Configuring the Windows NTP Server

Based on the materials from http://windowsnotes.ru

 

Windows family operating systems contain the time service W32Time. This service is used for time synchronization within the organization. W32Time is responsible for work of both client and server parts of the time service, besides, one computer may simultaneously work as a client and an NTP server (NTP - Network Time Protocol).

 

By default the Windows time service is configured in the following way:

 

When installing the OS, Windows launches the NTP client that synchronizes with an outer time source;

When adding the computer into the domain, the type of synchronization is changed. All the client computers and common servers in the domain use the domain controller for synchronization of time (the controller checks their authenticity);

If you rise the common server to the domain controller, it launches the NTP server that uses the controller with PDC emulator function as a time source.

PDC emulator is placed in the forest root domain and works as a main time server for the whole organization. Plus, it is also synchronized with an outer time source.

 

Generally, this scheme works properly and doesn't need any interference. However, the structure of the time service in Windows may not follow the domain hierarchy and any computer may become a reliable time source.

 

Configuring of an NTP server in Windows Server 2008 R2 can be taken as an example (similarly to this scheme you can configure the NTP server in Windows 7). 

Launch of the NTP server

The time service in Windows Server doesnТt have a graphic interface and is configured either from the command line or by means of direct editing of the system registry. LetТs consider the second way:

 

The NTP server should be launched. Open the registry branch:

HKLM\System\CurrentControlSet\services\W32Time\TimeProviders\NtpServer.

To turn on the NTP server you should set the value 1 for the parameter Enabled. Then restart the time service by the following command: net stop w32time && net start w32time.

 

After the restart of the NTP service the server is already active and able to serve the clients. You can make sure in it with the help of the command w32tm /query /configuration. This command shows the full list of the service parameters. If the section NTPServer contains the line Enabled: 1, everything is just fine - the time server works.

 

To make an NTP server able to serve the clients you should open in the firewall the UDP port 123 for incoming and outgoing traffic.

The Main Settings of the NTP Server

Open the registry branch:

HKLM\System\CurrentControlSet\services\W32Time\Parameters.

The first parameter that interests us in here is the parameter Type, which sets the type of synchronization. This parameter may possess the following values:

 

NoSync - the NTP server doesnТt synchronize with any outer time source. The computer uses the system clock that is built-in the CMOS chip of the server itself (the clock may also synchronize with the NMEA source, for example with RS-232).

NTP - the NTP server synchronizes with the external time servers that are indicated in the registry parameter NtpServer;

NT5DS - the NTP server synchronizes according to the domain hierarchy;

AllSync - the NTP server uses all available sources for synchronization.

 

The default value for the computer that enters the domain is NT5DS (NTP for the separately working computer).

 

For the parameter NtpServer specify the NTP servers that will be used by the given server for time synchronization. By default this parameter contains the Microsoft NTP server (time.windows.com, 0×1); if needed, you can add more NTP servers: enter their DNS names or IP addresses separated by spaces. At the end of every name you can add a flag (e.g. 0×1) that defines the mode for synchronization with the time server. 

 

The following mode values are allowed:

0×1 - SpecialInterval, using the poll time interval;

0×2 - the mode UseAsFallbackOnly;

0×4 - SymmetricActive, the symmetric active mode;

0×8 - Client, sending the request in the client mode.

 

One more important parameter AnnounceFlags is placed in the registry section:

HKLM\System\CurrentControlSet\services\W32Time\Config.

It is responsible for the NTP server and how it declares itself. To declare a common server (not a domain controller) as a reliable time source, you need a flag 5.

 

If the configurable server, in its turn, is an NTP client (for example, it receives time from the GPS-receiver using NTP), you may set up the interval between the updates. This parameter may be actual for the client PCs as well. The key SpecialPollInterval is responsible for the updating time. The key is placed in the registry branch:

HKLM\System\CurrentControlSet\services\W32Time\TimeProviders\NtpClient.

The key is set in seconds, and by default its value is 604800 (one week). It is a lot, so youТd better reduce the value SpecialPollInterval to a reasonable number - 1 hour (3600).

 

After the adjustment you should update the configuration of the service. You can do it with a command w32tm /config /update.



And some more commands for setting up, monitoring and diagnostics of the time service:

 

w32tm /monitor - by means of this option you can find out the difference between the system time of the given computer and the time at the domain controller or another computers. For example: w32tm /monitor /computers:time.nist.gov

 

w32tm /resync - this command can tell the computer to synchronize with the used time server.

 

w32tm /stripchart - this command shows the time difference between the current and the remote computers. The command w32tm /stripchart /computer:time.nist.gov /samples:5 /dataonly will implement 5 comparisons with the indicated source and will show the result as a text file.



w32tm /config - is the main command that is used to configure the NTP service. It allows setting the list of the time servers that are used at the moment, the type of synchronization etc. For example, you may redefine the default values and set the time synchronization with an external source with the help of the command w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov /update



w32tm /query - shows the current settings of the service. For example, the command w32tm /query /source displays the current time source, and the command w32tm /query /configuration displays all parameters of the service.

 

net stop w32time - stops the time service, if it is launched.

w32tm /unregister - removes the time service from the computer.

w32tm /register - registers the time service at the computer.  Herewith, a branch of parameters in the registry is created all over again.

net start w32time - launches the service.

 

There are some special features noticed in Windows 7: the time service isnТt launched automatically when Windows starts. It is fixed in SP1 for Windows 7.