none
How to sync NTP time on the network?

    Question

  • Hi all

    At the moment the time on the Windows 2003 network is sync from different sources, this could be the firewall or the PDC server.

    How can I make all servers to sync from the AD4 *PDC* server bearing in mind that AD1 is the GC that is used by Exchange?

    Pls see the DC's list:

     AD0     

        ICMP: 0ms delay.     

        NTP: -0.0218117s offset from ad4     

            RefID: (unknown) [firewall]     

         

    AD1 [10.0.4.1]:     

        ICMP: 0ms delay.     

        NTP: +11.8451609s offset from ad4     

            RefID: unspecified / unsynchronized [0.0.0.0]     

         

    AD2 [10.0.5.225]:     

        ICMP: 3ms delay.     

        NTP: -0.0156941s offset from ad4     

            RefID: ad4 [10.0.1.162]     

         

    AD3 [10.0.1.152]:     

        ICMP: 0ms delay.     

        NTP: -0.0216287s offset from ad4     

            RefID: ad4 [10.0.1.162]     

         

    AD4 *** PDC *** [10.0.1.162]:     

        ICMP: 0ms delay.     

        NTP: +0.0000000s offset from ad4     

            RefID: time.nist.gov [192.43.244.18]  

     

    And the Registries entries on all servers:

    Server   Parameters>                                      Parameters>                      TimeProviders>NTPClient>

                    NTPServer                                          TYPE                                      specialPoollTimeRemaining

     

    AD0        firewall                                                 NTP                                        x

    AD1        time.windows.com                         NTP                                        time.windows.com

    AD2        time.windows.com                         NT5DS                                   x

    AD3        time.windows.com                         NT5DS                                   x

    AD4        time.nist.gov                                     NTP                                        firewall

    Thank you so much in advance for you help

    Maelito


    ismael
    Wednesday, June 24, 2009 9:52 AM

Answers

  • Hello,

    in a domain the PDCEmulator should be configured to use an external time server, make sure that all machines if firewalls are used have port 123 UDP opened:
    w32tm /config /manualpeerlist:peers /syncfromflags:manual /reliable:yes /update

    With "peers" you can set the time source, either DNS name (time.windows.com) or an ip address from a reliable time source.

    Here you can find some of them:
    http://www.pool.ntp.org/

    To reconfigure the domain computers for automatic domain time synchronization:
    w32tm /config /syncfromflags:domhier /update

    After that run:
    net stop w32time
    net start w32time

    You can also run the client time sync in a batch file as startup script.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Maelito Monday, June 29, 2009 8:06 AM
    Wednesday, June 24, 2009 10:23 AM

All replies

  • Please see the Kb article http://support.microsoft.com/default.aspx/kb/816042
    http://technetfaqs.wordpress.com
    Wednesday, June 24, 2009 10:00 AM
  • Hi
    Go To Every Single Server You Wanna Sync.

    Select Time & Date Properties ==> Internet Time Tab ===> Type Your server Name Then Update.

    Or Other Wise You Can Set Them Manually.

    Wish It Helps
    Thankx
    Wednesday, June 24, 2009 10:05 AM
  • Hello,

    in a domain the PDCEmulator should be configured to use an external time server, make sure that all machines if firewalls are used have port 123 UDP opened:
    w32tm /config /manualpeerlist:peers /syncfromflags:manual /reliable:yes /update

    With "peers" you can set the time source, either DNS name (time.windows.com) or an ip address from a reliable time source.

    Here you can find some of them:
    http://www.pool.ntp.org/

    To reconfigure the domain computers for automatic domain time synchronization:
    w32tm /config /syncfromflags:domhier /update

    After that run:
    net stop w32time
    net start w32time

    You can also run the client time sync in a batch file as startup script.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Maelito Monday, June 29, 2009 8:06 AM
    Wednesday, June 24, 2009 10:23 AM
  • Hi Meinolf
    I need to change the DC's that are pointing to the firewall to point to my PDC.
    How can I do this?
    Thanks
    Ismael
    ismael
    Wednesday, June 24, 2009 10:40 AM
  • Hello,

    To reconfigure the domain computers for automatic domain time synchronization:
    w32tm /config /syncfromflags:domhier /update

    After that run:
    net stop w32time
    net start w32time


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, June 24, 2009 10:44 AM
  • I understand the command but my question is:

    On the servers that have a reg entry as:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NTPServer = firewall 

    How can I change them to point to time.windows.com?

    Also for servers with reg entry as:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type=NTP

    How can I change them to point to NT5DS?

    And at the same time make them sync with the PDC server?

    Thanks so much for your time in helping me.
    Maelito

    ismael
    Wednesday, June 24, 2009 11:02 AM
  • Hello,

    did you run the command on one of the DCs?

    With that command the DC will now automatically synchronize time with the domain hierarchy, getting it's time from the new reliable time source.

    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, June 24, 2009 11:30 AM
  • Is that a one off command or will it change the registry for future resyncs?
    Maelito
    ismael
    Wednesday, June 24, 2009 11:39 AM
  • Hello,

    that command will automatically synchronize time with the domain hierarchy. And this will stay until you change something.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, June 24, 2009 11:44 AM
  • I see, so it will choose a DC to sync from even if the time of that DC is wrong?
    What I am looking for is a way of sync from the PDF only and be able to remove all references on the regestry to firewalls and other settings.
    Maelito

    ismael
    Wednesday, June 24, 2009 11:54 AM
  • Hello,

    domain time sync works this way, the PDCEmulator is the time source of the domain, ALL DCs sync with the PDCEmulator. All member servers and workstations sync with an available DC, this make sure that all machines in the domain have the same time.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, June 24, 2009 12:04 PM
  • Ah! Gotcha now!
    So if I run the command on the DC it will look for a PDC but if I run it on a workstation it will look for any DC.
    That is why when I run on an XP machine this sync with the PDC and then I run on a W2K3 server this sync with a DC ( this W2K3 server is not a DC is just a member)
    Thanks for all your time and help
    I will test it and let you know.
    Maelito
    ismael
    Wednesday, June 24, 2009 12:10 PM