Setup local NTP Server.

Barry Kay
Barry Kay used Ask the Experts™
We have a number of IP phones that connect to a local Windows Server 2012 STD R2 on our network which runs the 3CX digital PBX. The server can break-out to the internet but the phones themselves do not and thus do not get the correct time from an external NTP Server.

How can I go about setting up the DC or even the 3CX server to run a NTP server, so that I can add that URL to the IP phones NTP setting in order to get the correct time.

IP Phone NTP Setting
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Pete LongTechnical Consultant

Windows tends to run w32time (which is similar to NTP), do you have and decent networtk switches etc, they are what I prefer to use?

or simply open udp port 123 on the firewall and use a public NTP server :)
Barry KaySystems Engineer


Thanks Peter. Unfortunately our firewall controls Internet access via AD Authentication. The IP phones don't connect to AD, In order for them to get internet access we would have to add each IP address to a white-list that bypasses the authentication. Too many IPs and too much of a risk.
it is fairly possible the ntp server builtin windows will work. and easy to test. i have no idea in your case.

if it does not, you probably can run a tiny vm with an actual ntp server such as ntpd or chrony. do not try to install either of them in cygwin.

you will also find ntpd software for windows such as meinberg's. i have no experience with them. maybe they will work as expected.

other options include setting a redirection to an ntp server from a machine that does have internet access. the ntp protocol will handle a transparent port redirection reasonably well.
Fractional CTO
Distinguished Expert 2018
Tip: Easy way to accomplish this is just to open the NTPD firewall port everywhere, then let NTPD or w32time connect directly to NTPD servers on the net.

The servers [0123] provide fast + stable servers.
you can setup your ip phones on a dedicated lan and open ntp access for the whole lan rather than manage a huge list
kevinhsiehNetwork Engineer

Just point the phones to your DC for NTP. All Windows DCs run NTP compatible service. All of my networking gear get NTP from my DCs. In fact, I even have in my internal DNS so devices using a FQDN for NTP can be easily configured.
Yeah. First thing to try. But does not always work from my experience. It does most of the time though
DrDave242Principal Support Engineer

Like Kevin says above, your DC is already a time server; it has to be in order for Kerberos authentication to function throughout the domain. You may have to open UDP port 123 on the DC's firewall in order for devices to sync their clocks with it. Windows should have opened this port automatically on the Windows firewall when the DC was promoted, but if it's running a third-party firewall app, you'll likely have to open it manually.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial