none
When I look at the w32tm registry values they do not agree with /query /configuration RRS feed

  • Question

  • Win2012r2 server is domain controller FSMO role PDCe  using NTP and obtaining time from pool.ntp.org as expected. Question is about why the behavior differs from the configuration in the registry. Does w32tm /config not also update the registry?  I realize that the PDCe should use NTP and obtain time from an external source. I also realize that member servers (and other DCs) should use NT5DS and obtain their time from the PDCe. This question is about the behavior of w32tm "/query /status" and "/config" and the resulting values stored in the registry.

    Registry contains:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

    NtpServer REG_SZ "time.windows.com,0x9"

    Type REG_SZ "NT5DS"


    Command Output:

    C:\>w32tm /query /status /verbose
    Leap Indicator: 0(no warning)
    Stratum: 4 (secondary reference - syncd by (S)NTP)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.0532852s
    Root Dispersion: 0.0983969s
    ReferenceId: 0x0CA79702 (source IP:  12.167.151.2)
    Last Successful Sync Time: 2/18/2019 3:40:51 PM
    Source: pool.ntp.org
    Poll Interval: 10 (1024s)
    Phase Offset: -0.0000697s
    ClockRate: 0.0156253s
    State Machine: 2 (Sync)
    Time Source Flags: 0 (None)
    Server Role: 64 (Time Service)
    Last Sync Error: 0 (The command completed successfully.)
    Time since Last Good Sync Time: 200.3997467s

    IP 12.167.151.2 is an ntp.org time server hosted by sourcefire and is the expected result. The registry seems wrong. Why is the registry value not agreeing with the NTP behavior and w32tm /query result?

    Thank you.


    • Edited by Geo Perkins Monday, March 11, 2019 4:32 PM edit title
    Monday, February 18, 2019 11:22 PM

All replies

  • Type REG_SZ "NT5DS"

    For an external ntp server Type should be "NTP" 

    NT5DS Is the client protocol for Windows systems to retrieve time from a DC. More here.

    https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.




    Monday, February 18, 2019 11:33 PM
  • Dave, I don't think you are grokking the question. I understand that NTP is the protocol to an external Internet time server. That is what the DC is using to obtain time. My question is why is the registry setting not aligned with the actual configured w32tm Windows Time service? Why does the registry lie? (Notice the Type value as reported by w32tm). I could also export HKLM, but you'll have to trust me, it really does have time.windows.com and NT5DS in the registry.

    I now realize I should have pasted in the configuration instead of the status. Here you go:


    C:\>w32tm /query /configuration
    [Configuration]

    EventLogFlags: 2 (Local)
    AnnounceFlags: 10 (Local)
    TimeJumpAuditOffset: 28800 (Local)
    MinPollInterval: 6 (Local)
    MaxPollInterval: 10 (Local)
    MaxNegPhaseCorrection: 172800 (Local)
    MaxPosPhaseCorrection: 172800 (Local)
    MaxAllowedPhaseOffset: 300 (Local)

    FrequencyCorrectRate: 4 (Local)
    PollAdjustFactor: 5 (Local)
    LargePhaseOffset: 50000000 (Local)
    SpikeWatchPeriod: 900 (Local)
    LocalClockDispersion: 10 (Local)
    HoldPeriod: 5 (Local)
    PhaseCorrectRate: 7 (Local)
    UpdateInterval: 100 (Local)


    [TimeProviders]

    NtpClient (Local)
    DllName: C:\Windows\system32\w32time.dll (Local)
    Enabled: 1 (Local)
    InputProvider: 1 (Local)
    AllowNonstandardModeCombinations: 1 (Local)
    ResolvePeerBackoffMinutes: 15 (Policy)
    ResolvePeerBackoffMaxTimes: 7 (Policy)
    CompatibilityFlags: 2147483648 (Local)
    EventLogFlags: 0 (Policy)
    LargeSampleSkew: 3 (Local)
    SpecialPollInterval: 3600 (Policy)
    Type: NTP (Policy)
    NtpServer: pool.ntp.org (Policy)

    NtpServer (Local)
    DllName: C:\Windows\system32\w32time.dll (Local)
    Enabled: 1 (Local)
    InputProvider: 0 (Local)
    AllowNonstandardModeCombinations: 1 (Local)

    VMICTimeProvider (Local)
    DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
    Enabled: 1 (Local)
    InputProvider: 1 (Local)


    C:\>

    Tuesday, February 19, 2019 3:33 AM
  • don't think you are grokking the question

    Not even sure what this is (rhetorical)...... have you rebooted?

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Tuesday, February 19, 2019 3:51 AM
  • Dictionary result for grok
    /ɡräk/
    verbINFORMAL•US
    gerund or present participle: grokking
    understand (something) intuitively or by empathy.
    empathize or communicate sympathetically; establish a rapport.
    Origin of grok
    coined by Robert A. Heinlein in the science-fiction novel Stranger in a Strange Land (1961)

    Reboot: Yes, last restart was 1/17/2019. 

    This observation just seems like something that should be documented somewhere (my observation that the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time values are not updated by the w32tm /config command and so HKLM cannot be trusted as accurate for determining the time configuration). Also note that HKLM\SOFTWARE\Policies\Microsoft\Windows\W32time is not present (indicating no Group Policy settings being applied).

    The only Microsoft documentation I can find (other than blogs and such) is contained at docs (https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings) with warning about conflicts due to Group Policy using a different registry key at group policy (https://support.microsoft.com/en-us/help/902229/preset-values-for-the-windows-time-service-group-policy-settings-are-d)

    For the record, here is the exported w32tm registry key. Note that

    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\"NtpServer"="time.windows.com,0x9"
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\"Type"="NT5DS"

    conflicts with the output shown by w32tm /query /configuration (earlier post)!

