Article Directory :: Computers & Technology Articles

How To Set Up An Authoritative Time Server In A Windows 2003 Server based Active Directory Network

By David Evans

Subscribe to David Evans's RSS feed using any feed reader!

Republish: EasyPublish
Published: 16Sep2007
Word count: 930
Viewed: 544 time(s)
Bookmark this article using any bookmark manager!
Get Free Content For Your Site

The Windows Time service (W32Time) is designed to allow all Windows 2000 or later machines in an organisation to utilise a synchronised time. The service is used to ensure the security of the Windows Kerberos authentication protocol. This article describes the procedure to set up an Authoritative Time Server for a Windows 2003 Server based Active Directory Network. It also describes the hierarchical relationship of the time synchronisation authority. The article also presents some time synchronisation hints, tips and troubleshooting.

The 'Windows Time' Hierarchy.

The Windows Time Service uses a hierarchical synchronisation structure. By default, Windows computers utilise the following hierarchy:

- All time client workstations nominate their domain controller as their time synchronisation source.

- All member servers also nominate their domain controller as their time synchronisation source.

- All domain controllers in a domain nominate the primary domain controller (PDC) as their time synchronisation source.

- All Primary Domain controllers follow the hierarchy of domains in the selection of their time synchronisation source.

In the hierarchy the PDC emulator in the forest root domain is the primary time reference for the organisation. The PDC in the forest root domain can have its internal reference clock controlled in a number of ways:

- By utilising it's own internal system clock. However, unsynchronised system clocks will drift significantly over time.

- By synchronising to an Internet based NTP time server. An accurate time can be obtained from an Internet NTP server, however, this raises security issues since accuracy cannot be guaranteed. Also, the NTP port in the firewall must be left open for synchronisation. Additionally, Internet based NTP servers cannot provide authentication, so the source of time cannot be guaranteed.

- By synchronising with a local intranet based NTP time server. A local NTP server has the advantage of providing a traceable time reference and also secure authentication.

- By utilising a hardware reference clock such as a GPS or time and frequency radio based time transmission. A GPS or radio based hardware reference clock provides a secure traceable time reference.

Windows Time Service Configuration.

Configuration of the Windows Time Service is carried out by editing registry entries. It is highly recommended that the registry be backed up before conducting any modifications. This allows the registry to be restored in the event of erroneous modification.

To configure the PDC master to utilise its internal system clock requires only that the W32Time registry entry 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags' is set to 'A'. This makes the PDC announce itself as a reliable time source. However, the system clock can drift over time and is not referenced to an accurate time source. Additionally, Windows Time will periodically generate system event log warnings indicating that the PDC should be configured to synchronise to an external time source. This warning can be ignored.

To configure the PDC to to synchronise to an external time reference, the following registry entries must be modified:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

This registry entry specifies the types of peers that the Windows Time Service will synchronise to. Change the registry entry to 'NTP' to synchronise to an external NTP server.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

The 'Announce Flags' registry entry indicates that the PDC should announce itself as a reliable time source. Set this registry entry to the value '5'.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

The 'NtpServer' registry indicates that non-standard mode combinations are allowed in synchronisation between peers. This entry should be set to the value 1.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer

The 'NtpServer' registry entry contains a space-delimited list of stratum 1 time servers from which the PDC can obtain time. If DNS names are used rather than IP addresses, you must append 0x1 to the end of each DNS name.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval

The 'Special Poll Interval' registry entry indicates the period, in seconds, between each poll of a NTP server. Microsoft recommends a value of 900 seconds which transposes to one poll every 15 minutes.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection

The 'MaxPosPhaseCorrection' field indicates the maximum positive time correction in seconds that the time service can make. If a time correction larger than the maximum is required the time service logs an Event in the Event Log. If this field is set to 0xFFFFFFFF a time correction is always made regardless of size. A suitable value may be 3600 seconds (1 hour).

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection

The 'MaxNegPhaseCorrection' field indicates the maximum negative time correction in seconds that the time service can make. If a time correction larger than the maximum is required the time service logs an Event in the Event Log. If this field is set to 0xFFFFFFFF a time correction is always made regardless of size. A suitable value may be 3600 seconds (1 hour).

After the registry entries have been correctly modified, the Windows Time service must be stopped and restarted. At a command prompt enter 'net stop w32time && net start w32time' to restart the service.

Hints and Tips.

The correct operation of the Windows Time service depends heavily on the correct functioning of network devices and infrastructure. Common problems such as TCP/IP connectivity, DNS resolution, inaccurate NTP time references and network delay can all cause problems with the synchronisation service. Additionally, when synchronising to an Internet NTP server, ensure that USP port 123 is open on the firewall. UDP port 123 is the port reserved for NTP communication packets.

Dave Evans is an experienced technical author in the field of computer time synchronisation. For a number of years Dave has provided an authoring service to the telecommunications industry. Click here to find out more about Microsoft Windows 2003 time synchronisation and time server products.

Bookmark this article using any bookmark manager! Subscribe to David Evans's RSS feed using any feed reader!

EasyPublish™ this article - publishers click here

More articles by David Evans

Free Report!
Ten Essential Secrets Of Article Marketing ... Grab Your Free
Copy Now:




We respect your privacy.

Need Content?
Regular Top Quality Content for your Blog, Ezine or Website ...
Delivered Direct,
For Free!
Click For Details


Arts & Entertainment
Automotive
Business - General
Computers & Technology
Finance & Investment
Food & Drink
Health & Fitness
Home & Family
Internet Marketing/Online Business
Legal
Pets & Animals
Politics & Government
Reference & Education
Religion & Faith
Self-Improvement/Motivation
Social
Sports & Recreation
Travel & Leisure
Writing & Speaking

More computing articles:

  • Samsung Wave M Is Still Good For Consumers (San Lee)
    The Samsung Wave M was launched back in the middle of 2011 and it was not a great success on the market. However, since then this model became more and more popular and now it can be seen as one of the best cell phone deals.

  • What The Superior SDSL Companies Might Give To Your Company (Dirik Hameed)
    SDSL services are extremely helpful with a variety of broadband queries

  • Advantages Of Using An International Sim Card (Stacy Robinson)
    A sim card is one of the vital components of a mobile phone. It is charged with the storage of important information including contacts and messages that must be activated to ensure that the phone operates efficiently and meets the needs of the user. A sim card can be either post paid or pre paid depending on the vendor of the card that one uses. However, today, technology has seen the advent of international sim cards.

  • Using An International SIM Card Will Get You Lower Mobile Phone Charges (Stacy Robinson)
    Any regular traveler will agree that international calling rates can appear baffling, pricey and very daunting. The reason for this is that the rates and terms will differ from provider to provider and from one location to the other. While taking some time to research may sound like an credible idea, it may turn out to be quite nerve wrecking. The simple solution is to make use of an international sim card to make the rates more affordable.

  • Why You Should Be Using Tool Management Software (A. Noton)
    Tool management software offers several benefits to those who are trying to construct or even repair a business. Tools happen to play a vital role in both the production and manufacturing aspects of a business or company. They essentially serve the same purpose in both huge enterprises as well as small businesses.

We Automatically Distribute Articles
To Thousands Of Publishers And Web Sites:
Submit Article
All content is viewed and used by you at your own risk and we do not warrant the accuracy or reliability of any of the information. The views expressed are those of the individual contributing authors and not necessarily those of this web site, or its owner, Takanomi Limited.
  
Copyright © 2012 Takanomi Ltd. Company no. 5629683. All rights reserved. | Privacy | Legal | Contact Information