Note: This article was originally published in 2013. Some steps, commands, or software versions may have changed. Check the current Windows Servers documentation for the latest information.

In this step-by-step guide, you’ll learn configure your domain server to sync the time over the internet (network time protocol - ntp). Windows Server is a group of operating systems designed by Microsoft to handle enterprise-level management, data storage, applications, and communications.

Prerequisites

Before you begin, make sure you have:

  • Windows Server installed
  • Administrator access
  • Remote Desktop or direct console access

How to: Configure your Domain Server to sync the time over the Internet (Network Time Protocol - NTP)

The Windows Time service provides time synchronization to peers and clients, which ensures consistent time throughout an enterprise. I´ve been struggling with getting my Domain to not end up with strange times. The issue at hand is that my Domain Controller is a Virtual Machine and I am guessing the host does not do a good job keeping track of the time. You can imagine how this could end up. Fortunately its usually just a few seconds and soon enough the entire domain is behind the rest of the world but consistently behind. In order to avoid this I researched how to configure Windows Server to use the Network Time Protocol to query external servers. By default, the first domain controller that you deploy holds the primary domain controller (PDC) emulator operations master role. Set the PDC emulator to synchronize with a valid Network Time Protocol (NTP) source. If you have not configured a source, the Windows Time service logs a message to the event log, and then uses the local clock when it provides time to clients. Configure the Windows Time service to synchronize with an external time source. External time sources allow users to synchronize computer clocks through the NTP protocol over an IPv4 or IPv6 network.

The Microsoft time server (time.windows.com) uses NIST, the National Institute of Standards and Technology, located in Boulder, Colorado, as its external time provider. NIST provides the Automated Computer Time Service (ACTS), which can set a computer clock with an uncertainty of less than 10 milliseconds. The U.S. Naval Observatory (USNO) Time Service Department in Washington, D.C., is another source for accurate time synchronization in the United States. Many other sites exist throughout the world that you can use for time synchronization.

  Note

Because synchronization with an external time source is not authenticated, it is less secure.
   

To configure the Windows Time service on the first forest root domain controller

  1. Log on to the first domain controller that you deployed.
  2. At a command prompt, type the following command (where is the computer you are trying to see how off it is and determines the number of samples (or comparisons) it is going to make. I would say 10 would suffice to get an idea), and then press ENTER:w32tm /stripchart /computer: /samples: /dataonly
  3. Open User Datagram Protocol (UDP) port 123 for outgoing traffic, if needed.
  4. Open UDP port 123 for incoming NTP traffic.
  5. Type the following command to configure the PDC emulator, and then press ENTER:w32tm /config /manualpeerlist: /syncfromflags:manual /reliable:yes /update
  6. I personally use the following:

w32tm /config /manualpeerlist:“time.windows.com time.nist.gov time-nw.nist.gov time-a.nist.gov time-b.nist.gov” /syncfromflags:manual /reliable:yes /update After you are done configuring the peer list you can start the sync process manually by typing w32tm /config /update , which indicates the OS that you’ve made changes and that they are ready. I am not entirely sure but this results in a slow sync, while the w32tm /resync command forces it to re-synchronize immediately. So in the first scenario it will move about 1/3 of a second every second towards the peer’s time while in the other case it will jump straight to it.

ParameterDescription
W32tm /stripchartDisplays a strip chart of the offset between synchronizing computers.
W32tm /config /updateConfigures the PDC emulator.
/computer:Specifies the Domain Name System (DNS) name or IP address of the NTP server whose time you want to compare to the local computer’s time. An example of an NTP server is time.windows.com.
/samples:Specifies the number of time samples that the target computer returns.
/dataonlySpecifies that results show only data, not graphics.
/manualpeerlist:Specifies the list of DNS names or IP addresses for the NTP time source with which the PDC emulator synchronizes. (This list is referred to as the manual peer list.) For example, you can specify time.windows.com as the NTP time server. When you specify multiple peers, use a space as the delimiter and enclose the names of the peers in quotation marks.
/syncfromflags:manualSpecifies to synchronize time with peers in the manual peer list.
/reliable:yesSpecifies that the computer is a reliable time service.

Note

When you specify a peer that is in the manual peer list, do not use the DNS name or IP address of a computer that uses the forest root domain controller as its source for time, such as another domain controller in the forest. The time service does not operate correctly if there are cycles in the time source configuration.
 

For more information about configuring and deploying the Windows Time service, see Administering the Windows Time Service (http://go.microsoft.com/fwlink/?LinkId=93658). Below is the Technet Syntax and parameter explanation:

W32tm

You can use the W32tm.exe tool to configure Windows Time service (W32time) settings. You can also use W32tm.exe to diagnose problems with the time service. W32tm.exe is the preferred command-line tool for configuring, monitoring, or troubleshooting the Windows Time service. For examples of how you can use this command, see Examples.

