Article Directory :: Computers & Technology Articles

How To Set Up An Authoritative Time Server In A Windows 2003 Server based Active Directory Network

By David Evans

Subscribe to David Evans's RSS feed using any feed reader!

Republish: EasyPublish
Published: 16Sep2007
Word count: 930
Viewed: 568 time(s)
Bookmark this article using any bookmark manager!
Get Free Content For Your Site

The Windows Time service (W32Time) is designed to allow all Windows 2000 or later machines in an organisation to utilise a synchronised time. The service is used to ensure the security of the Windows Kerberos authentication protocol. This article describes the procedure to set up an Authoritative Time Server for a Windows 2003 Server based Active Directory Network. It also describes the hierarchical relationship of the time synchronisation authority. The article also presents some time synchronisation hints, tips and troubleshooting.

The 'Windows Time' Hierarchy.

The Windows Time Service uses a hierarchical synchronisation structure. By default, Windows computers utilise the following hierarchy:

- All time client workstations nominate their domain controller as their time synchronisation source.

- All member servers also nominate their domain controller as their time synchronisation source.

- All domain controllers in a domain nominate the primary domain controller (PDC) as their time synchronisation source.

- All Primary Domain controllers follow the hierarchy of domains in the selection of their time synchronisation source.

In the hierarchy the PDC emulator in the forest root domain is the primary time reference for the organisation. The PDC in the forest root domain can have its internal reference clock controlled in a number of ways:

- By utilising it's own internal system clock. However, unsynchronised system clocks will drift significantly over time.

- By synchronising to an Internet based NTP time server. An accurate time can be obtained from an Internet NTP server, however, this raises security issues since accuracy cannot be guaranteed. Also, the NTP port in the firewall must be left open for synchronisation. Additionally, Internet based NTP servers cannot provide authentication, so the source of time cannot be guaranteed.

- By synchronising with a local intranet based NTP time server. A local NTP server has the advantage of providing a traceable time reference and also secure authentication.

- By utilising a hardware reference clock such as a GPS or time and frequency radio based time transmission. A GPS or radio based hardware reference clock provides a secure traceable time reference.

Windows Time Service Configuration.

Configuration of the Windows Time Service is carried out by editing registry entries. It is highly recommended that the registry be backed up before conducting any modifications. This allows the registry to be restored in the event of erroneous modification.

To configure the PDC master to utilise its internal system clock requires only that the W32Time registry entry 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags' is set to 'A'. This makes the PDC announce itself as a reliable time source. However, the system clock can drift over time and is not referenced to an accurate time source. Additionally, Windows Time will periodically generate system event log warnings indicating that the PDC should be configured to synchronise to an external time source. This warning can be ignored.

To configure the PDC to to synchronise to an external time reference, the following registry entries must be modified:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

This registry entry specifies the types of peers that the Windows Time Service will synchronise to. Change the registry entry to 'NTP' to synchronise to an external NTP server.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

The 'Announce Flags' registry entry indicates that the PDC should announce itself as a reliable time source. Set this registry entry to the value '5'.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

The 'NtpServer' registry indicates that non-standard mode combinations are allowed in synchronisation between peers. This entry should be set to the value 1.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer

The 'NtpServer' registry entry contains a space-delimited list of stratum 1 time servers from which the PDC can obtain time. If DNS names are used rather than IP addresses, you must append 0x1 to the end of each DNS name.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval

The 'Special Poll Interval' registry entry indicates the period, in seconds, between each poll of a NTP server. Microsoft recommends a value of 900 seconds which transposes to one poll every 15 minutes.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection

The 'MaxPosPhaseCorrection' field indicates the maximum positive time correction in seconds that the time service can make. If a time correction larger than the maximum is required the time service logs an Event in the Event Log. If this field is set to 0xFFFFFFFF a time correction is always made regardless of size. A suitable value may be 3600 seconds (1 hour).

