Question, Windows Time Service
-
Monday, June 11, 2012 10:49 PM
Hi, My scenary is the follow:
Active Directory (Windows Server 2008 R2)
I have a NTP Server (spectracom) this server provide time sincronization in all servers and computers, However the NETCLOCK software disables the W32tm service on servers, and uses its own software to update the time...
the question is: I'll have a problem on domain controllers if disabled the W32tm service...Thanks for Help...
A-BAT
All Replies
-
Monday, June 11, 2012 11:44 PM
You just need your PDCe in your forest root to sync with the NTP server and then let the windows time hierarchy take over from there. There are a lot of great article on time.
One good one http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
You can search for more articles.
Thanks
Mike
- Proposed As Answer by Santhosh Sivarajan-MVP Tuesday, June 12, 2012 2:17 AM
- Marked As Answer by Rick TanModerator Friday, June 22, 2012 2:35 AM
-
Tuesday, June 12, 2012 5:03 AM
Hello,
time is essential in a domain and ONLY the PDCEmulator is the time source for ALL domain computers and requires the w32time service. So choose another device that won't disable required services.
http://msmvps.com/blogs/mweber/archive/2010/06/27/time-configuration-in-a-windows-domain.aspx
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
-
Tuesday, June 12, 2012 9:00 AMModerator
Kerberos authentication is dependent on the correct time if the time difference is more then 5 min domain authentication will fail. Other have pointed out correctly, it should be just PDC emulator should be syncing the time from the reliable or external source & domain clients as welll as other DC should follow domain hierarchy i.e. dc holding the PDC role.
The port 123 UDP is required by time services, so you don't want to change the default behavior.
Windows Time Server Role in AD Forest/Domain http://awinish.wordpress.com/2011/10/07/time-server-role-in-forestdomain/
Awinish Vishwakarma - MVP - Directory Services
My Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.- Marked As Answer by Rick TanModerator Friday, June 22, 2012 2:38 AM
-
Tuesday, June 12, 2012 10:03 AM
It is not recommended to install thirdy part time sync software on DC.There are thidy party time sync software which disables the W32time service.I would recommend instead of using s/w for time sync configure the authorative time server on PDC role holder server and uninstall the third party time sync s/w from DC.
Configure authorative time server on the PDC role holder server
http://support.microsoft.com/kb/816042
Please also make sure that udp port 123 which as direction the chosen NTP server is not blocked.For other domain computers / servers, make sure that they are using NT5DS for time syncMore on time sync refer Jorge's Time Service blogs:
Configuring and Managing the Windows Time Service, Parts 1 to 4:
http://blogs.dirteam.com/blogs/jorge/archive/2010/09/26/configuring-and-managing-the-windows-time-service-part-1.aspx
http://blogs.dirteam.com/blogs/jorge/archive/2010/09/26/configuring-and-managing-the-windows-time-service-part-2.aspx
http://blogs.dirteam.com/blogs/jorge/archive/2010/09/26/configuring-and-managing-the-windows-time-service-part-3.aspx
http://blogs.dirteam.com/blogs/jorge/archive/2010/09/26/configuring-and-managing-the-windows-time-service-part-4.aspxHope this helps
Best Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. -
Tuesday, June 12, 2012 3:31 PM
Hi, My scenary is the follow:
Active Directory (Windows Server 2008 R2)
I have a NTP Server (spectracom) this server provide time sincronization in all servers and computers, However the NETCLOCK software disables the W32tm service on servers, and uses its own software to update the time...
the question is: I'll have a problem on domain controllers if disabled the W32tm service...Thanks for Help...
A-BAT
Curious, what is the purpose of the third party time sync software? Did you find the default Windows Time Service and hierarchy ineffective for your needs? The Time serice works out of the box without any configuration other than simply setting the PDC emulator to sync with an outside source. That's it.
I can understand if this is a financial company dealing with the stock market where the SEC requires down to the split second transaction records that the Windows time service does not support down to split second timing.
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
- Proposed As Answer by AwinishMVP, Moderator Tuesday, June 12, 2012 4:19 PM
- Marked As Answer by Rick TanModerator Friday, June 22, 2012 2:38 AM
-
Monday, June 18, 2012 1:56 AMModeratorHi A-BAT,
I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.
Regards,
Rick Tan
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.Rick Tan
TechNet Community Support
.png)
