From LedHed's Wiki
Jump to: navigation, search
 
(10 intermediate revisions by the same user not shown)
Line 19: Line 19:
  
  
== Windows 2008 Server ==
+
== Windows 2008 & 2012 Server ==
  
 
'''Stop the W32Time service:'''
 
'''Stop the W32Time service:'''
 
  net stop w32time
 
  net stop w32time
 
'''Configure the external time sources:'''
 
'''Configure the external time sources:'''
  w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
+
  w32tm /config /syncfromflags:manual /manualpeerlist:'€0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org'
 
'''Make your PDC a reliable time source for the clients:'''
 
'''Make your PDC a reliable time source for the clients:'''
 
  w32tm /config /reliable:yes
 
  w32tm /config /reliable:yes
Line 36: Line 36:
  
  
 +
== External Time Source GPO ==
 +
The PDC Emulator FSMO role is critical because it is the time source for the rest of the devices on the domain.
 +
In the event that your PDC goes down, you will likely transfer or seize the role onto another Domain Controller.
 +
The problem with this is the new DC was most likely never configured for an external time source. The solution is to create a Group Policy object that sets the external NTP settings, and create a WMI filter that applies this GPO to only the PDCs within the domain.
  
=== Reference ===
+
=== WMI Filter ===
 +
SELECT * FROM Win32_ComputerSystem WHERE DomainRole = 5
 +
 
 +
=== GPO ===
 +
Link the following GPO to the Domain Controllers OU.
 +
 
 +
Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Time Providers
 +
*Configure Windows NTP Client
 +
**NTP Server: us.pool.ntp.org,0x1
 +
**Type: NTP
 +
**EventLogFlags: 3
 +
*Enable Windows NTP Server = Enabled
 +
 
 +
''ServerFlags you may have noticed the ,0x1 at the end of the NTP Server setting. This is a bitmask flag with the following options:''<br>
 +
''0x01 = SpecialInterval (Use a predefined interval)''<br>
 +
''0x02 = UseAsFallbackOnly (Try all other servers first)''<br>
 +
''0x04 = SymmatricActive''<br>
 +
''0x08 = Client''<br>
 +
 
 +
''EventLogFlags is a bitmask, which means you can take the various values and add them together to implement multiple settings.''<br>
 +
''For example:''<br>
 +
''0 = Disabled''<br>
 +
''1 = Log when ever a time jump is detected''<br>
 +
''2 = Log when ever a time source change is made''<br>
 +
''3 = 1+2 (Log time jumps and time source changes)''<br>
 +
 
 +
 
 +
== Query any NTP server ==
 +
w32tm /stripchart /computer:<IP or FQDN>
 +
Output:
 +
01:44:54, d:+00.0052839s o:+00.0827370s  [                          *                          ]
 +
01:44:56, d:+00.0008230s o:+00.0850416s  [                          *                          ]
 +
01:44:58, d:+00.0007924s o:+00.0850182s  [                          *                          ]
 +
01:45:00, d:+00.0008230s o:+00.0850203s  [                          *                          ]
 +
01:45:02, d:+00.0008339s o:+00.0850633s  [                          *                          ]
 +
01:45:04, d:+00.0009755s o:+00.0850647s  [                          *                          ]
 +
 
 +
 
 +
 
 +
== Reference ==
 
http://defaultreasoning.wordpress.com/2009/11/16/synchronize-time-with-external-ntp-server-on-windows-server-2008-r2/
 
http://defaultreasoning.wordpress.com/2009/11/16/synchronize-time-with-external-ntp-server-on-windows-server-2008-r2/
 +
 +
http://blogs.technet.com/b/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering.aspx
 +
 +
http://www.networkworld.com/community/node/42190
  
 
[[Category:Windows]]
 
[[Category:Windows]]

Latest revision as of 13:17, 9 March 2021

Windows 2003 & XP

Stop the Windows Time service

net stop w32time

Force a resync

w32tm /resync

Set the time source

net time /setsntp:<Time_Source>

View the current time source

net time /querysntp


Note: In most cases you dont need to stop the w32time service anymore.



Windows 2008 & 2012 Server

Stop the W32Time service:

net stop w32time

Configure the external time sources:

w32tm /config /syncfromflags:manual /manualpeerlist:'€0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org'

Make your PDC a reliable time source for the clients:

w32tm /config /reliable:yes

Start the w32time service:

net start w32time

The windows time service should begin synchronizing the time.

Check the external NTP servers in the time configuration by typing:

w32tm /query /configuration


External Time Source GPO

The PDC Emulator FSMO role is critical because it is the time source for the rest of the devices on the domain. In the event that your PDC goes down, you will likely transfer or seize the role onto another Domain Controller. The problem with this is the new DC was most likely never configured for an external time source. The solution is to create a Group Policy object that sets the external NTP settings, and create a WMI filter that applies this GPO to only the PDCs within the domain.

WMI Filter

SELECT * FROM Win32_ComputerSystem WHERE DomainRole = 5

GPO

Link the following GPO to the Domain Controllers OU.

Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Time Providers

  • Configure Windows NTP Client
    • NTP Server: us.pool.ntp.org,0x1
    • Type: NTP
    • EventLogFlags: 3
  • Enable Windows NTP Server = Enabled

ServerFlags you may have noticed the ,0x1 at the end of the NTP Server setting. This is a bitmask flag with the following options:
0x01 = SpecialInterval (Use a predefined interval)
0x02 = UseAsFallbackOnly (Try all other servers first)
0x04 = SymmatricActive
0x08 = Client

EventLogFlags is a bitmask, which means you can take the various values and add them together to implement multiple settings.
For example:
0 = Disabled
1 = Log when ever a time jump is detected
2 = Log when ever a time source change is made
3 = 1+2 (Log time jumps and time source changes)


Query any NTP server

w32tm /stripchart /computer:<IP or FQDN>

Output:

01:44:54, d:+00.0052839s o:+00.0827370s  [                           *                           ]
01:44:56, d:+00.0008230s o:+00.0850416s  [                           *                           ]
01:44:58, d:+00.0007924s o:+00.0850182s  [                           *                           ]
01:45:00, d:+00.0008230s o:+00.0850203s  [                           *                           ]
01:45:02, d:+00.0008339s o:+00.0850633s  [                           *                           ]
01:45:04, d:+00.0009755s o:+00.0850647s  [                           *                           ]


Reference

http://defaultreasoning.wordpress.com/2009/11/16/synchronize-time-with-external-ntp-server-on-windows-server-2008-r2/

http://blogs.technet.com/b/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering.aspx

http://www.networkworld.com/community/node/42190