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection

The 'MaxNegPhaseCorrection' field indicates the maximum negative time correction in seconds that the time service can make. If a time correction larger than the maximum is required the time service logs an Event in the Event Log. If this field is set to 0xFFFFFFFF a time correction is always made regardless of size. A suitable value may be 3600 seconds (1 hour).

After the registry entries have been correctly modified, the Windows Time service must be stopped and restarted. At a command prompt enter 'net stop w32time && net start w32time' to restart the service.

Hints and Tips.

The correct operation of the Windows Time service depends heavily on the correct functioning of network devices and infrastructure. Common problems such as TCP/IP connectivity, DNS resolution, inaccurate NTP time references and network delay can all cause problems with the synchronisation service. Additionally, when synchronising to an Internet NTP server, ensure that USP port 123 is open on the firewall. UDP port 123 is the port reserved for NTP communication packets.

Dave Evans is an experienced technical author in the field of computer time synchronisation. For a number of years Dave has provided an authoring service to the telecommunications industry. Click here to find out more about Microsoft Windows 2003 time synchronisation and time server products.

Bookmark this article using any bookmark manager! Subscribe to David Evans's RSS feed using any feed reader!

EasyPublish™ this article - publishers click here

More articles by David Evans

Free Report!
Ten Essential Secrets Of Article Marketing ... Grab Your Free
Copy Now:




We respect your privacy.

Need Content?
Regular Top Quality Content for your Blog, Ezine or Website ...
Delivered Direct,
For Free!
Click For Details


Arts & Entertainment
Automotive
Business - General
Computers & Technology
Finance & Investment
Food & Drink
Health & Fitness
Home & Family
Internet Marketing/Online Business
Legal
Pets & Animals
Politics & Government
Reference & Education
Religion & Faith
Self-Improvement/Motivation
Social
Sports & Recreation
Travel & Leisure
Writing & Speaking

More computing articles:

  • Top Cloud Hosting Is The New Choice For Every Business (Hanson Raider)
    Although cloud hosting is a recent phenomenon but all the companies are looking out for best cloud hosting service providers for the amount of benefits it has in store for everybody. The major reason for so many clients being attracted towards cloud hosting of top quality is its cheap cost.

  • Useful Things To Know About Bluehost Hosting (Hanson Raider)
    Before selecting any web hosting provider, there are a number of things you should keep in mind. Firstly, it would be good if you know about the company. Bluehost web hosting is one of the most well celebrated company in the field of web hosting. It is also one of the oldest web hosting companies. In recent times, Bluehost's packages have gone through major changes.

  • Why Shared Hosting Is Perfect For Beginners (Hanson Raider)
    Beginners will find the right hosting when they start looking at different shared hosting reviews of top companies. This allows the beginner to take advantage of lower prices while getting the necesssary hosting for their needs. You can take advantage of discounts from JustHost or another hosting company offering shared hosting if you look in the right places.

  • Where Did I Leave My Web Host (Hanson Raider)
    In this fast paced web surfing world we are left with little to be desired because of all of the many different web sites available to us for research, business, entertainment and even pleasure in some cases. These many varied web sites have become staples in our daily lives and without them most of us would be completely lost.

  • Why Choose Top Green Web Hosting Companies And Not Regular Hosts? (Hanson Raider)
    The concept of green hosting has evolved overtime and an increasing number of people are now opting green web hosts to provide services to their websites. Since there has been an increasing preference of users for green web hosts, there are many top green hosting providers that have emerged overtime.

We Automatically Distribute Articles
To Thousands Of Publishers And Web Sites:
Submit Article
All content is viewed and used by you at your own risk and we do not warrant the accuracy or reliability of any of the information. The views expressed are those of the individual contributing authors and not necessarily those of this web site, or its owner, Takanomi Limited.
  
Copyright © 2012 Takanomi Ltd. Company no. 5629683. All rights reserved. | Privacy | Legal | Contact Information