RE: Time Synchronisation
From: Igor Fomin (anonymous_at_discussions.microsoft.com)
Date: 04/08/04
- Next message: Abraham Cheng [MSFT]: "RE: Trust Relationships"
- Previous message: Igor Fomin: "RE: Print Services"
- In reply to: Adam: "Time Synchronisation"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 7 Apr 2004 23:36:02 -0700
Windows includes the W32Time Time service tool that is required by the Kerberos authentication protocol. The purpose of the Time service is to ensure that all computers that are running Windows 2000 or later in an organization use a common time. The Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.
Windows-based computers use the following hierarchy by default:
All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
All member servers follow the same process as client desktop computers.
Domain controllers may nominate the primary domain controller (PDC) operations master as their in-bound time partner but may use a parent domain controller based on stratum numbering.
All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner.
Following this hierarchy, the PDC operations master at the root of the forest becomes authoritative for the organization, and you should configure the PDC operations master to gather the time from an external source. This is logged in the System event log on the computer as event ID 62. Administrators can configure the Time service on the PDC operations master at the root of the forest to recognize an external Simple Network Time Protocol (SNTP) time server as authoritative by using the following net time command, where server_list is the server list:
net time /setsntp:server_list
There are several SNTP time servers run by the U.S. Naval Observatory that are satisfactory for this function, for example:
ntp2.usno.navy.mil at 192.5.41.209
tock.usno.navy.mil at 192.5.41.41
After you set the SNTP time server as authoritative, run either of the following commands on a computer other than the domain controller to reset the local computer's time against the authoritative time server:
net time /your domain name /set
Type the following commands, pressing ENTER after each command:
net stop w32time
w32tm –once
net start w32time
More information about the net time command is available at a command prompt if you type the following command:
net time /?
SNTP defaults to using User Datagram Protocol (UDP) port 123. If this port is not open to the Internet, you cannot synchronize your server to Internet SNTP servers.
NOTE: Administrators can also configure an internal time server as authoritative by using the net time command. If the administrator directs the command to the operations master, it may be necessary to reboot the server for the changes to take effect.
Best Regards.
Igor Fomin, igorf ==at== digdes ==dot== com
- Next message: Abraham Cheng [MSFT]: "RE: Trust Relationships"
- Previous message: Igor Fomin: "RE: Print Services"
- In reply to: Adam: "Time Synchronisation"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
