From LedHed's Wiki
Jump to: navigation, search
Line 53: Line 53:
 
**EventLogFlags: 3
 
**EventLogFlags: 3
 
*Enable Windows NTP Server = Enabled
 
*Enable Windows NTP Server = Enabled
 +
 +
''ServerFlags'' you may have noticed the ,0x1 at the end of the NTP Server setting. This is a bitmask flag with the following options:
 +
0x01 = SpecialInterval (Use a predefined interval)
 +
0x02 = UseAsFallbackOnly (Try all other servers first)
 +
0x04 = SymmatricActive
 +
0x08 = Client
 +
 +
 +
''EventLogFlags'' is a bitmask, which means you can take the various values and add them together to implement multiple settings.
 +
For example:
 +
0 = Disabled
 +
1 = Log when ever a time jump is detected
 +
2 = Log when ever a time source change is made
 +
3 = 1+2 (Log time jumps and time source changes)
  
  

Revision as of 20:01, 30 September 2013

Windows 2003 & XP

Stop the Windows Time service

net stop w32time

Force a resync

w32tm /resync

Set the time source

net time /setsntp:<Time_Source>

View the current time source

net time /querysntp


Note: In most cases you dont need to stop the w32time service anymore.



Windows 2008 & 2012 Server

Stop the W32Time service:

net stop w32time

Configure the external time sources:

w32tm /config /syncfromflags:manual /manualpeerlist:'€0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org'

Make your PDC a reliable time source for the clients:

w32tm /config /reliable:yes

Start the w32time service:

net start w32time

The windows time service should begin synchronizing the time.

Check the external NTP servers in the time configuration by typing:

w32tm /query /configuration


External Time Source GPO

The PDC Emulator FSMO role is critical because it is the time source for the rest of the devices on the domain. In the event that your PDC goes down, you will likely transfer or seize the role onto another Domain Controller. The problem with this is the new DC was most likely never configured for an external time source. The solution is to create a Group Policy object that sets the external NTP settings, and create a WMI filter that applies this GPO to only the PDCs within the domain.

WMI Filter

SELECT * FROM Win32_ComputerSystem WHERE DomainRole = 5

GPO

Link the following GPO to the Domain Controllers OU.

Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Time Providers

  • Configure Windows NTP Client
    • NTP Server: us.pool.ntp.org,0x1
    • Type: NTP
    • EventLogFlags: 3
  • Enable Windows NTP Server = Enabled

ServerFlags you may have noticed the ,0x1 at the end of the NTP Server setting. This is a bitmask flag with the following options: 0x01 = SpecialInterval (Use a predefined interval) 0x02 = UseAsFallbackOnly (Try all other servers first) 0x04 = SymmatricActive 0x08 = Client


EventLogFlags is a bitmask, which means you can take the various values and add them together to implement multiple settings. For example: 0 = Disabled 1 = Log when ever a time jump is detected 2 = Log when ever a time source change is made 3 = 1+2 (Log time jumps and time source changes)


Reference

http://defaultreasoning.wordpress.com/2009/11/16/synchronize-time-with-external-ntp-server-on-windows-server-2008-r2/

http://blogs.technet.com/b/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering.aspx

http://www.networkworld.com/community/node/42190