Configuring Time on Windows 2008 R2 Servers

Setting up time synchronization with reliable time sources is crucial in many windows operations as well as applications well functioning. In this article I set up a NTP server (e.g on a DC or a stand alone server) and a NTP client (e.g on a workgroup server) synchronized with reliable time sources.

A. Setting up the NTP server

The Domain controller that functions as the primary domain controller is usually configured to synchronize time with an external time source in order to provide reliable time services to it’s domain members. Make the following modifications in server’s registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type=NTP

this entry indicates which peers to accept synchronization from:

  • NoSync. The time service does not synchronize with other sources.
  • NTP. The time service synchronizes from the servers specified in the NtpServer. registry entry.
  • NT5DS. The time service synchronizes from the domain hierarchy.
  • AllSync. The time service uses all the available synchronization mechanisms.

The default value on domain members is NT5DS. The default value on stand-alone clients and servers is NTP.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags=5

This entry controls whether this computer is marked as a reliable time server. A computer is not marked as reliable unless it is also marked as a time server.

  • 0x00 Not a time server
  • 0x01 Always time server
  • 0x02 Automatic time server
  • 0x04 Always reliable time server
  • 0x08 Automatic reliable time server

The default value for domain members is 10. The default value for stand-alone clients and servers is 10.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer\Enabled=1

This entry indicates if the NtpServer provider is enabled in the current Time Service.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NTPServer=<Peers>

This entry specifies a space-delimited list of peers from which a computer obtains time stamps, consisting of one or more DNS names or IP addresses. This entry is followeed by a comma and a number which means the following:

  • 0x01 SpecialInterval
  • 0x02 UseAsFallbackOnly
  • 0x04 SymmetricActive
  • 0x08 Client

In my case <Peers> could be “pool.ntp.org,0x9” which uses DNS round robin to make a random selection from a pool of time servers. Or, the entry could be “gr.pool.ntp.org,0x9” or could be “0.gr.pool.ntp.org,0x9 3.europe.pool.ntp.org,0x9 2.europe.pool.ntp.org,0x9”

Check out NTP Pool Time Servers link.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval=900

This entry specifies the special poll interval in seconds for manual peers. When the SpecialInterval 0x1 flag is enabled, W32Time uses this poll interval instead of a poll interval determine by the operating system.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection=<TimeinSeconds>

This entry specifies the largest positive time correction in seconds that the service makes. If the service determines that a change larger than this is required, it logs an event instead.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection=<TimeinSeconds>

This entry specifies the largest negative time correction in seconds that the service makes. If the service determines that a change larger than this is required, it logs an event instead.

Finally, at the command prompt type the following command to restart the Windows Time service:

net stop w32time && net start w32time

B. Setting up the NTP Client

Most domain member computers have a time client type of NT5DS, which means that they synchronize time from the domain hierarchy. in this case you don’t have to change anything, but if you have a workgroup server that should synchronize with your NTP server, do the following steps:

Make sure that your Windows Time service is up and running. If it is not, start it and configure it to start Automatically.

Execute the following commands:

w32tm /config /manualpeerlist:<Peers> /syncfromflags:MANUAL /reliable:yes /update

where <Peers> is a list of reliable NTP servers enclosed in double quotes and the format is as mentioned above in this article. e.g ”192.168.1.1,0×9 192.168.1.2,0×9”

The other flags mean:

  • syncfromflags:MANUAL – sets what sources the NTP client should synchronize from. MANUAL means to include peers from the manual peer list
  • reliable:yes – set whether this computer is a reliable time source.
  • update – notifies the time service that the configuration has changed, causing the changes to take effect

w32tm /resync

  • This command tells a computer that it should resynchronize its clock as soon as possible, throwing out all accumulated error statistics.
Advertisements

One thought on “Configuring Time on Windows 2008 R2 Servers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s