    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]
    "Start"=dword:00000003
    "DisplayName"="@%SystemRoot%\\system32\\w32time.dll,-200"
    "ErrorControl"=dword:00000001
    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
      74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
      00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
      6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
      00,65,00,00,00
    "Type"=dword:00000020
    "Description"="@%SystemRoot%\\system32\\w32time.dll,-201"
    "ObjectName"="NT AUTHORITY\\LocalService"
    "ServiceSidType"=dword:00000001
    "RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
      00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\
      61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\
      00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
      61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\
      00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,\
      65,00,6d,00,54,00,69,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
      00,67,00,65,00,00,00,00,00
    "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
      00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
    "MaxAllowedPhaseOffset"=dword:0000012c
    "FrequencyCorrectRate"=dword:00000004
    "SpikeWatchPeriod"=dword:00000384
    "LocalClockDispersion"=dword:0000000a
    "HoldPeriod"=dword:00000005
    "PhaseCorrectRate"=dword:00000007
    "MaxPollInterval"=dword:0000000a
    "MaxPosPhaseCorrection"=dword:0002a300
    "PollAdjustFactor"=dword:00000005
    "AnnounceFlags"=dword:0000000a
    "TimeJumpAuditOffset"=dword:00007080
    "MinPollInterval"=dword:00000006
    "EventLogFlags"=dword:00000002
    "MaxNegPhaseCorrection"=dword:0002a300
    "LargePhaseOffset"=dword:02faf080
    "UpdateInterval"=dword:00000064
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
    "ServiceDllUnloadOnStop"=dword:00000001
    "ServiceMain"="SvchostEntry_W32Time"
    "NtpServer"="time.windows.com,0x9"
    "Type"="NT5DS"
    "ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
      00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      77,00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security]
    "Security"=hex:01,00,04,80,98,00,00,00,a4,00,00,00,00,00,00,00,14,00,00,00,02,\
      00,84,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,\
      00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
      00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,\
      8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,9d,01,02,00,01,\
      01,00,00,00,00,00,05,13,00,00,00,00,00,14,00,a9,00,02,00,01,01,00,00,00,00,\
      00,05,13,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,\
      05,12,00,00,00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient]
    "RunOnVirtualOnly"=dword:00000000
    "DllName"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
      74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,\
      00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
    "Enabled"=dword:00000001
    "CrossSiteSyncFlags"=dword:00000002
    "InputProvider"=dword:00000001
    "EventLogFlags"=dword:00000001
    "SpecialPollTimeRemaining"=hex(7):00,00
    "SignatureAuthAllowed"=dword:00000001
    "CompatibilityFlags"=dword:80000000
    "ResolvePeerBackoffMinutes"=dword:0000000f
    "ResolvePeerBackoffMaxTimes"=dword:00000007
    "AllowNonstandardModeCombinations"=dword:00000001
    "LargeSampleSkew"=dword:00000003
    "SpecialPollInterval"=dword:00000e10
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
    "ChainEntryTimeout"=dword:00000010
    "RunOnVirtualOnly"=dword:00000000
    "DllName"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
      74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,\
      00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
    "Enabled"=dword:00000001
    "InputProvider"=dword:00000000
    "ChainMaxEntries"=dword:00000080
    "ChainMaxHostEntries"=dword:00000004
    "EventLogFlags"=dword:00000000
    "ChainDisable"=dword:00000000
    "RequireSecureTimeSyncRequests"=dword:00000000
    "ChainLoggingRate"=dword:0000001e
    "AllowNonstandardModeCombinations"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider]
    "RunOnVirtualOnly"=dword:00000001
    "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
      74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,76,\
      00,6d,00,69,00,63,00,74,00,69,00,6d,00,65,00,70,00,72,00,6f,00,76,00,69,00,\
      64,00,65,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
    "Enabled"=dword:00000001
    "InputProvider"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TriggerInfo]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TriggerInfo\0]
    "Type"=dword:00000003
    "Action"=dword:00000001
    "GUID"=hex:ba,0a,e2,1c,51,98,21,44,94,30,1d,de,b7,66,e8,09
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TriggerInfo\1]
    "Type"=dword:00000003
    "Action"=dword:00000002
    "GUID"=hex:6e,51,af,dd,c2,58,66,48,95,74,c3,b6,15,d4,2e,a1
    

    • Edited by Geo Perkins Tuesday, February 19, 2019 4:11 PM typo
    Tuesday, February 19, 2019 4:07 PM
  • This observation just seems like something that should be documented somewhere 

    You can report this feedback over here on uservoice.

    https://windowsserver.uservoice.com/forums/295047-general-feedback

    or if immediate assistance were needed you can start a case here with product support.

    https://support.microsoft.com/en-us/gp/contactus81?forceorigin=esmc&audience=commercial&wa=wsignin1.0

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, February 19, 2019 5:14 PM
  • Really? Dropping a feedback slip into the suggestion box is all I'm going to get for an answer to this question? (I did that for all the good it will do.) I would have thought there was a reasonable explanation for what I'm observing (namely, that HKLM registry does not agree with the w32tm command output).  Clearly, time configuration is stored SOMEWHERE and that configuration is NOT using the registry values. 

    Monday, March 11, 2019 4:38 PM
  • If immediate assistance is needed you can start a case here with product support.

    https://support.microsoft.com/en-us/gp/contactus81?forceorigin=esmc&audience=commercial&wa=wsignin1.0

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, March 11, 2019 4:39 PM