured any Group Policies for time, you should go back and unconfigure them. That will interfere with the default configuration of time that works fine.



0
 

Author Comment

by:sureservice
Comment Utility
What port does Symmtime use to sync time then, if not on 123?
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now