Re: Windows 2003 Time Service
From: Justin Thyme (jit_at_aol.com)
Date: 04/23/04
- Next message: clamfuddle: "Re: Have Laptop, will travel (multiple domains question)"
- Previous message: Justin Thyme: "Re: Basic Firewall Switch Configuration With Win2003 Server"
- In reply to: Rick Chisholm: "Re: Windows 2003 Time Service"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 23 Apr 2004 17:14:52 -0500
Hello All,
I think I've found a hint of the problem. (read below)
I can't find anything to do with "Access Control" because the 2004 does not
have the IIS server installed as the 2.0 did.
Also, The ISA server does not want to sync with an external time source.
Any ideas?
Thanks in advance,
==============================
Microsoft Knowledge Base Article - 305135
"The Windows 2000 and Windows Server 2003 Time Service Does Not Work Through
a Proxy with Access Control Enabled
View products that this article applies to."
This article was previously published under Q305135
SYMPTOMS
If the Windows Time service is set to run behind a Microsoft Proxy
Server-based server, the Time service may not be able to connect to the
external Network Time Protocol (NTP) Time service.
CAUSE
This issue occurs because the Windows Time service runs under the local
system account on the internal server, and the Access Control feature is
enabled on the proxy server.
RESOLUTION
To work around this issue, use any of the following methods:
a.. Disable the Access Control feature for the Winsock proxy. The Enable
Access Control check box is located on the Permissions tab in the properties
of the Winsock Proxy service in Microsoft Internet Information Services
(IIS) Manager. To disable the Access Control feature, click to clear the
check box.
b.. Set the computer to access the proxy server for its NTP server, and
configure the proxy to point to the external Time service.
========================
"Rick Chisholm" <rchisholm@NOSPAMsouthlandonline.com> wrote in message
news:OwRN9m6JEHA.1000@TK2MSFTNGP11.phx.gbl...
> use net time to config your manual setting instead
>
> net time ntp2.usno.navy.mil
>
> also check these reg entries:
>
> # ReliableTimeSource : REG_DWORD (optional)
> Used to indicate that this computer has reliable time.
> 0 = do not mark this computer as having reliable time [default]
> 1 = mark this computer as having reliable time (this is only useful on a
> domain controller)
> # Type : REG_SZ
> Used to control how a computer synchronizes.
> Nt5DS = synchronize to domain hierarchy [default]
> NTP = synchronize to manually configured source
> NoSync = do not synchronize time
>
>
> Rick
>
>
>
> Justin Thyme wrote:
>
>> Hello Rick, Thanks for the input.
>>
>> A brief recap and what I've tried so far.
>>
>> I would like to set the Time Service to synchronize from an external
>> source (for example : ntp2.usno.navy.mil) on the PDC
>> emulator for the domain at the root of the forest.
>>
>> I have completed the following steps:
>>
>> Ping the external Time server (ntp2.usno.navy.mil) from the internal
>> Time Server. OK
>>
>> w32tm /config /manualpeerlist:"192.5.41.209" /syncfromflags:manual
>> w32tm /config /update
>>
>> Both commands complete succesfully. I check the registery and see the
>> correct address in the w32time parameter section.
>> Then to test the connection I stop and restart the w32time service:
>>
>> net stop w32time
>> net start w32time
>>
>> After this I see the following in the Event log:
>>
>> ==================================================================
>> Event Type: Warning
>> Event Source: W32Time
>> Event Category: None
>> Event ID: 12
>> Date: 4/20/2004
>> Time: 2:48:46 PM
>> User: N/A
>> Computer: SV02
>> Description:
>> Time Provider NtpClient: This machine is configured to use the domain
>> hierarchy to determine its time source, but it is the
>> PDC emulator for the domain at the root of the forest, so there is no
>> machine above it in the domain hierarchy to use as a
>> time source. It is recommended that you either configure a reliable time
>> service in the root domain, or manually configure
>> the PDC to synchronize with an external time source. Otherwise, this
>> machine will function as the authoritative time source
>> in the domain hierarchy. If an external time source is not configured
>> or used for this computer, you may choose to disable
>> the NtpClient.
>> =============================================================
>>
>> Then I tried the following
>>
>> Entering the command "net time /querysntp" displays the address in
>> the peerlist above
>> Entering the command "net time /set /y" displays the message
>> "Could not locate a time-server"
>>
>> On the firewall I have the rule setup for port 123 to go to the specific
>> destination (ntp2.usno.navy.mil) and return the result
>> to the internal Time server address.
>>
>> To see what's happening I use network monitor on the Time Server and log
>> activity on the firewall.
>> I do not see any requests on the port 123 leaving the time server for the
>> external time source either from the Time server
>> interface or arriving at the firewall.
>>
>>
>> Evidently I don't understand how this is supposed to work. But, this is
>> all the info I have for the moment,
>> Any Ideas?
>>
>> Thanks for any help,
>> Best Regards
>>
>> "Rick Chisholm" <rchisholm@NOSPAMsouthlandonline.com> wrote in message
>> news:O5aAyUwJEHA.2692@tk2msftngp13.phx.gbl...
>>
>>>get your PDC syncing first
>>>
>>>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
>>>
>>>and set ntpserver to something - you may wish time.windows.com; I use a
>>>local freebsd time server that syncs to an atomic clock somewhere in
>>>atomic clock land.
>>>
>>>Domain members should pretty much sync on their own - IF there aren't
>>>firewalls (software or hardware) blocking the process.
>>>
>>>Rick
>>
>>
- Next message: clamfuddle: "Re: Have Laptop, will travel (multiple domains question)"
- Previous message: Justin Thyme: "Re: Basic Firewall Switch Configuration With Win2003 Server"
- In reply to: Rick Chisholm: "Re: Windows 2003 Time Service"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
