Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How do I get server time from my firewall?

Posted on 2010-11-09
11
Medium Priority
?
2,560 Views
Last Modified: 2012-05-10
I support a Windows AD domain: 1- Win 2003 Enterprise srvr, 1- Windows 2003 Std server, 35 workstations xp, vista, win7, one Sonicwall TZ210W firewall

I setup my firewall to get time from internet timeservers. Now how do I set my Windows 2003 Enterprise server (which is the PDC Emulator) to get time from the Sonicwall?

My sonicwall has an IP of 192.168.1.254
0
Comment
Question by:Tony Giangreco
  • 5
  • 5
11 Comments
 
LVL 6

Expert Comment

by:thiagotietze
ID: 34095831
TG-TIS

The best way to do it, is to estrictly follow this KB from Microsoft:
http://support.microsoft.com/kb/816042/en-us
0
 
LVL 8

Expert Comment

by:ShareefHuddle
ID: 34095850
Unless they came out with a new OS, a sonicwall tz210 is not a NTP server. You can setup you server to sync outside though.

Follow this link: http://technet.microsoft.com/en-us/library/cc784553(WS.10).aspx
0
 
LVL 6

Accepted Solution

by:
thiagotietze earned 2000 total points
ID: 34095855
Resuming a little:

--    Change the server type to NTP. To do this, follow these steps:
-        Click Start, click Run, type regedit, and then click OK.
-        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
-        In the right pane, right-click Type, and then click Modify.
-        In Edit Value, type NTP in the Value data box, and then click OK.
--    Set AnnounceFlags to 5. To do this, follow these steps:
-        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
-        In the right pane, right-click AnnounceFlags, and then click Modify.
-        In Edit DWORD Value, type 5 in the Value data box, and then click OK.
--    Enable NTPServer. To do this, follow these steps:
-       Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
-        In the right pane, right-click Enabled, and then click Modify.
-        In Edit DWORD Value, type 1 in the Value data box, and then click OK.
--    Specify the time sources. To do this, follow these steps:
-        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
-        In the right pane, right-click NtpServer, and then click Modify.
-        In Edit Value, type Peers in the Value data box, and then click OK.

        Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect.
    Select the poll interval. To do this, follow these steps:
        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
        In the right pane, right-click SpecialPollInterval, and then click Modify.
        In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

        Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.
    Configure the time correction settings. To do this, follow these steps:
        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
        In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
        In Edit DWORD Value, click to select Decimal in the Base box.
        In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

        Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
        Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
        In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
        In Edit DWORD Value, click to select Decimal in the Base box.
        In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

        Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
    Quit Registry Editor.
    At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
    net stop w32time && net start w32time
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 6

Expert Comment

by:thiagotietze
ID: 34095865
After all this, dont forget to verify the configurations by using

w32tm /monitor

and to verify the other domain controllers (the PDC FSMO one will be the master) doing:

w32tm /resync /rediscover
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34097099
Hi thiagotietze:

I tried your solution and started receiving these messages in the system event log:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34097145
I ran the two commands. Here is the output:
Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp.

C:\>w32tm /monitor
hpm1.xxxx.ads [192.168.1.2]:
    ICMP: 0ms delay.
    NTP: +21.2220951s offset from hpm3.xxxx.ads
        RefID: time.nist.gov [192.43.244.18]
hpm3.xxxx.ads *** PDC *** [192.168.1.4]:
    ICMP: 0ms delay.
    NTP: +0.0000000s offset from hpm3.xxx.ads
        RefID: 'LOCL' [76.79.67.76]

C:\>
C:\>w32tm /resync /rediscover
Sending resync command to local computer...
The computer did not resync because no time data was available.

C:\>
0
 
LVL 6

Expert Comment

by:thiagotietze
ID: 34097148
The services have been restarted with sucess?
If yes, try to unregister and re-register the service....

net stop w32time

w32tm /unregister
w32tm /register

net start w32time


If not works yet, are you able to restart the server?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34097187
I just ran that with no errors, but this came into the system log:

Event Type:      Warning
Event Source:      W32Time
Event Category:      None
Event ID:      12
Date:            11/9/2010
Time:            3:19:16 PM
User:            N/A
Computer:      HPM3
Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.  It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source.  Otherwise, this machine will  function as the authoritative time source in the domain hierarchy.  If an external  time source is not configured or used for this computer, you may choose to disable  the NtpClient.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 6

Expert Comment

by:thiagotietze
ID: 34097209
yes, it is just informing that this machine will assume as an authoritative server...

It is working :-)
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 34130889
I'm still getting the same w32 errors as before.
0
 
LVL 25

Author Closing Comment

by:Tony Giangreco
ID: 34273930
thanks
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question