Discussion:
[ntp:questions] can i use w32time to syncronise in a non domain scenario - windows2003
droodle
2009-03-31 10:40:46 UTC
Permalink
Hi,

I have an reporting tool that i need to syncronise between several
servers.

I want to make the central reporting tool the primary time server

then there will be several remote servers that i want to syncronise
the time with so they are all in sync

can this be acheived with w32time or is this purely for domain
situations as these servers will either be in different domains or
workgroups ?

so far i have followed windows technet and done the following on the
primary server

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
\Config\AnnounceFlags
3. In the right pane, right-click AnnounceFlags, and then click
Modify.
4. In Edit DWORD Value, type A in the Value data box, and then
click OK.
5. Quit Registry Editor.
6. At the command prompt, type the following command to restart the
Windows Time service, and then press ENTER:
net stop w32time && net start w32time

but then when i run this command on the other server i get this ...

C:\Documents and Settings\Administrator>w32tm /stripchart /computer:
10.0.2.61 /samples:5/dataonly
Tracking 10.0.2.61 [10.0.2.61].
Collecting 5 samples.
The current time is 31/03/2009 09:36:25 (local time).
09:36:25 error: 0x800705B4
09:36:28 error: 0x800705B4
09:36:31 error: 0x800705B4
09:36:34 error: 0x800705B4
09:36:37 error: 0x800705B4

Any other suggestions

thanks.
David J Taylor
2009-03-31 11:13:50 UTC
Permalink
Post by droodle
Hi,
I have an reporting tool that i need to syncronise between several
servers.
I want to make the central reporting tool the primary time server
then there will be several remote servers that i want to syncronise
the time with so they are all in sync
can this be acheived with w32time or is this purely for domain
situations as these servers will either be in different domains or
workgroups ?
[]
Post by droodle
Any other suggestions
thanks.
droodle,

Although it's probably not the answer you wanted to hear, I have abandoned
w32time in favour of using NTP on all my Windows PCs. NTP allows you to
sync your PCs, and will sync your central server to a UTC reference source
such as Internet servers or a GPS/PPS source. The NTP I recommend
replaces w32time, and can be downloaded from:

http://www.meinberg.de/english/sw/ntp.htm

I hope someone else may be able to help you with using w32time, should you
need to take that route. Also, check:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q216734


Cheers,
David
droodle
2009-03-31 11:32:45 UTC
Permalink
On Mar 31, 12:13?pm, "David J Taylor" <david-tay... at blueyonder.neither-
Post by David J Taylor
Post by droodle
Hi,
I have an reporting tool that i need to syncronise between several
servers.
I want to make the central reporting tool the primary time server
then there will be several remote servers that i want to syncronise
the time with so they are all in sync
can this be acheived with w32time or is this purely for domain
situations as these servers will either be in different domains or
workgroups ?
[]
Post by droodle
Any other suggestions
thanks.
droodle,
Although it's probably not the answer you wanted to hear, I have abandoned
w32time in favour of using NTP on all my Windows PCs. ?NTP allows you to
sync your PCs, and will sync your central server to a UTC reference source
such as Internet servers or a GPS/PPS source. ?The NTP I recommend
?http://www.meinberg.de/english/sw/ntp.htm
I hope someone else may be able to help you with using w32time, should you
?http://support.microsoft.com/default.aspx?scid=kb;en-us;Q216734
Cheers,
David
thanks David - i just found that very tool doing some research so
thanks for recommending it i shall do some testing ... do you know if
it can be configured just to syncronise to its cmos clock as i'm not
sure how tied down my customers network will be ie not internet
facing.
Steve Kostecke
2009-03-31 13:52:01 UTC
Permalink
do you know if [the windows port of NTP] can be configured just to
syncronise to its cmos clock
ntpd _never_ "syncs to [a] clock".

ntpd _can_ be configured to use an Undisciplined Local Clock driver
which allows it to pretend to be synced to a time source. In that case
ntpd just serves time from the freewheeling system clock.
as i'm not sure how tied down my customers network will be ie not
internet facing.
If time is important to their application they should budget for an
appropriate time reference (e.g. GPS, HF radio, Rb Oscillator, etc.).
--
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/
Steve Kostecke
2009-03-31 14:52:19 UTC
Permalink
Post by Steve Kostecke
do you know if [the windows port of NTP] can be configured just to
syncronise to its cmos clock
ntpd _never_ "syncs to [a] clock".
That was supposed to read "syncs to a cmos clock".
--
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/
David J Taylor
2009-03-31 13:20:16 UTC
Permalink
droodle wrote:
[]
Post by droodle
thanks David - i just found that very tool doing some research so
thanks for recommending it i shall do some testing ... do you know if
it can be configured just to syncronise to its cmos clock as i'm not
sure how tied down my customers network will be ie not internet
facing.
droodle,

Only your central server need have an Internet (or radio-clock or GPS/PPS)
connection. You specify, say, five servers and NTP will pick the best
every 20 minutes or so. Possibly, the router you are using may provide an
NTP server. The rest of the PCs simply need a network connection to your
central server. There is something called "Orphan mode" in development
for just such a situation as you describe - no Internet connections - but
I don't think that is in the Meinberg Windows port right now. There may
be a more recent beta available, though.

