Solved

Entering the NTP external source in PDC Emulator DC role

Posted on 2015-01-14
15
303 Views
Last Modified: 2015-03-23
What is the best practice in putting in the external time source for the PDC emulator which serves as the NTP server for all the workstations & servers in Active Directory domain ?

Since all of my users are spread across different timezones and all of my servers are in Australia, I wonder if I should select the following list of NTP:

server 0.au.pool.ntp.org
         server 1.au.pool.ntp.org
         server 2.au.pool.ntp.org
         server 3.au.pool.ntp.org

over the following random list of NTP below:
Name:    host-24-56-178-140.beyondbb.com
Address:  24.56.178.140

Name:    64.147.116.229.static.nyinternet.net
Address:  64.147.116.229

Name:    nist1-lv.ustiming.org
Address:  64.250.229.100

and lastly how am I suppose to type in the value in the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameter\
Type: NTP
NtpServer:.....

Open in new window


shall I type in the FQDN of the NTP pool above or the first line of the IP address returned from the:
nslookup 0.au.pool.ntp.org
nslookup 1.au.pool.ntp.org
nslookup 2.au.pool.ntp.org
nslookup 3.au.pool.ntp.org

above ?
0
Comment
  • 7
  • 5
  • 3
15 Comments
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 125 total points
ID: 40550570
It's good practice to use time sources that are geographically local to your servers as this will reduce the network latency as well as avoid the likelihood of disruptions if an international network outage occur (not uncommon for us Aussies).

As for the NTPServer registry key, you can use both the IP address or the DNS name of the time source as long as you separate the entries with a space between them.

e.g. 0.au.pool.ntp.org 1.au.pool.ntp.org 3.au.pool.ntp.org 4.au.pool.ntp.org

You should also look at using the 0x1 and 0x2 flags with each time source. Have a read of this article for more info on what these flags do: http://blogs.msdn.com/b/w32time/archive/2008/02/26/configuring-the-time-service-ntpserver-and-specialpollinterval.aspx
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40550599
Thanks VB, that does make sense after all.

as for the flag, can I just specify like below:

0.au.pool.ntp.org,0x1 1.au.pool.ntp.org,0x1 3.au.pool.ntp.org,0x2 4.au.pool.ntp.org,0x2

would that be acceptable ?
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 375 total points
ID: 40550744
You could use command if wanted to:

The command:
w32tm /config /manualpeerlist:peers  /syncfromflags:manual /reliable:yes /update

Replace peers with NTP server name, if multiple NTP servers, replace peers as shown below
w32tm /config /manualpeerlist:"contoso.com clock.adatum.com" /syncfromflags:manual /reliable:yes /update

Open in new window

Replace peers with FQDN you have
http://technet.microsoft.com/en-us/library/cc786897(v=ws.10).aspx
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40550981
Mahesh,

So in this case I can just use the w32tm command line without worrying / confused myself about typing the hex flag values to the registry key?

w32tm /config /manualpeerlist:"0.au.pool.ntp.org 1.au.pool.ntp.org 3.au.pool.ntp.org 4.au.pool.ntp.org" /syncfromflags:manual /reliable:yes /update

Would that be good enough ?

do I have to do the following registry entry changes as well ?
Registry screenshot
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40550991
Thanks VB, that does make sense after all.

as for the flag, can I just specify like below:

0.au.pool.ntp.org,0x1 1.au.pool.ntp.org,0x1 3.au.pool.ntp.org,0x2 4.au.pool.ntp.org,0x2

would that be acceptable ?
Yep that will work perfectly fine. Just realised I forgot 2.au.pool.ntp.org in that list though :)
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40551057
ah yes, the more the merrier :-)

is there any caveats or drawback if I put the NTP Pool FQDN rather than the IP Address ?
I'm still wondering which format to choose for the best performance.
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 375 total points
ID: 40551093
No need to do further registry changes,
You are telling command that they are reliable time sources with /reliable:yes switch
Command will take care of that and no need to specify 0x1 values
After you run command, do not forget to restart w32tm (time) service

After that Just check in system log event ID 37 and 35
Also you can verify time source from cmd
w32tm /query /source
w32tm /query /status
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40551118
Use the FQDN as I believe the ntp.pool.org servers are setup in round-robin DNS, which means the IP address can vary each time you resolve it. This is mainly done for redundancy purposes.

Whilst the 0x1, 0x2, etc. flags aren't compulsory, they are good to have as it determines how your NTP server should react if one of the time sources is unreachable. The flags can also be used to dictate how often it should poll the time source.  For instance if you have a Special Poll Interval set but don't append the time source with 0x1 then the Special Poll Interval doesn't take affect.

They are there to give you more fine-grained control over your NTP server.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40552735
ok, so I have executed the command:

w32tm /query /source
w32tm /query /status

Open in new window


in the new domain controller VM, but somehow the result is not showing on the PDC emulator role ?
where and how to check the setting which overrides the default PDC emulator role as the definitive NTP ?
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40552778
How did you configure the NTP server settings? Group Policy or via the registry on your PDC?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40552845
This is the thing that I don't know yet.

I'm newly joined to this company and all of the server seems to get their time synch from various different source and I need to standardize it.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40552848
This is the only entry that I can found so far from the Windows Server 2003 which currently running as the PDC Emulator role:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"type"="NTP"
"ServiceMain"="SvchostEntry_W32Time"
"ServiceDll"=C:\WINNT\system32\w32time.dll
"NtpServer"="24.56.178.140 64.147.116.229 64.250.229.100"

Open in new window


why is that the server in the domain not getting the time synched from this one server consistently ?

The domain is one single domain in the forest.
Windows Server 2003 Functionality and Domain level.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 375 total points
ID: 40552921
1st check if PDC server is able to get time updates from set sources
Check for event ID 35 and 37 under system logs

After that you can enforce GPO on client computers to take time settings from domain DC server only

In GPO you can setup startup script under computer configuration
Create .bat file like below

w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time

http://technet.microsoft.com/en-us/library/cc758905(v=ws.10).aspx

U need to also ensure that windows time service is started in automatic mode on client computers, for that in same GPO enable time service for auto under computer configuration\windows settings\security settings\system services

If you are moving FSMO from old 2003 to new 2008 DC, 1st run below commands on 2003 server
w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time
net start w32time
http://technet.microsoft.com/en-us/library/cc738042(v=ws.10).aspx

Then run commands in earlier post on new PDC server to specify new NTP server
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40553067
This is the only entry that I can found so far from the Windows Server 2003 which currently running as the PDC Emulator role:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"type"="NTP"
"ServiceMain"="SvchostEntry_W32Time"
"ServiceDll"=C:\WINNT\system32\w32time.dll
"NtpServer"="24.56.178.140 64.147.116.229 64.250.229.100"

why is that the server in the domain not getting the time synched from this one server consistently ?

The domain is one single domain in the forest.
Windows Server 2003 Functionality and Domain level.
I can see you've opened a new EE question for this. Do you want to close this question since your original query has been answered and we pick it up in your other EE question?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40681704
Thanks Guys.
0

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now