Solved

confirm that ntp is working

Posted on 2013-05-16
6
353 Views
Last Modified: 2013-05-28
I understand that my domain contoller and backup DC are automatically set up as NTP servers.  How do I confirm that NTP is working correctly on them.  My investigations online found commands like ntpq -p, but these definitely don't work from a command line.  Any suggestions?

(i'm using Windows Server 2008 R2)
0
Comment
Question by:cuiinc
6 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39173021
0
 
LVL 1

Author Comment

by:cuiinc
ID: 39173047
hmm.  several questions:
I had previously ran Windows "fix-it-for-me" app, configuring the server to use an external time source, on my BACKUP DC, not on my PDC. (http://support.microsoft.com/kb/816042).  

When I run W32tm /query /configuration on my PDC, I get the following (see below).  Should I run W32tm /unregister on the backup DC and W32tm /register on my PDC?


Primary Domain Controller:
C:\Users\manager>W32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Local)
AnnounceFlags: 10 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NT5DS (Local)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
0
 
LVL 47

Expert Comment

by:dlethe
ID: 39183181
It sounds pretty obvious, but I've always tested by actually changing the time by a few seconds and checking back at whatever the polling interval was.

This is the only way to insure a full test to insure the system is properly configured & operational.
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 39183458
In general, your PDCe should sync with an external time source, other DCs will sync with the PDCe, members will sync with the DC authenticating them.
This here is not correct for a DC with the PDCe role: Type: NT5DS (Local)
You probably have errors in the system event log that this machine is configured to use the AD hierarchy, but that it's already at the top. And note that "w32tm /register" does not "register" a machine as NTP server; it registers the time service and its default settings.
In other words: in an elevated command prompt on the PDCe, enter (replacing <1.2.3.4> with the time server of your choice; the ,0x9 at the end will tell the time service to run in ntp client mode and use the configured poll interval):
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /config /manualpeerlist:<1.2.3.4>,0x9 /update
w32tm /resync /rediscover

Open in new window

Time servers are here (I wouldn't use the default "time.windows.com"; I've found it to be unreliable); pick a time server geographically close to you, for example one of these:
A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet
http://support.microsoft.com/kb/262680
The pool.ntp.org project
http://www.pool.ntp.org/

Then on the second DC, enter
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync /rediscover

Open in new window

To check a client, simply use
w32tm /resync /rediscover

Open in new window

And if you feel like it, you can use a group policy as well to configure this; it's a bit more complicated than a few command lines, but an interesting concept that can be useful.
Configuring an Authoritative Time Server with Group Policy Using WMI Filtering
http://blogs.technet.com/b/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering.aspx
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now