It's better if you can get some sort of hardware clock available for the
central server - a GPS18x LVC which has serial output could be affordable
(less then $100/?100), and near a window with a south view might "see"
enough satellites. Then your network is talking UTC (and displaying
whatever wall-clock time you want).

Cheers,
David
David Woolley
2009-03-31 20:50:10 UTC
Permalink
Post by droodle
can this be acheived with w32time or is this purely for domain
situations as these servers will either be in different domains or
workgroups ?
I think it probably can, however only Microsoft have any expertise on
this and they don't post here.
Post by droodle
so far i have followed windows technet and done the following on the
primary server
1. Click Start, click Run, type regedit, and then click OK.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
\Config\AnnounceFlags
3. In the right pane, right-click AnnounceFlags, and then click
Modify.
4. In Edit DWORD Value, type A in the Value data box, and then
click OK.
I strongly suspect that it would need to be an odd number, but the
Technet definition of the registry keys doesn't say anything more about
your 0xA setting than that it is a combination of "automatic time
server" and "automatic reliable time server", whatever that means. (I'm
guessing you also need "always time server", or maybe only need it.)

Also, if you want accuracy to better than several seconds, you will need
to set a lot more registry keys than just that one, e.g., for non-domain
machines, the server will only be polled every 604,800 seconds.
Post by droodle
10.0.2.61 /samples:5/dataonly
Caution: never run this command against a public server; it polls so
fast that it is likely to be considered abusive.
Post by droodle
Tracking 10.0.2.61 [10.0.2.61].
Collecting 5 samples.
The current time is 31/03/2009 09:36:25 (local time).
09:36:25 error: 0x800705B4
09:36:28 error: 0x800705B4
09:36:31 error: 0x800705B4
09:36:34 error: 0x800705B4
09:36:37 error: 0x800705B4
Richard B. Gilbert
2009-03-31 21:18:33 UTC
Permalink
Post by David Woolley
Post by droodle
can this be acheived with w32time or is this purely for domain
situations as these servers will either be in different domains or
workgroups ?
I think it probably can, however only Microsoft have any expertise on
this and they don't post here.
It depends on your definition of "synchronization". W32TIME was
intended to support Kerberos authentication which requires that the
clocks of participating systems be within a minute or two of each other!

It will definitely do that. W32TIME will keep your Windows system
within a second or so of the correct time if you configure it to use a
reliable server. It's a non-RFC compliant implementation of SNTP. If
you want or need your clock to be within 100 microseconds of UTC, SNTP /
W32TIME is not a particularly good choice!

If you rely on timestamped log files to help diagnose network problems
you may need something far better than W32TIME.
David Woolley
2009-03-31 21:37:03 UTC
Permalink
Post by Richard B. Gilbert
It will definitely do that. W32TIME will keep your Windows system
within a second or so of the correct time if you configure it to use a
reliable server. It's a non-RFC compliant implementation of SNTP. If
It is possible that, from Windows 2003 upwards, it can be configured to
be NTP compliant, although the documentation I've seen is not clear on
whether the clock discipline control loop is compliant. Again, only
Microsoft know.

The original version was definitely broken SNTP. The OP should really
have identified the version.
Dave Hart
2009-03-31 21:49:43 UTC
Permalink
Post by droodle
can this be acheived with w32time or is this purely for domain
situations as these servers will either be in different domains or
workgroups ?
I suspect you will not be able to use w32time on servers which are
members of a domain, as w32time will ignore a configured source in
that situation and use the domain time heirarchy. There is only one
server in a domain which will actually use a configured time source
for w32time, the domain controller holding the PDC emulator FSMO
role. So if any of the servers you need to sync are in a domain,
you'll need to use the NTP reference implementation from www.ntp.org
on those at least.

Cheers,
Dave Hart
David Woolley
2009-04-01 06:31:58 UTC
Permalink
Post by Dave Hart
I suspect you will not be able to use w32time on servers which are
members of a domain, as w32time will ignore a configured source in
that situation and use the domain time heirarchy. There is only one
The Technet article seems to say that any configuration can be set on
any machine, even though the defaults differ.

