none
Configure windows Server 2008 as a NTP server

    Question

  • Hi,

      I am a Linux guy. We have informed by the management to implement a time server on a windows server 2008 R2. But our Windows Engineer on vacation. So I have to do that task but i don't now how to do that. Could any body help me to configure Windows server 2008 R2 as a NTP server for our DC, ADC, Domain Clients and redhat machines. Can we setup a windows 2008 server R2 domain client as a NTP server or NTP server should be on a DC for the above mentioned environment. Please advice me and provide setup procedure.

    Thanks,

    vrp

     

     

    Friday, September 03, 2010 10:02 AM

Answers

All replies

  • You can setup a Windows 2008 server R2 as a NTP server and a NTP client. You should modify register entries to achive your goal (start>run>regedit)

    • To configure a NTP server, you can do it by proceeding to modify these register entries:

    SYSTEM\CurrentControlSet\services\W32time\Config\AnnounceFlags= 1

    SYSTEM\CurrentControlSet\services\W32time\Parameters\NtpServer = time.windows.com (This will allow the NTP Server to synchronize with time.windows.com, if you don't need that you can let it empty)

    SYSTEM\CurrentControlSet\services\W32time\Parameters\Type = NTP (This is optional and should be enabled if you want your NTP server synchronize with another NTP server)

    • To configure a NTP client, you can do it by proceeding to modify these register entries:

    SYSTEM\CurrentControlSet\services\W32time\Config\AnnounceFlags= 0

    SYSTEM\CurrentControlSet\services\W32time\Parameters\NtpServer = the IP address or the DNS name of the NTP server

    SYSTEM\CurrentControlSet\services\W32time\Parameters\Type = NTP


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, September 03, 2010 10:29 AM
  • I just want to add that if you've got a domain and all your computers are member of this domain then they will, by default, synchronize with the domain controller hosting the PDC Emulator FSMO role.

    So, if it is the case, you don't really need to have a NTP server.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, September 03, 2010 10:33 AM
  • What you said is right. But we have 7 ESXi servers, 10 Redhat server to be updated their time through NTP.
    Friday, September 03, 2010 6:10 PM
  • Thanks for your reply. I want NTP server should synchronize with local hardware time not with time.windows.com. Could you please advice .
    Friday, September 03, 2010 6:20 PM
  • I want NTP server should synchronize with local hardware time not with time.windows.com. Could you please advice .


    What do you mean by local hardware time?

    SYSTEM\CurrentControlSet\services\W32time\Parameters\NtpServer entry is used to specify the NTP server (like time.windows.com) with which your NTP server will sync. If it is empty it will not sync and the local clock will be used for client computer sync process.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, September 03, 2010 6:25 PM
  • linux07,

    see this section of the article "To configure the PDC master without using an external time source, change the announce flag on the PDC master. "

    http://support.microsoft.com/kb/816042

    to do this you must edit the registry on the pdc emulator. you also need to know if the default sync method for windows machines in the domain has been changed, and if so, create or edit an existing a gpo to revert windows machines to the default sync method. I cannot tell you how to configure non-windows machines.

    What I recommend, and please do not be offended, is to wait for your windows guy to return. It's critical for windows machines to maintain accurate time sync for kerberos.


    Roy Mayo | MCSE
    • Proposed as answer by Tiger Li Monday, September 06, 2010 7:20 AM
    Friday, September 03, 2010 6:31 PM
  • Hi Thank you very much. let me try it.
    Friday, September 03, 2010 6:56 PM
  • i have similar system.we have 4 esx ; one domain ,dc and adc are visual machines(both of them is not on physical machine ) both,redhat linux and oracle also visual. i know,recomended is phsical for dcs. ,but my system is like that and if it is on physical  take time from bios, do you know my system time is where???in my system sometimes my times is working wrong(5-15 minutes late)..my esx's(pdc installed on) ntp configuration is not enable (it is empty),is it cause?or what i configure...

     

    and i want configure ntp server for all my system (linux ,domain,dc ,pdc,domain clients,non domain client,swithes syncronise over ntp server ).

    what do you reccommend..?

    do you not reccommen change pdc time from outside source?(which i install ntp server on windows server 2008 r2)?

    So,how can i configure my whole systems on same time???

    please help.What is recommended solutions on systems....all over the network

     

    • Edited by datagrids Saturday, January 08, 2011 11:12 PM additon
    Saturday, January 08, 2011 11:04 PM
  • Hello datagrids,

    in a Windows domain time is essential and the time source is the DC having the PDCEmulator FSMO. No other time source should be used otherwise you have a lot additional configuration to do.

