Friday 8 March 2013

Configuring NTP - Windows 2000


Configuring NTP - Windows 2000


Background Info:
The following is a brief guide for configuring a windows 2000 Domain Controller (DC) to synchronize it's time with an external source.

NTP:
The Network Time Protocol (NTP) is used to synchronise the time of a computer or server to another source.

By default all DCs in an AD environment will sync with the Primary Domain Controller (PDC) which will use its internal clock to set the time.

Depending on the environment it may be important to keep your servers and client machines in sync with a public time source – for example, if you host external web services that require authentication.

Assess Your Environment

Kerberos only allows for authenticating machines to be out by 5 minutes. If your servers are out from 'real time' (i.e, the source you want to synchronise to) by more than this amount then you may encounter authentication issues with client machines. If this is the case follow the steps below

Manually change the time on your PDC with 1 minute increments. After each increment connect to each DC and run the following command
  • ·   Net stop w32time
  • ·   Net start w32time

This will resync the DCs with the PDC

You then need to allow time for the clients to update their time from their local DC before continuing with the increments. Depending on whether the clients are ahead or behind will affect how the resync takes place. If they are ahead they will be immediately set to match the DC. If they are behind, the time skew will be set so that the clock gradually catches up with DC over a period of time.

Configure NTP

Once the time difference between your PDC and 'real time' is small enough and your DCs and clients have updated, you can set the PDC to set its time from an external source such as windows.time.com.

To do this, log on to the PDC and in the registry navigate to;

HKLM>SYSTEM>CURRENTCONTROLSET>SERVICES>W32TIME>PARAMETERS

Set the following
  • ·   Type: NTP
  • ·   Period: SpecialSkew
  • ·   NTPServer: time.windows.com, 0x1
  • ·   LocalNTP: 0

Now open up command prompt and run
  • ·   Net stop w32time
  • ·   Net start w32time
Your PDC should be synchronised with your alternate source.

No comments:

Post a Comment