none
How do you configure Windows Time Synchronization in a workgroup with no servers? RRS feed

  • Question

  • I'm building a small workgroup that must have time synchronization in a classified government LAN with no WAN connectivity.  All the systems are running Windows 7 Enterprise.  While it is obvious how to configure the clients to point at one system as the time server, I can find no guidance on how to properly configure the system which will host the authoritative time.  I have attempted to configure the system with authoritative time to use an internal hardware clock, as described for a PDC master in KB article 816042, by setting the AnnounceFlags to 0xA.  The client systems are able to compare their time with the master system using the w32tm /stripchart command, but a w32tm /resync commands results in the message "The computer did not resync because no time data was available."

    (FYI, I am posting to this forum because of guidance provided by Kurt Hudson in the Windows Time Service thread at http://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx.)

    Thursday, November 10, 2011 9:59 PM

Answers

  • The fastest, easiest method of configuring your Windows PC to be an NTP Server appears to be through a registry update.  Save the text below which is in Courier font to a REG file, then merge the REG file on the system which will be your NTP Server.  Restart the w32time service through the command line or via Control Panel => Services, and insure that the Windows Time service is configured for Automatic start.

    Windows Registry Editor Version 5.00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config]

    "AnnounceFlags"=dword:00000005

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Parameters]

    "Type"="NoSync"

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient]

    "Enabled"=dword:00000000

    "SpecialPollTimeRemaining"=hex(7):00,00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer]

    "Enabled"=dword:00000001

    <-------End of REG file------->

    The w32tm command does not provide all the options needed to enable NTP Server functionality on your computer.  The following command updates the AnnounceFlags value and the Type value, but you have to set the rest of the values by editing the registry or manipulating the Local Security Policy.

    w32tm /config /update /syncfromflags:NO /reliable:YES

     

    After implementing the changes specified above, your system should report the following when you run "w32tm /query /status":

    Leap Indicator: 0(no warning)
    Stratum: 1 (primary reference - syncd by radio clock)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.0000000s
    Root Dispersion: 10.0000000s
    ReferenceId: 0x4C4F434C (source name:  "LOCL")
    Last Successful Sync Time: MM/DD/YYYY HH:MM:SS
    Source: Local CMOS Clock
    Poll Interval: 10 (1024s)

    Hope this helps other folks who find themselves with similar requirements.


    Robin Strong
    • Marked as answer by gandalftx Tuesday, November 15, 2011 5:29 PM
    Tuesday, November 15, 2011 5:29 PM

All replies

  • Hi,

    Synchronize Time in a workgroup environment or with a non-Windows time server:
    http://blogs.technet.com/b/bulentozkir/archive/2011/05/20/synchronize-time-in-a-workgroup-environment-or-with-a-non-windows-time-server.aspx

    EDIT: Kb article: http://support.microsoft.com/kb/875424


    Abhijit Waikar - MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA

    Thursday, November 10, 2011 10:06 PM
  • In addition, see if this helps:

    How to synchronize the time with the Windows Time service in Windows XP (applies to all operating systems in a workgroup environment):
     "When the computers are part of a workgroup, you must manually configure the time synchronization settings. You might identify a computer as a locally reliable time source by configuring the Windows Time service on that computer to use a known accurate time source, either by using special hardware or by using a time source that is available on the Internet. You can configure all other workgroup computers manually to synchronize their time with this local time source."
     http://support.microsoft.com/kb/307897


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Friday, November 11, 2011 12:31 AM
  •  

    Hello,

     

    314054  (http://support.microsoft.com/kb/314054/ ) How to configure an authoritative time server in Windows XP

    ___________________________________________________________________________________________________________

     

    816043  (http://support.microsoft.com/kb/816043/ ) How to turn on debug logging in the Windows Time service

    884776  (http://support.microsoft.com/kb/884776/ ) Configuring the Windows Time service against a large time offset

    321708  (http://support.microsoft.com/kb/321708/ ) How to use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000

    216734  (http://support.microsoft.com/kb/216734/ ) How to configure an authoritative time server in Windows 2000

     

    With manually-specified synchronization, you can designate a single peer or list of peers that a computer obtains time from. If the computer is not a member of a domain, it must be manually configured to synchronize with a specified time source. By default, a computer that is a member of a domain is configured to synchronize from the domain hierarchy. Manually-specified synchronization is most useful for the forest root of the domain or for computers that are not joined to a domain. When you manually specify an external NTP server to synchronize with the authoritative computer for your domain, you provide reliable time. However, to provide high accuracy and security to your domain, we recommend that you configure the authoritative computer for your domain to synchronize with a hardware clock.

