Solved

How do I get server time from my firewall?

Posted on 2010-11-09
11
2,012 Views
Last Modified: 2012-05-10
I support a Windows AD domain: 1- Win 2003 Enterprise srvr, 1- Windows 2003 Std server, 35 workstations xp, vista, win7, one Sonicwall TZ210W firewall

I setup my firewall to get time from internet timeservers. Now how do I set my Windows 2003 Enterprise server (which is the PDC Emulator) to get time from the Sonicwall?

My sonicwall has an IP of 192.168.1.254
0
Comment
Question by:Tony Giangreco
  • 5
  • 5
11 Comments
 
LVL 6

Expert Comment

by:thiagotietze
ID: 34095831
TG-TIS

The best way to do it, is to estrictly follow this KB from Microsoft:
http://support.microsoft.com/kb/816042/en-us
0
 
LVL 8

Expert Comment

by:ShareefHuddle
ID: 34095850
Unless they came out with a new OS, a sonicwall tz210 is not a NTP server. You can setup you server to sync outside though.

Follow this link: http://technet.microsoft.com/en-us/library/cc784553(WS.10).aspx
0
 
LVL 6

Accepted Solution

by:
thiagotietze earned 500 total points
ID: 34095855
Resuming a little:

--    Change the server type to NTP. To do this, follow these steps:
-        Click Start, click Run, type regedit, and then click OK.
-        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
-        In the right pane, right-click Type, and then click Modify.
-        In Edit Value, type NTP in the Value data box, and then click OK.
--    Set AnnounceFlags to 5. To do this, follow these steps:
-        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
-        In the right pane, right-click AnnounceFlags, and then click Modify.
-        In Edit DWORD Value, type 5 in the Value data box, and then click OK.
--    Enable NTPServer. To do this, follow these steps:
-       Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
-        In the right pane, right-click Enabled, and then click Modify.
-        In Edit DWORD Value, type 1 in the Value data box, and then click OK.
--    Specify the time sources. To do this, follow these steps:
-        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
-        In the right pane, right-click NtpServer, and then click Modify.
-        In Edit Value, type Peers in the Value data box, and then click OK.

        Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect.
    Select the poll interval. To do this, follow these steps:
        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
        In the right pane, right-click SpecialPollInterval, and then click Modify.
        In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

        Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.
    Configure the time correction settings. To do this, follow these steps:
        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
        In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
        In Edit DWORD Value, click to select Decimal in the Base box.
        In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

        Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
        Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
        In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
        In Edit DWORD Value, click to select Decimal in the Base box.
        In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

        Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
    Quit Registry Editor.
    At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
    net stop w32time && net start w32time
0
 
LVL 6

Expert Comment

by:thiagotietze
ID: 34095865
After all this, dont forget to verify the configurations by using

w32tm /monitor

and to verify the other domain controllers (the PDC FSMO one will be the master) doing:

w32tm /resync /rediscover
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34097099
Hi thiagotietze:

I tried your solution and started receiving these messages in the system event log:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34097145
I ran the two commands. Here is the output:
Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp.

C:\>w32tm /monitor
hpm1.xxxx.ads [192.168.1.2]:
    ICMP: 0ms delay.
    NTP: +21.2220951s offset from hpm3.xxxx.ads
        RefID: time.nist.gov [192.43.244.18]
hpm3.xxxx.ads *** PDC *** [192.168.1.4]:
    ICMP: 0ms delay.
    NTP: +0.0000000s offset from hpm3.xxx.ads
        RefID: 'LOCL' [76.79.67.76]

C:\>
C:\>w32tm /resync /rediscover
Sending resync command to local computer...
The computer did not resync because no time data was available.

C:\>
0
 
LVL 6

Expert Comment

by:thiagotietze
ID: 34097148
The services have been restarted with sucess?
If yes, try to unregister and re-register the service....

net stop w32time

w32tm /unregister
w32tm /register

net start w32time


If not works yet, are you able to restart the server?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34097187
I just ran that with no errors, but this came into the system log:

Event Type:      Warning
Event Source:      W32Time
Event Category:      None
Event ID:      12
Date:            11/9/2010
Time:            3:19:16 PM
User:            N/A
Computer:      HPM3
Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.  It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source.  Otherwise, this machine will  function as the authoritative time source in the domain hierarchy.  If an external  time source is not configured or used for this computer, you may choose to disable  the NtpClient.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 6

Expert Comment

by:thiagotietze
ID: 34097209
yes, it is just informing that this machine will assume as an authoritative server...

It is working :-)
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34130889
I'm still getting the same w32 errors as before.
0
 
LVL 25

Author Closing Comment

by:Tony Giangreco
ID: 34273930
thanks
0

Join & Write a Comment

Suggested Solutions

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now