Configuring Time Services on Windows Servers
Warning The following instructions contain details about modifying the registry. Before you do this, make sure you know how to back up, restore, and edit the registry. For more information, see the "Description of the Microsoft Windows Registry" Knowledge Base article at http://support.microsoft.com/default.aspx?scid=kb;en-us;256986.
As the preceding section shows, there are three scenarios for the configuration of the Windows Server 2003 time service. The recommended method is to synchronize with a GPS device; the configuration of this is beyond the scope of this document. The second best solution is to use synchronization with an Internet time server. The alternative of using the local server as the source of time should only be used where Internet connectivity is unavailable.
SNTP and NTP use coordinated universal time (UTC). UTC is based on an atomic time scale and is independent of time zone. Therefore, it is essential that you have the correct time zone set on your clients so that the correct time for your time zone can be
calculated.
The Windows Server 2003 time service (W32Time) is administered through the use of the w32tm tool. This tool provides configuration and debugging facilities for all aspects of the functioning of the time service. It is a command line tool and the options available are listed in Table 6.2.
Table 6.2: w32tm Command Line Tool Options
Option Description
/register Register to run as a service and add the default configuration to the registry.
/unregister Unregister as a service and remove all configuration information from the registry.
/monitor [/domain:<domain name>]
[/computers:<name>,[<name>…]]
[/threads:<num>]
Returns monitoring data on the specified domain or list of computers. threads specifies how many computers may be analyzed simultaneously — the default value is 3; the allowed range is 1 to 50.
/ntte Converts a Windows NT system time to a
human-readable format.
/ntpte Converts an NTP time to a
human-readable format.
/resync [/computer:<name>][/nowait]
[/rediscover][/soft]
Tells a computer to resynchronize its clock as soon as possible. computer specifies the computer that should be
resynchronized. nowait exits the utility immediately instead of waiting for the resynchronization to complete. rediscover reanalyzes the network and rediscovers sources and then resynchronizes. soft resynchronizes using the existing error statistics — this is only provided for compatibility.
/stripchart
/computer:<name>[/period:<refresh>]
[/dataonly][/samples:<count>]
Displays a stripchart showing the offset between this and another computer. The period is the time between samples; it defaults to 2 seconds. Dataonly does not draw a graph; it just reports the data.
Samples specifies how many samples to collect before stopping — if not defined, the utility will continue until Ctrl-C is pressed.
/config [/computer:<name>][/update]
[/manualpeerlist::<peers>]
[/syncfromflags:<source>]
[/LocalClockDispersion:<seconds>]
[/reliable:(YES|NO)]
Configures the time service on the specified computer. Update forces the changes to take place. Manualpeerlist specifies the NTP peers for the computer.
Syncfromflags specifies the NTP server
Option Description
[/largephaseoffset::<milliseconds>] that the computer should query for authoritative time. LocalClockDispersion sets the accuracy that will be assumed if the local clock should time not be available from the other configured sources. reliable sets if this computer is to be considered a reliable source of time for others.
Largephaseoffset sets the threshold value that the local computer will consider differences in time to be a spike.
/tz Displays the current time zone settings.
/dumpreg
[/subkey:<key>][/computer:<name>]
Displays the values associated with a given key. The default key shown is HKLM\System\CurrentControlSet\Services\
W32Time. subkey specifies which subkey to display. computer specifies which computer to query.
The following procedures show how you should use w32tm to configure time services on Windows Server 2003 for each of the time services scenarios depicted earlier in this section.
X To configure Windows Server 2003 PDC emulator with an external time source, follow these steps:
1. Open a command prompt. Click Start, Click Run…, enter cmd, and click OK.
2. At the command prompt, enter the following command:
w32tm /config /syncfromflags:manual /manualpeerlist:PeerList
Where PeerList is a comma-separated list of DNS names or IP addresses of the desired time sources.
3. At the command prompt, enter the following command:
w32tm /config /reliable:YES
This command configures the Windows time service to announce itself as a reliable source of time so that other computers can synchronize to it.
4. At the command prompt, enter the following command:
w32tm /config /update
This command notifies the time service of the changes to the configuration, causing the changes to take effect.
X To configure Windows Server 2003 PDC emulator to provide synchronization time, follow these steps:
1. Start the Registry Editor. Click Start, click Run…, enter regedt32.exe, and click OK.
2. Locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
3. Set the value of the Enabled variable of type REG_DWORD to 0.
4. Open a command prompt. Click Start, click Run…, enter cmd, and click OK.
5. At the command prompt, type the following command:
w32tm /config /reliable:YES
This command configures the Windows time service to announce itself as a reliable source of time so that other computers can synchronize to it.
6. At the command prompt, type the following command:
net stop w32time && net start w32time
This command restarts the Windows time service as a server only.
Note The Windows time service must not point to itself. If it is configured to do so, the following entries will be visible in the System Event Log:
The time provider NtpClient cannot reach or is currently receiving invalid time data from 192.168.1.1
(ntp.m|0x0|192.168.1.1:123->192.168.1.1:123)
No response has been received from Manual peer 192.168.1.1 after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer from which to synchronize.
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently
accessible. No attempt to contact a source will be made for 960 minutes. NtpClient has no source of accurate time.
X To configure Windows Server 2003 domain controller to synchronize to the domain source, follow these steps:
1. Open a command prompt. Click Start, click Run…, enter cmd, and click OK.
2. At the command prompt, type the following command:
w32tm /config /syncfromflags:DOMHIER
This command sets the source of time to be a domain controller in the domain hierarchy.
3. At the command prompt, type the following command:
w32tm /config /reliable:YES
This command configures the Windows time service to announce itself as a reliable source of time so that other computers can synchronize to it.
4. At the command prompt, type the following command:
w32tm /config /update
This command notifies the time service of the changes to the configuration, causing the changes to take effect.