    Without a hardware time source, W32time is configured as a NTP type. You must reconfigure the MaxPosPhaseCorrection and MaxNegPhaseCorrection registry entries. The recommended value should be 15 minutes or even lower, depending on time source, network condition, and security requirement. This requirement also applies to any reliable time source that is configured as the forest root time source in the time sync subnet. For more information about these registry entries, see the "Windows Time service registry entries" section in this article.

    Note Manually-specified time sources are not authenticated unless a specific time provider is written for them, and these time sources are therefore vulnerable to attacks. Also, if a computer synchronizes with a manually-specified source instead of its authenticating domain controller, the two computers might be out of synchronization. This scenario causes Kerberos authentication to fail and could also cause other actions that require network authentication to fail, such as printing or file sharing. If only the forest root is configured to synchronize with an external source, all other computers within the forest remain synchronized with each other. This configuration makes replay attacks difficult.

     


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin


    • Edited by bshwjt Friday, November 11, 2011 10:29 AM
    Friday, November 11, 2011 8:21 AM
  • As I attempted to state in my original post, the problem I'm trying to solve is configuring a Windows 7 workgroup member to act as an NTP server and consider itself to be a reliable time source for the rest of the workgroup.  The responses to my post have been oriented to configuring the NTP clients, which I already understand how to do.  The system that I want to be the NTP server is reporting Event ID 36 from Time-Service, saying that "The time service has not synchronized the system time for [thousands of] seconds because none of the time service providers provided a usable time stamp. The time service is no longer synchronized and cannot provide the time to other clients or update the system clock."  I have configured the NTP Server to not attempt to be an NTP client.

    What sequence of commands can I issue to tell my Windows 7 NTP server to use its own CMOS clock as a reliable time source?  KB article 816042 implies that it is only necessary to update one registry value by setting the W32Time\Config\AnnounceFlags to 0xA and restarting the Time Service.  I have confirmed multiple times that this is NOT sufficient.

    Thanks to everyone on this thread for your assistance.


    Robin Strong
    Monday, November 14, 2011 6:04 PM
  • Windows non-DCs and client operating systems do not provide a time server service out of the box, but the Time service can be configured to do so.

    If you want a machine, whether a server or client machine, to be a time source for the workgroup, you can either configure your workstation's time service, (http://support.microsoft.com/kb/307897 ) or use a 3rd party time service on it, then configure your workgroup clients to sync with this machine's time service.

    After you've installed the third party time service on the server or client machine, then on the workgroup (non-AD joined) workstations, run the following to sync with the workgroup's time server:
     w32tm /config /syncfromflags:manual /manualpeerlist:<workgroupServerOrClientIpAddress>

     

    Here are some examples of third party time service software:
     
    NTP Client Software (Windows):
     http://www.endruntechnologies.com/ntp-client.htm#windows
     
    Timing Software Solutions
     http://www.zti-telecom.com/EN/Timing_Products_Software.html
     
    Time service software list of links:
    http://support.ntp.org/bin/view/Main/ExternalTimeRelatedLinks

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn




    • Edited by Ace Fekay [MCT] Saturday, January 11, 2014 5:39 PM Fixed a link
    Monday, November 14, 2011 6:44 PM
  • Hi,

    I'm trying to solve is configuring a Windows 7 workgroup member to act as an NTP server and consider itself to be a reliable time source for the rest of the workgroup.

    Its not possible, NTP server should only be PDC role owner, you can not configure a Windows 7 workgroup member to act as an NTP server.

    What sequence of commands can I issue to tell my Windows 7 NTP server to use its own CMOS clock as a reliable time source?  KB article 816042 implies that it is only necessary to update one registry value by setting the W32Time\Config\AnnounceFlags to 0xA and restarting the Time Service.  I have confirmed multiple times that this is NOT sufficient.

    Did you check my previous post, synchronize Time in a workgroup environment or with a non-Windows time server:
    http://blogs.technet.com/b/bulentozkir/archive/2011/05/20/synchronize-time-in-a-workgroup-environment-or-with-a-non-windows-time-server.aspx


    Abhijit Waikar - MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA
    Monday, November 14, 2011 6:49 PM
  • Oh, ye of little faith.  Heed the timeless adage "Can't never did anything."  KB article 307897, as suggested by Ace Fekay, provided the most helpful clue to resolving this issue.  Changing the AnnounceFlags to 5 allowed my Windows 7 NTP Server box to advertise itself as a good time source, and the clients are now able to sync with it.  Since I generally hack the registry with regedit, I'll confirm the sequence of w32tm commands that are needed on the NTP server to get it in the desired state, since that info doesn't seem to be available anywhere in the microsoft.com site or elsewhere that I can find.  I'm also using customized settings for UpdateInterval (0x168) and SpecialPollInterval (0x3C) on the NTP clients, and this is allowing the time to stay within .002 seconds according to w32tm /stripchart.


