Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do I get server time from my firewall?

Posted on 2010-11-09
11
Medium Priority
?
2,431 Views
Last Modified: 2012-05-10
I support a Windows AD domain: 1- Win 2003 Enterprise srvr, 1- Windows 2003 Std server, 35 workstations xp, vista, win7, one Sonicwall TZ210W firewall

I setup my firewall to get time from internet timeservers. Now how do I set my Windows 2003 Enterprise server (which is the PDC Emulator) to get time from the Sonicwall?

My sonicwall has an IP of 192.168.1.254
0
Comment
Question by:Tony Giangreco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 6

Expert Comment

by:thiagotietze
ID: 34095831
TG-TIS

The best way to do it, is to estrictly follow this KB from Microsoft:
http://support.microsoft.com/kb/816042/en-us
0
 
LVL 8

Expert Comment

by:ShareefHuddle
ID: 34095850
Unless they came out with a new OS, a sonicwall tz210 is not a NTP server. You can setup you server to sync outside though.

Follow this link: http://technet.microsoft.com/en-us/library/cc784553(WS.10).aspx
0
 
LVL 6

Accepted Solution

by:
thiagotietze earned 2000 total points
ID: 34095855
Resuming a little:

--    Change the server type to NTP. To do this, follow these steps:
-        Click Start, click Run, type regedit, and then click OK.
-        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
-        In the right pane, right-click Type, and then click Modify.
-        In Edit Value, type NTP in the Value data box, and then click OK.
--    Set AnnounceFlags to 5. To do this, follow these steps:
-        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
-        In the right pane, right-click AnnounceFlags, and then click Modify.
-        In Edit DWORD Value, type 5 in the Value data box, and then click OK.
--    Enable NTPServer. To do this, follow these steps:
-       Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
-        In the right pane, right-click Enabled, and then click Modify.
-        In Edit DWORD Value, type 1 in the Value data box, and then click OK.
--    Specify the time sources. To do this, follow these steps:
-        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
-        In the right pane, right-click NtpServer, and then click Modify.
-        In Edit Value, type Peers in the Value data box, and then click OK.

        Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect.
    Select the poll interval. To do this, follow these steps:
        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
        In the right pane, right-click SpecialPollInterval, and then click Modify.
        In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

        Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.
    Configure the time correction settings. To do this, follow these steps:
        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
        In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
        In Edit DWORD Value, click to select Decimal in the Base box.
        In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

        Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
        Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
        In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
        In Edit DWORD Value, click to select Decimal in the Base box.
        In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

        Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
    Quit Registry Editor.
    At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
    net stop w32time && net start w32time
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 6

Expert Comment

by:thiagotietze
ID: 34095865
After all this, dont forget to verify the configurations by using

w32tm /monitor

and to verify the other domain controllers (the PDC FSMO one will be the master) doing:

w32tm /resync /rediscover
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34097099
Hi thiagotietze:

I tried your solution and started receiving these messages in the system event log:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34097145
I ran the two commands. Here is the output:
Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp.

C:\>w32tm /monitor
hpm1.xxxx.ads [192.168.1.2]:
    ICMP: 0ms delay.
    NTP: +21.2220951s offset from hpm3.xxxx.ads
        RefID: time.nist.gov [192.43.244.18]
hpm3.xxxx.ads *** PDC *** [192.168.1.4]:
    ICMP: 0ms delay.
    NTP: +0.0000000s offset from hpm3.xxx.ads
        RefID: 'LOCL' [76.79.67.76]

C:\>
C:\>w32tm /resync /rediscover
Sending resync command to local computer...
The computer did not resync because no time data was available.

C:\>
0
 
LVL 6

Expert Comment

by:thiagotietze
ID: 34097148
The services have been restarted with sucess?
If yes, try to unregister and re-register the service....

net stop w32time

w32tm /unregister
w32tm /register

net start w32time


If not works yet, are you able to restart the server?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34097187
I just ran that with no errors, but this came into the system log:

Event Type:      Warning
Event Source:      W32Time
Event Category:      None
Event ID:      12
Date:            11/9/2010
Time:            3:19:16 PM
User:            N/A
Computer:      HPM3
Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.  It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source.  Otherwise, this machine will  function as the authoritative time source in the domain hierarchy.  If an external  time source is not configured or used for this computer, you may choose to disable  the NtpClient.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 6

Expert Comment

by:thiagotietze
ID: 34097209
yes, it is just informing that this machine will assume as an authoritative server...

It is working :-)
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34130889
I'm still getting the same w32 errors as before.
0
 
LVL 25

Author Closing Comment

by:Tony Giangreco
ID: 34273930
thanks
0

Featured Post

What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question