Configuring ntp on windows 2008 r2 thêm mô tả

Some general info
- All domain members should use NT5DS domain time.
- Desktops and member servers sync with any domain controller.
- Domain controllers sync with PDC emulator (one per domain)
- PDC emulator in child domain can sync with any domain controller in parent domain.
- PDC emulator in parent domain syncs with either a hardware clock or possibly an external source.
https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

On PDC emulator

w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /manualpeerlist: /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration

--please don't forget to Accept as answer if the reply is helpful--

Hi,

Thank you for posting in our forum.

You can try a professional method, I also agree with his method, and you can also refer to the method in the link, which may help you

http://yadhutony.blogspot.com/2012/10/ntp-time-server-configuration-in.html

Hope this information can help you

Best wishes
Vicky

Hi,

 Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

 Best Regards,
Vicky

Hi,

 Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

 Best Regards,
Vicky

• Remove From My Forums

• Question

• Hi,

    I am a Linux guy. We have informed by the management to implement a time server on a windows server 2008 R2. But our Windows Engineer on vacation. So I have to do that task but i don't now how to do that. Could any body help me to configure Windows server 2008 R2 as a NTP server for our DC, ADC, Domain Clients and redhat machines. Can we setup a windows 2008 server R2 domain client as a NTP server or NTP server should be on a DC for the above mentioned environment. Please advice me and provide setup procedure.

  Thanks,

  vrp

Answers

• Hello,

  as said before the WSUS server will not give the updates to the client, the client checks the WSUS server if updates are available and then download and install them.

  Have never seen that updating the machine reset the time to different one.

  Did you consider posting this into the WSUS forum? http://social.technet.microsoft.com/Forums/en-us/winserverwsus/threads

  Please check with w32tm command line details about the time servce on the problem machines and the domain:

  http://technet.microsoft.com/en-us/library/w32tm(WS.10).aspx

  ---

  Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Marked as answer by Wednesday, January 25, 2012 4:13 AM

There are so many different ways and articles out there on how to configure NTP in Windows and every time I had to look it up. So i decided to write my own article for my own reference for the setup in my lab so I don’t have to Google it myself next time 🙂

This article is for Windows 2008 R2. If you’re looking for Windows 2012, see this article… Are you looking how to configure NTP using GPO, please read my article on it here.

First, the basics. This is all you need if you want to keep it simple:

w32tm /config /manualpeerlist:pool.ntp.org,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time

If the machine is a VM inside Hyper-V, you have to disable time sync. Open VM settings -> Management -> Integration Services and uncheck Time Synchronization. [Thanks Todd].

That should be it! Want to know more? Doesn’t work? Have you screwed up the config and want to start from the beginning? Keep on reading…

W32tm is the command to use. Sure, there are articles out there mentioning “net time”, but you should not use that. Some other also mentions editing the registry directly, but as Microsoft mentions in the article: It is recommended that you do not directly edit the registry unless there is no other alternative.

Which NTP-server to use? Or several?

The pool.ntp.org is a round-robin of random selected NTP servers. As they say “This is usually good enough for end-users“. But you might want to add several NTP-servers yourself for redundancy?

w32tm /config /manualpeerlist:"ntp1.sp.se ntp2.sp.se",0x8 /syncfromflags:MANUAL

Just keep adding them with a space in between them.

Don’t forget your firewall

If you got a firewall between your host and the Internet, it might drop udp/123 which is the NTP protocol. This is how it looked in my Cisco ASA FW:

So I created a rule to allow it and after that it worked.

More info and debug logging

The following commands are quite useful which lists the current source, when it last sync’ed etc.

w32tm /query /status

Eventually, when the server can’t get time from the NTP server it will add an event tto the event log:

Log Name: System
Source: Microsoft-Windows-Time-Service
Event ID: 47
Level: Warning
Description: Time Provider NtpClient: No valid response has been received from manually configured peer pool.ntp.org after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.

Otherwise, when it’s working, you will get:

Log Name: System
Source: Microsoft-Windows-Time-Service
Event ID: 35
Level: Information
Description: The time service is now synchronizing the system time with the time source pool.ntp.org,0x8 (ntp.m|0x8|0.0.0.0:123->192.121.13.5:123).

You still getting problems? You can easily turn on debugging to a logfile which in this case is limited t0 10 MB and include ALL debug entries.

w32tm /debug /enable /file:C:\Temp\w32tmdebug.log /size:10485760 /entries:0-300

Turn it off again with:

w32tm /debug /disable

Expect a lot of info in this debug log. For me, when it worked, the following entries showed it was working:

– Reachability:  peer pool.ntp.org,0x8 (ntp.m|0x8|0.0.0.0:123->79.142.244.39:123) is reachable.
– Logging information: NtpClient is currently receiving valid time data from pool.ntp.org,0x8 (ntp.m|0x8|0.0.0.0:123->79.142.244.39:123).

But when I had my firewall blocking the packets, I would get the following. Don’t trust this too much though, since I did get this when I allowed it in the firewall also, but when it was blocked, I did not get the entries above.

– Logging error: NtpClient has been configured to acquire time from one or more time sources, however none of the sources are currently accessible and no attempt to contact a source will be made for 1 minutes. NTPCLIENT HAS NO SOURCE OF ACCURATE TIME.

Force a resync

If you want to force the client to resync, run:

C:\Windows\system32>w32tm /resync
Sending resync command to local computer
The command completed successfully.

If you get the following error, the computer can’t reach the NTP-server(s).

The computer did not resync because no time data was available.

Start from scratch

If you completely screwed up the config, you can always do the following command and it will completely erase and add a default W32time configuration:

net stop w32time
w32tm /unregister
w32tm /register

When doing the unregister I got the following error for some reason, but it seems like it worked anyway.

The following error occurred: Access is denied. (0x80070005)

Sometimes when doing the /register, I would get. This usually solved by waiting for a while. I would suggest you stop the service before doing /unregister. Otherwise, a reboot would probably solve most problems.

The following error occurred: The specified service has been marked for deletion. (0x80070430)

If you miss any important information, let me know and I’ll add it.

0x8 say what?

You might have noticed the 0x8 flag above. What does it mean? KB875424 mention:

0x01 - use special poll interval SpecialInterval
0x02 - UseAsFallbackOnly
0x04 - send request as SymmetricActive mode
0x08 - send request as Client mode

And the Directory Services Team mention some more reading here.