    Robin Strong
    Monday, November 14, 2011 7:54 PM
  • Glad to hear that article was helpful, despite my following post saying otherwise.


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Tuesday, November 15, 2011 3:56 AM
  • Also, I have tried the same but no luck.

    Agreed with Ace and Abhijit.


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
    Tuesday, November 15, 2011 5:18 AM
  • The fastest, easiest method of configuring your Windows PC to be an NTP Server appears to be through a registry update.  Save the text below which is in Courier font to a REG file, then merge the REG file on the system which will be your NTP Server.  Restart the w32time service through the command line or via Control Panel => Services, and insure that the Windows Time service is configured for Automatic start.

    Windows Registry Editor Version 5.00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config]

    "AnnounceFlags"=dword:00000005

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Parameters]

    "Type"="NoSync"

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient]

    "Enabled"=dword:00000000

    "SpecialPollTimeRemaining"=hex(7):00,00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer]

    "Enabled"=dword:00000001

    <-------End of REG file------->

    The w32tm command does not provide all the options needed to enable NTP Server functionality on your computer.  The following command updates the AnnounceFlags value and the Type value, but you have to set the rest of the values by editing the registry or manipulating the Local Security Policy.

    w32tm /config /update /syncfromflags:NO /reliable:YES

     

    After implementing the changes specified above, your system should report the following when you run "w32tm /query /status":

    Leap Indicator: 0(no warning)
    Stratum: 1 (primary reference - syncd by radio clock)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.0000000s
    Root Dispersion: 10.0000000s
    ReferenceId: 0x4C4F434C (source name:  "LOCL")
    Last Successful Sync Time: MM/DD/YYYY HH:MM:SS
    Source: Local CMOS Clock
    Poll Interval: 10 (1024s)

    Hope this helps other folks who find themselves with similar requirements.


    Robin Strong
    • Marked as answer by gandalftx Tuesday, November 15, 2011 5:29 PM
    Tuesday, November 15, 2011 5:29 PM
  • Thanks for clarifying the steps involved. It will definitely help others! :-)

     

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Tuesday, November 15, 2011 8:23 PM
  • Here's another wrinkle in the NTP functionality that is not well documented.

    By default, Windows 7 and Windows Server 2008 systems automatically stop some of the services if the computer is not joined to a domain.  The Windows Time service is one of these services.  To enable the Windows Time service to start automatically and not get stopped immediately, you must alter the trigger settings for the service.  The first and third commands listed below in bold display the trigger settings; the second command revises the triggers.  This modification should be applied to the NTP server as well as the NTP clients.

     

    C:\>sc qtriggerinfo w32time

    [SC] QueryServiceConfig2 SUCCESS

     

    SERVICE_NAME: w32time

     

            START SERVICE

              DOMAIN JOINED STATUS         : 1ce20aba-9851-4421-9430-1ddeb766e809 [DOMAIN JOINED]

            STOP SERVICE

              DOMAIN JOINED STATUS         : ddaf516e-58c2-4866-9574-c3b615d42ea1 [NOT DOMAIN JOINED]

     

    C:\>sc triggerinfo w32time start/networkon stop/networkoff

    [SC] ChangeServiceConfig2 SUCCESS

     

    C:\>sc qtriggerinfo w32time

    [SC] QueryServiceConfig2 SUCCESS

     

    SERVICE_NAME: w32time

     

            START SERVICE

              IP ADDRESS AVAILABILITY      : 4f27f2de-14e2-430b-a549-7cd48cbc8245 [FIRST IP ADDRESS AVAILABLE]

            STOP SERVICE

              IP ADDRESS AVAILABILITY      : cc4ba62a-162e-4648-847a-b6bdf993e335 [NO IP ADDRESS AVAILABLE]

     


    Robin Strong
    • Proposed as answer by Money Tree Friday, May 15, 2015 3:43 PM
    Monday, November 21, 2011 6:00 PM
  • You can use special software for synchronization, for example ClockSynchro. Network may be not connected ro internet. Contains ClockSynchroServer and CkockSynchroClient. This program is easy to install and use.
    On Windows 7 you must run ClockSynchroClient with adminisrtrator permitions ("Run as Administrator")

    WebSite: http://clocksynchro.com

    • Edited by Roman Gorniy Tuesday, September 17, 2013 11:01 AM
    Tuesday, September 17, 2013 10:59 AM
  • Thank you for including this information.  I ran into the problem of the time service stopping immediately after startup on the time server.  My first approach was to create a scheduled task that executed the following command every hour:

    C:\Windows\system32\net.exe start w32time

    It works, but it is not the best solution, so I went back to this thread and read through all of the posts, not just the solution above.  I found this post and it resolved the rest of the problem.  Everyone reading this thread needs to know that this is also part of the solution.

    
    Friday, May 15, 2015 3:42 PM