Re: domain time server
- From: "Julian Dragut" <julianmd@xxxxxxxxxx>
- Date: Thu, 10 Nov 2005 00:17:55 -0500
Hi there,
I am sorry to impose myself here, but it seems you guys are confusing the
time service w32time with the net time which just sets the time after a
NNTP server - on the spot.
This is not my post, so I'll include the link to it
http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Time-Service.html
Synching to an External Time Source
If you want to ensure that the clocks on your machines are more accurate in
terms of absolute (and not just relative) time, you can sync the PDC
Emulator in your forest root domain to one of the reliable time servers
available on the Internet. This is a good idea if your company is a large
enterprise with sites spanning several countries, or if your organization
has two or more forests linked by forest trusts. The procedure for doing
this on a PDC Emulator running Windows Server 2003 in the forest root domain
is as follows. Open Registry Editor (regedit.exe) and configure the
following registry entries:
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
This registry entry determines which peers W32Time will accept
synchronization from. Change this REG_SZ value from NT5DS to NTP so the PDC
Emulator synchronizes from the list of reliable time servers specified in
the NtpServer registry entry described below.
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
This registry entry controls whether the local computer is marked as a
reliable time server (which is only possible if the previous registry entry
is set to NTP as described above). Change this REG_DWORD value from 10 to 5
here.
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer
This registry entry specifies a space-delimited list of stratum 1 time
servers from which the local computer can obtain reliable time stamps. The
list may consist of one or more DNS names or IP addresses (if DNS names are
used then you must append ,0x1 to the end of each DNS name). For example, to
synchronize the PDC Emulator in your forest root domain with
tock.usno.navy.mil, an open-access SNTP time server run by the United States
Naval Observatory, change the value of the NtpServer registry entry from
time.microsoft.com,0x1 to tock.usno.navy.mil,0x1 here. Alternatively, you
can specify the IP address of this time server, which is 192.5.41.209
instead.
Now stop and restart the Windows Time service using the following commands:
net stop w32time
net start w32time
It may take an hour or so for the PDC Emulator to fully synchronize with the
external time server because of the nature of the polling method W32Time
uses. Depending on the latency of your Internet connection, the accuracy of
the CMOS clock on your forest root PDC Emulator may be within a second or
two of UTC. If you need more accurate time however, you can purchase a
hardware time source like an atomic clock and connect it to your PDC
emulator.
Alternatively, if you don't want to wait for time convergence to occur
between your stratum 2 time server (your forest root PDC Emulator) and the
external stratum 1 time server, you can run the following command on your
PDC Emulator:
w32tm /resync /rediscover
Tip
There are additional registry settings you can configure to ensure external
time synchronization operates effectively, see this article in the Microsoft
Knowledge Base for details.
Additional Resources
The following resources can be of use in configuring and troubleshooting
operation of the Windows Time service in Windows-based environments:
a.. How to configure an authoritative time server in Windows Server 2003 -
This KB article outlines in further detail how to sync your forest root PDC
Emulator to both internal and external time sources. It also has several
tips for troubleshooting time synchronization problems involving W32Time.
b.. How to configure an authoritative time server in Windows XP - This KB
article is useful if you need to sync standalone XP machines to an external
time source.
c.. Windows Time Service Tools and Settings - This section of the online
Windows Server 2003 Technical Reference describes the tools, registry
settings, and Group Policy settings that can be used for configuring the
Windows Time service.
d.. USNO NTP Network Time Servers - This page on the website for the Time
Service Department of the United States Naval Observatory lists the
different stratum 1 external time servers operated by the USNO that you can
use to establish reliable time on your Active Directory-based network.
Final Tip
Be sure to open UDP port 123 on the firewall at your network's edge if you
are syncing your forest root PDC Emulator to an external time source on the
Internet. This is because UDP port 123 is the default port used by SNTP,
which is the protocol used by W32Time for time synchronization over a
network. Furthermore, if you have deployed Windows XP Service Pack 2 then
you need to ensure UDP port 123 is also opened on Windows Firewall on your
desktop machines as well.
"ZVR" <nospamever@xxxxxx> wrote in message
news:koCdnbUTWKbkVO_eRVn-pw@xxxxxxxxxxxxx
> "C C" <someone@xxxxxxxxxxxxxxx> wrote in message
> news:_Xycf.10238$Lv.10172@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> Thanks. I have set number 2 in all DC's and member servers.
>> BUT how does the ISA server keeps its time? I have set
>> W32TIME service to synchronize with one of the .gov
>> time servers but it does not work. Error log shows error
>> on W32TIME.
>
> You probably did not enable the NTP protocol in the System Policy, for the
> IP address / FQDN of the time server you wanted to use.
>
> Virgil
>
>
.
- Follow-Ups:
- Re: domain time server
- From: ZVR
- Re: domain time server
- References:
- domain time server
- From: C C
- Re: domain time server
- From: ZVR
- Re: domain time server
- From: C C
- Re: domain time server
- From: ZVR
- domain time server
- Prev by Date: Re: domain time server
- Next by Date: Re: ISA 2004 and MSN share app
- Previous by thread: Re: domain time server
- Next by thread: Re: domain time server
- Index(es):
Relevant Pages
|
Loading
