Home > Command Line, Registry, Windows Server 2003, Windows Server 2008 > Windows Server time synchronization

Windows Server time synchronization

April 15th, 2010 Leave a comment Go to comments

Something I have frequently seen implemented incorrectly on Windows Server domains is time synchronization. Many admins think that by creating a GPO with a modified policy setting for 'Configure Windows NTP Client' (and using it to address an NTP source) all Servers and Clients will synchronize their time with that source. This isn't entirely true and there is actually a time hierarchy that should be considered when implementing time synchronization for each domain.

As far as W32Time (the Windows time service) is concerned, at the topmost level within the domain is the domain controller on which the PDC Emulator Flexible Single Master Operation (FSMO) role resides. This can be configured to synchronize it's time with a reliable external time source. By default all other domain controllers internally synchronize their time with the PDC Emulator. Similarly all domain member client computers synchronize their time with the domain controller that authenticates them.

timesync.png

Configuring the domain controller where the PDC Emulator role resides should be the only computer in the domain that requires any manual intervention to have the precise time on all domain client computers.

To find out which server the PDC Emulator role resides on open the Active Directory Users and Computers (ADUC) snap-in. Then right click on your domain and select 'Operations Masters'. Browsing the PDC tab will show you where the PDC Emulator role currently resides.

pdcemulator.png

On the domain controller where the PDC Emulator resides you can configure it to synchronize its time with an external source by using the following command:

net time /setsntp:<ip/dns>

Use the following example to set multiple external time sources to sync with:

net time /setsntp:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org"

You can also configure this manually by modifying the following registry key:

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

NtpServer=<ip/dns>
Type=NT5DS change this to Type=NTP

After making the above changes restart the W32Time service by issuing the following commands at a command prompt:

net stop w32time
net start w32time

NOTE: If you don't configure the PDC Emulator to synchronize its time with an external source it will simply use its own (CMOS) clock. Doing so will occasionally cause an error to appear in the event log on the server that resembles the following:

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 12

Event description: Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.

NOTE: If you experience a client with time synchronization problems ensure that it has the correct time zone set. If needed, the time service can be reset using the following commands:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync

  1. No comments yet.

*

code