Re: How to do better on Win2003's NTP?
- From: Kent <Kent@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 29 Jul 2008 00:12:02 -0700
Hello, Meinolf
Thanks for your reply, the web link of registry is helpful to me.
And the question about the authentication key I asked about is for the Unix
server's switch/router's NTP. They got authencation key for security option,
but window2003 support this?
Best regards,
Kent Si
"Meinolf Weber" wrote:
Hello Kent,.
See here and inline:
http://support.microsoft.com/kb/816042
Expand all on the left pane and you got a lot of infos:
http://technet2.microsoft.com/windowsserver/en/library/ac86e77c-0be3-430a-ba0b-c2225506fc4f1033.mspx
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello all, I am setting up the NTP server function in the Windows 2003
PDC server. There are not much information about the value in W32Time
registry, so hope to get some help here.
The NTP server on Windows 2003 is for company wide usage purpose that
will synchronize cisco network devices, unix servers and windows
2000/NT. Also the Windows 2003 will act as a NTP client to synchronize
from the GRPS time source.(The Windows 2003 is also a Primary Domain
Controller).
/-----
Network Devices (Cisco...)
GPRS Time Source -- Win2003 PDC ----- Domain Clients (XP)
\-----
Unix, Win2000, NT Servers
From the technical documents on the microsoft website, there isn't
much about the detail to set up an NTP server. I have followed the
steps of those technical documents and modified the "W32Time" in
registry. Finally, it could synchronize the other machines. But I have
not much confidence on it, since there isn't much information about
the meaning of values in the registry. And any unknown change could be
a risk to the PDC and the whole infrastructure.
At present, I installed another Win2k3 to simulate the PDC as a NTP
server(Not client for GPRS yet), and it works. This synchronizes with
the Cisco Switch 2950 and Unix about every 17 minutes.
Here are the registries I changed under "W32Time":
===========================================
\Parameters\Type -> NTP
\Config\AnnounceFlags -> 5
\TimeProviders\NtpServer\Enabled -> 1
\TimeProviders\NtpClient\SpecialPollInterval -> 900
\Config\MaxPosPhaseCorrection -> 172800
\Config\MaxNegPhaseCorrection -> 172800
\Config\LocalClockDispersion -> 0 (Previous 10)
Run the commands to restart the time service:
- net stop w32time
- net start w32time
===========================================
There are questions about the NTP in Win2003
(1) Does NTP in Win2003 have the security option to set a key for
authentication?
Within an Active Directory forest, the Windows Time service (W32time) relies
on standard domain security features to enforce the authentication of time
data. The security of Network Time Protocol (NTP) packets that are sent between
a domain member and a local domain controller that is acting as a time server
is based on shared key authentication. The Windows Time service uses the
local computer's Kerberos session key to create authenticated signatures
on NTP packets that are sent across the network. When a computer requests
the time from a domain controller in the domain hierarchy, the Windows Time
service requires that the time be authenticated. The domain controller then
returns the required information in the form of a 64-bit value that has been
authenticated with the session key from the Net Logon service. If the returned
NTP packet is not signed with the computer's session key or if it is not
signed correctly, the time is rejected. In this way, the Windows Time service
provides security for NTP data in an Active Directory forest.
(2) How to set the value of registry and control the interval that
clients update their time?
http://technet2.microsoft.com/windowsserver/en/library/fcc66e8b-58d9-41c9-83ee-56d07397e3e01033.mspx?mfr=true
I have made a call to Microsoft, but they treated it as a "How to", no
support on this. @.@
Thanks to all, any information is appreciated.
- Follow-Ups:
- Re: How to do better on Win2003's NTP?
- From: Meinolf Weber
- Re: How to do better on Win2003's NTP?
- References:
- How to do better on Win2003's NTP?
- From: Kent
- Re: How to do better on Win2003's NTP?
- From: Meinolf Weber
- How to do better on Win2003's NTP?
- Prev by Date: Re: Opening documents on network drive crashes network.
- Next by Date: Re: Upgrading to Windows 2008
- Previous by thread: Re: How to do better on Win2003's NTP?
- Next by thread: Re: How to do better on Win2003's NTP?
- Index(es):
Relevant Pages
|