    Also using ESX time sync tool will result in problems as the Windows domain machines will then theoretical sync with the DCs and additional with the ESX time sync tool. If there is a difference you are in trouble as a Windows domain by default only accept a difference of max 5minutes.

    More details also in: http://msmvps.com/blogs/mweber/archive/2010/06/27/time-configuration-in-a-windows-domain.aspx

    So as recommendation, use only the Windows way for time sync and disable the time sync function with the ESX time sync.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Sunday, January 09, 2011 10:55 AM
  • so,do you reccommend me that:? is this way is tru? 1)Use time source as pdc and so my domain member take automatically from pdc,(like default, no additional configuration and so time from bios- ).do you?(dc and adc is on esx..while adc and dc is on esx ,still take time from bios?) 2.Whole network machines must at same time, so my non domain member machines like redhat linux,swithes,and other machines how to configurate to take time from dc? İs this way is best..? Thanks and please help
    Sunday, January 09, 2011 8:28 PM
  • Hello,

    i don't know and you didn't desdcribe which NTP server you are using and how the not Windows machines handle time sync. But make sure the Windows domain members work with the Windows way.

    So if the NTP server is an external or whatever time server(NOT domain member machine), configure the DC with the PDCEmulator FSMO to use it as a time source. In a domain all existing DCs sync automatically with that one and the other domain members will sync with an available DC. That way the Windows domain is in sync with the time. Also about the importance of the equal time no other time sync mechanism cna be used so disable on all VMs the time sync with the ESX server.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Sunday, January 09, 2011 9:37 PM
  •  

    1-all domain members take time from pdc(automatically ,it isnot need any configuration).

    2-non domain member  Linux and Windows machine configure from adjust date-time -internet time tab -change settings- choose syncronize with an internet time and give ip of dc. time and other machine

     

    you know ,i have 1pdc and 1 adc and both of them is on esx. 

     

     i  use pdc for time sync and time is  syncronize from dc.

    1-all domain members take time from pdc(automatically ,it isnot need any configuration).

    2-non domain member  Linux and Windows machine configure from adjust date-time -internet time tab -change settings- choose syncronize with an internet time and give ip of dc. time and other machine

    ,my problem is that when wsus give uptades to my machines ;time is get back 10-15 minutes  all over enterprise and time go wrong......

     help Me please?

     

    Friday, January 14, 2011 5:02 PM
  • Hello,

    is the WSUS also DC?

    A WSUS server will not give the updates to the client, the client checks the WSUS server if updates are available and then download and install them.

    If the WSUS is also domain member run the follwoing on it, to make sure it sync the time with the domain also:

    w32tm /config /syncfromflags:domhier /update

    After that you have to run:
    net stop w32time
    net start w32time

    This command lines can also be scripted and be used on all domain machines.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Saturday, January 15, 2011 1:05 AM
  • wsus(wsus and dc is both virtual machine) and dc is not on  same virtual machine.

    Saturday, January 15, 2011 7:54 PM
  • you know ,i have 1pdc and 1 adc and both of them is on esx. 

     

     i  use pdc for time sync

    1-all domain members take time from pdc(automatically ,it isnot need any configuration).

    2-non domain member  Linux and Windows machine configure from adjust date-time -internet time tab -change settings- choose syncronize with an internet time and give ip of dc. time and other machine

    ,my problem is that when wsus give uptades to my machines ;time is get back 10-15 minutes  all over enterprise and time go wrong......

     help Me please?

    help me please what is the reason of this late time problem...

    Monday, January 17, 2011 6:45 PM
  • Hello,

    as said before the WSUS server will not give the updates to the client, the client checks the WSUS server if updates are available and then download and install them.

    Have never seen that updating the machine reset the time to different one.

    Did you consider posting this into the WSUS forum? http://social.technet.microsoft.com/Forums/en-us/winserverwsus/threads

    Please check with w32tm command line details about the time servce on the problem machines and the domain:

    http://technet.microsoft.com/en-us/library/w32tm(WS.10).aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    • Marked as answer by linux07 Wednesday, January 25, 2012 4:13 AM
    Monday, January 17, 2011 10:51 PM
  • Thanks for your reply. I want NTP server should synchronize with local hardware time not with time.windows.com. Could you please advice .

    Sorry for late response. You can setup own NTP server on the network using for example NTS server tool -- it can be synced with any local NTP/SNTP source in your network
    Sunday, February 24, 2013 7:11 PM