Re: w32tm - Missing registry keys

"Paul" == Paul Johnson <paul.johnson@xxxxxxxxxxx> writes:

Paul> Good Day, I am trying to set my SBS2000 domain controller to
Paul> sync from an external timesource and the automatically
Paul> update the clients periodically.

Paul,

This is the procedure I follow to configure my SBS server to
synchronize with the U.S. NTP server pool and to act as an NTP server
for domain members. Not all of these commands are strictly necessary,
so read through this carefully and review Microsoft's documentation
prior to making these changes.

1. Back up the existing service configuration with the following
command:

reg export HKLM\SYSTEM\CurrentControlSet\Services\W32Time "%TMP%\w32time.reg"

2. Enable the NTP client with the following command:

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters /v Type /t REG_SZ /d "NTP" /f

3. When some servers' internal (CMOS) clocks are wildly inaccurate and
erratic in regular operation, disable the internal clock with the
following command:

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config /v AnnounceFlags /t REG_DWORD /d 00000005 /f

4. Enable the NTP server with the following command:

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer /v Enabled /t REG_DWORD /d 00000001 /f

5. Specify the host names or IP addresses of the time servers with
which this server should synchronize with a command similar to the
following (making sure to add the suffix ",0x1" to each name/IP if
setting "SpecialPollInterval" below):

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters /v NtpServer /t REG_SZ /d "0.us.pool.ntp.org,0x1 1.us.pool.ntp.org,0x1 2.us.pool.ntp.org,0x1" /f

(Administrators in other countries should use one of the
country/region-specific NTP server pools instead.)

6. If the computer clock is especially erratic, override the default
polling intervals by configuring the NTP client to poll the time
servers every 900 seconds (15 minutes) with the following command:

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient /v SpecialPollInterval /t REG_DWORD /d 00000900 /f

7. Set the maximum number of hours W32time can advance the clock to 30
minutes (1800 seconds) with the following command:

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config /v MaxPosPhaseCorrection /t REG_DWORD /d 00001800 /f

8. Set the maximum number of hours W32time can retard the clock to 30
minutes (1800 seconds) with the following command:

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config /v MaxNegPhaseCorrection /t REG_DWORD /d 00001800 /f

9. With the above configuration changes made, restart the W32time
service with the following command:

net stop w32time && net start w32time

10. Verify that the server is synchronizing with the public NTP server
pool by looking in the System Event Log for messages similar to
the following:

Event Type: Information
Event Source: W32Time
Event Category: None
Event ID: 35
Date: 6/13/2006
Time: 3:01:43 PM
User: N/A
Computer: CINIP100NTSBS
Description: The time service is now synchronizing the system time
with the time source 0.us.pool.ntp.org
(ntp.m|0x1|10.5.5.10:123->64.142.103.194:123).

Further client configuration is usually unnecessary. Domain members
will sync clocks with the domain controller that logged them into the
domain at boot time, and domain controllers will sync with the PDC
emulator (i.e., the SBS server).

For more information (for those of you finding this article in
response to a search engine query):

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/26_s3wts.mspx

http://en.wikipedia.org/wiki/Replay_attack

http://technet2.microsoft.com/WindowsServer/en/Library/6ee8470e-a0e8-40b2-a84f-dbec6bcbd8621033.mspx

http://technet2.microsoft.com/WindowsServer/en/Library/e87d5d6b-5975-49b9-b45a-70e756780c341033.mspx

http://geodsoft.com/howto/timesync/why.htm

http://support.microsoft.com/kb/816042

http://support.microsoft.com/kb/884776

http://technet2.microsoft.com/WindowsServer/en/Library/274e614e-f515-4b80-b794-fe09b5c21bad1033.mspx

http://technet2.microsoft.com/WindowsServer/en/Library/9a353810-8e3a-4023-a557-db1a686d8ec81033.mspx

http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Time-Service.html

http://www.pool.ntp.org/

Best wishes,
Matthew

--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
.

Relevant Pages

  • Re: Time Sync on a Windows 2003 Server
    ... what i've done so far I ran on the domain controller. ... Type the following command to configure the PDC emulator and then press ... Peers i enter the IP address of the internal NTP server. ... Have you tried configuring time on all your servers, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Can user login be restricted based on time and day?
    ... Ok, the command line tool works. ... I've noticed that the time restrictions are only enforced for logging on. ... simply acts as a file/print server and allow a few users to long on ... Can AD be setup without the domain controller ...
    (microsoft.public.windows.server.general)
  • Re: [Q] How to setup NTP client under 4.3.3?
    ... > SETTING UP AN NTP SERVER ... > Server is ok, now to configure client. ... At command line enter: ...
    (AIX-L)
  • Re: Time Sync on a Windows 2003 Server
    ... Figuring that it might be my internal NTP server issue. ... 2003 Domain Controller B and 2003 Member Servers ... "Jorge Silva" wrote: ... >> Type the following command to display the time difference between the ...
    (microsoft.public.windows.server.active_directory)
  • RE: Trouble using GPFIXUP tool
    ... I ran the command from the DC itself and was able to get the GPO links ... > Failed to get the domain controller info: ... > The RPC Server is unavailable. ... > server does have all the master roles according to the operations master ...
    (microsoft.public.windows.server.active_directory)