Syntax

W32tm </parameter> </param2>

Parameters

ParameterDescription
W32tm /?W32tm command-line Help
W32tm /registerRegisters the time service to run as a service, and adds default configuration to the registry.
W32tm /unregisterUnregisters the time service, and removes all configuration information from the registry.
w32tm /monitor ]]Domain —Specifies which domain to monitor. If no domain name is specified, or neither the domain nor computers option is specified, the default domain is used. This option might be used more than once. computers —Monitors the given list of computers. Computer names are separated by commas, with no spaces. If a name has a prefix of a ‘*’, it is treated as a primary domain controller (PDC). You can use this option more than once. threads —Specifies the number of computers to analyze simultaneously. The default value is 3. The allowed range is 1 through 50.
w32tm /ntte Converts a Windows NT system time, in (10^-7)s intervals from 0h 1-Jan 1601, into a readable format.
w32tm /ntpte Converts a Network Time Protocol (NTP) time, in (2^-32)s intervals from 0h 1-Jan 1900, into a readable format.
w32tm /resyncTells a computer that it should resynchronize its clock as soon as possible, throwing out all accumulated error statistics. computer: —Specifies the computer that should resynchronize. If a computer is not specified, the local computer will resynchronize. nowait —Do not wait for the resynchronization to occur; return immediately. Otherwise, wait for the resynchronization to complete before returning. rediscover —Redetect the network configuration and rediscover network sources; then, resynchronize. soft —This option is only provided for compatibility with older time servers and will resynchronize using existing error statistics..
w32tm /stripchart /computer:computer: —Adjusts the configuration of < target>. If a value is not specified, the default is the local computer. update —Notifies the time service that the configuration has changed, causing the changes to take effect. manualpeerlist: —Sets the manual peer list to < peers>, which is a space-delimited list of Domain Name System (DNS) and/or IP addresses. When you are specifying multiple peers, this option must be enclosed in quotation marks (“). syncfromflags: —Sets what sources the NTP client should synchronize from. < source> should be a comma-separated list of these keywords (not case sensitive):
  • MANUAL — Include peers from the manual peer list.
  • DOMHIER — Synchronize from a domain controller in the domain hierarchy.
  • NO —Do not synchronize from any server.
  • ALL —Synchronize from both manual and domain peers.

LocalClockDispersion: —Configures the accuracy of the internal clock that W32time will assume when it cannot acquire time from its configured sources. reliable:(YES|NO) —Set whether this computer is a reliable time source. This setting is meaningful only on domain controllers.

  • YES —This computer is a reliable time service.
  • NO —This computer is not a reliable time service.

largephaseoffset: —Sets the time difference between local time and network time that W32time will consider to be a spike.
w32tm /tz | Displays the current time zone settings.
w32tm /dumpreg | Displays the values that are associated with a given registry key. The default key is HKLM\System\CurrentControlSet\Services\W32Time (the root key for the time service). subkey: —Displays the values that are associated with subkey of the default key. computer: —Queries registry settings for computer < target>.
w32tm /query {/source | /configuration | /peers | /status} | This parameter was first made available in the Windows Time client versions of Windows Vista, and Windows Server 2008. Displays a computer’s Windows Time service information. computer: —Query the information of < target>. If a value is not specified, the default value is the local computer. source —Display the time source. configuration —Display the configuration of run time and where the setting comes from. In verbose mode, display the undefined or unused setting also. peers —Display a list of peers and their status. status —Display Windows Time service status. verbose —Set the verbose mode to display more information.
w32tm /debug {/disable | {/enable /file: /size: /entries: }} | This parameter was first made available in the Windows Time client versions of Windows Vista and Windows Server 2008. Enables or disables local computer Windows Time service private log. disable —Disable the private log. enable —Enable the private log.

  • file: —Specify the absolute file name.
  • size: —Specify the maximum size for circular logging.
  • entries: —Contains a list of flags, specified by number and separated by commas, that specify the types of information that should be logged. Valid numbers are 0 to 300. A range of numbers is valid, in addition to single numbers, such as 0 through 100,103,106. Value 0-300 is for logging all information.

truncate —Truncate the file if it exists.

Remarks

The Windows Time service is not a full-featured NTP solution that meets time-sensitive application needs, and it is not supported by Microsoft as such. For more information, see (http://go.microsoft.com/fwlink/?LinkID=179459) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=179459). If you have questions about the Windows Time service, please post them to the (http://go.microsoft.com/fwlink/?LinkId=195451) (http://go.microsoft.com/fwlink/?LinkId=195451).

Examples

If you want to set the local Windows Time client to point to two different time servers, one named ntpserver.contoso.com and another named clock.adatum.com, type the following command at the command line, and then press ENTER:

w32tm /config /manualpeerlist:ntpserver.contoso.com,clock.adatum.com /syncfromflags:manual /update

For a list of valid NTP servers that are available on the Internet for external time synchronization, see (http://go.microsoft.com/fwlink/?LinkID=60401) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=60401). If you want to check the Windows Time client configuration from a client computer running Windows 7 that has a host name of CONTOSOW1, run the following command:

W32tm /query /computer:contosoW1 /configuration

The output of this command is a list of configuration parameters that are set for the Windows Time client.

Additional references

 

(http://img.zemanta.com/zemified_h.png?x-id=5212764c-241e-47bc-bad2-f7c5eef93eab)](http://www.zemanta.com/?px “Enhanced by Zemanta”)

Summary

You’ve successfully learned configure your domain server to sync the time over the internet (network time protocol - ntp). If you run into any issues, double-check the prerequisites and ensure your Windows Servers environment is properly configured.