Solved

NTP Server Sync outside the domain

Posted on 2010-08-31
8
939 Views
Last Modified: 2012-05-10
I have a windows 2003 based AD and the NTP works just fine for all the machines in the domain.

I have 2 Cisco servers in one of my datacenter. Unfortunately these servers doesnt have internet access and are not in the domain. So the NTP sync is not working.

So my question is, where in the Active directory does it mention that that PDC can sync time only for the machines in that time. Can I add the IPs of these Cisco servers in the list of machines that can sync time with the PDC?

Alternately how can I setup another server(which has internet access and which is in domain, but not the domain controller) as an NTP server and then in turn ask the Cisco Servers to sync time with this server

Thanks
0
Comment
Question by:vilasnair
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 33572449

To configure an internal time server to synchronize with an external time source, follow these steps:

   1. Change the server type to NTP. To do this, follow these steps:
         1. Click Start, click Run, type regedit, and then click OK.
         2. Locate and then click the following registry subkey:
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
         3. In the right pane, right-click Type, and then click Modify.
         4. In Edit Value, type NTP in the Value data box, and then click OK.
   2. Set AnnounceFlags to 5. To do this, follow these steps:
         1. Locate and then click the following registry subkey:
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
         2. In the right pane, right-click AnnounceFlags, and then click Modify.
         3. In Edit DWORD Value, type 5 in the Value data box, and then click OK.
   3. Enable NTPServer. To do this, follow these steps:
         1. Locate and then click the following registry subkey:
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
         2. In the right pane, right-click Enabled, and then click Modify.
         3. In Edit DWORD Value, type 1 in the Value data box, and then click OK.
   4. Specify the time sources. To do this, follow these steps:
         1. Locate and then click the following registry subkey:
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
         2. In the right pane, right-click NtpServer, and then click Modify.
         3. In Edit Value, type Peers in the Value data box, and then click OK.

            Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect.
   5. Select the poll interval. To do this, follow these steps:
         1. Locate and then click the following registry subkey:
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
         2. In the right pane, right-click SpecialPollInterval, and then click Modify.
         3. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

            Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.
   6. Configure the time correction settings. To do this, follow these steps:
         1. Locate and then click the following registry subkey:
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
         2. In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
         3. In Edit DWORD Value, click to select Decimal in the Base box.
         4. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

            Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
         5. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
         6. In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
         7. In Edit DWORD Value, click to select Decimal in the Base box.
         8. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

            Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
   7. Quit Registry Editor.
   8. At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
      net stop w32time && net start w32time
0
 
LVL 14

Expert Comment

by:DonConsolio
ID: 33572592
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33572709
Point the PDCe in the forest root to the cisco device, you can use w32tm and Matt outlines the command here:

http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/

Thanks

Mike
0
 

Author Comment

by:vilasnair
ID: 33580148
Thanks for all the suggestions.

I tried all the changes that Matt suggested on a machine in the domain and then pointed the Cisco server to get the time from that server, But I am getting the same error, "An error occured while Windows was synchronizing with x.x.x.x

I guess I didnt understand mkline71's suggestion. "point the PDC in the forest root to the Cisco Device"??
It should be otherway, right?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 57

Expert Comment

by:Mike Kline
ID: 33580208
ok so the PDC can't sync with the CISCO device.  (I was thinking of a hardware clock situation)

I'd have it sync with its internal clock then http://technet.microsoft.com/en-us/library/cc784882(WS.10).aspx

As long as the clients are within 5 minutes you are good to go

Thanks

Mike
0
 

Author Comment

by:vilasnair
ID: 33580706
Forgive my limited knowledge here. By PDC, we meant the primary domain controller. It is getting the time from pool.ntp.org and all the machines in the domain gets the time from this PDC.

But the Cisco server is out of the domain. I have set the time locally on this server. But at the end of every month there is a 4 minute difference between the real time and the time that shows on the Cisco server. So what I wanted to do is, make sure that the Cisco server gets the time from somwhere else. Only option I have got on the Cisco server GUI, is to set the time manually or give an NTP server name/IP. Since the Cisco server doesnt have the internet access, I cant point it to ntp.pool.org. So I need to point it to some other server available internally. I tried to point the Cisco server to grab the time from the PDC, but it throws an error saying that it cant retrive the time from the PDC. I assmued this might be becasue the PDC rejected the request as it came from a machien out of the domain.

So I went ahead and created a new server and made the changes suggested by matt and tried settign that IP as the NTP server in Cisco server GUI. But the Cisco server throws the error saying that it cant retriev the time from that server as well. I

I can assure that there is no firewall in between the Cisco servr and the domain, so the NTP traffic is not getting blocked anywhere.

Any ideas?
0
 
LVL 14

Accepted Solution

by:
DonConsolio earned 500 total points
ID: 33592995
On your PCD:

>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NTPServer\Enabled
>Changing the ‘Enabled’ flag to the value 1 enables the NTP Server.
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
>Change the server type to NTP by specifying ‘NTP’ in the ‘Type’ registry entry.
if needed:
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer
>The ‘NTP Server’ parameter is used to provide a list of IP addresses or DNS names, separated by
>a space, of NTP servers that the Windows 2003 machine can synchronise to.



On your Cisco Server(s) -
configure to use the (internal) IP of the PDC as NTP server
0
 

Author Comment

by:vilasnair
ID: 33697700
Thanks for the explanation Don. I will try it.

But i will accept it as a solution as it looks likes one. ;)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now