However many IT departments will use Group Policies, which can impose
this sort of constraint.
Post by Dave Hart
server in a domain which will actually use a configured time source
for w32time, the domain controller holding the PDC emulator FSMO
role. So if any of the servers you need to sync are in a domain,
you'll need to use the NTP reference implementation from www.ntp.org
on those at least.
Dave Hart
2009-04-01 09:35:20 UTC
Permalink
On Apr 1, 6:31?am, David Woolley
Post by David Woolley
Post by Dave Hart
I suspect you will not be able to use w32time on servers which are
members of a domain, as w32time will ignore a configured source in
that situation and use the domain time heirarchy. ?There is only one
The Technet article seems to say that any configuration can be set on
any machine, even though the defaults differ.
I don't disagree, you can set any configuration you want. I know from
experience that domain members ignore w32time time source
configuration, with the exception of the PDC emulator at the root of
the domain/forest time hierarchy. Every other domain member w32time
syncs to the domain time hierarchy.

I recommend using net time /setsntp to configure your selected
external time source(s) on all domain controllers, so things will just
keep ticking smoothly if you move the PDC emulator FSMO role down the
road.

Cheers,
Dave Hart
Rob
2009-04-01 09:54:17 UTC
Permalink
Post by Dave Hart
I don't disagree, you can set any configuration you want. I know from
experience that domain members ignore w32time time source
configuration, with the exception of the PDC emulator at the root of
the domain/forest time hierarchy. Every other domain member w32time
syncs to the domain time hierarchy.
Not true. It depends on HOW you configure it. When the mode is
set to NT5DS (default) it behaves as you describe.
Dave Hart
2009-04-01 10:17:42 UTC
Permalink
Not true. ?It depends on HOW you configure it. ?When the mode is
set to NT5DS (default) it behaves as you describe.
Gotcha, thanks for correcting and clarifying.

Cheers,
Dave Hart
Ryan Malayter
2009-04-01 16:54:20 UTC
Permalink
Not true. ?It depends on HOW you configure it. ?When the mode is
set to NT5DS (default) it behaves as you describe.
If you set w32time to "allsync", it will use both the domain heirarchy
and any manually configured servers.

I actually have one of our 2003sp2 domain controllers set up as a peer
(that's right, a symmetric-active association) with each machine in
our cluster of "real" ntpd servers. It seems to behave just fine with
regards to poll intervals, etc. I have tested the node failure
scenarios as well by firewalling off various time sources from each
machine in the cluster.

Of course, w32time doesn't respond to mode 6 packets (ntpq) so you can
only really monitor its behavior through the event log, its own log
files, and remotely by sending regular NTP packets.

The 16 ms precision causes higher jitter so the "real" ntpd servers
never select the w32time server, but it does function properly, and
the w32time system is never rejected. Peerstats shows that the
reported offset is generally within 16 ms. Here's an ntpq -p -n banner
from one of our real servers... the system "windc0" is a Win2003 Sp2
server running w32tm in domain controller mode:

remote refid st t when poll reach delay offset jitter
==============================================================================
+ntp1 128.10.252.6 2 u 575 1024 376 1.584 0.715 0.999
+ntp2 128.252.19.1 2 u 791 1024 377 0.008 -1.265 0.780
*ntp.your.org .CDMA. 1 u 482 1024 377 3.563 -1.457 0.348
-windc0 64.113.32.5 2 u 579 1024 376 0.008 15.094 5.171


Here's how the w32time is configured (w32tm /dumpreg
/subkey:parameters). The 0x8 is a client association, and the 0x4 is a
symmetric-active association:
NtpServer ntpsource3,0x8 ntp0,0x4 ntp1,0x4 ntp2,0x4
Type AllSync


Another possible issue is the fact that w32time can be configured four (!) ways:
- using NET TIME /setsntp (deprecated, modifies the registry)
- using w32tm /configure (which modifies the registry), or editing
the registry directly
- using Local Computer polcies
- using Windows Group Policies inhereted from Active Directory

Which configuration takes precendence depends on how the server's
security policies are configured and how Active Directory is
configured. In general, I believe the default precedence in a domain
environment is:
1) Local computer policy
2) Group policies through Active Directory
3) local registry settings
--
RPM
Dave Hart
2009-04-02 02:56:37 UTC
Permalink
Post by Ryan Malayter
In general, I believe the default precedence in a domain
? 1) Local computer policy
? 2) Group policies through Active Directory
? 3) local registry settings
I suspect both policy approaches end up overwriting any locally
configured registry settings each time the policy is applied, so to
figure out the active configuration all you (or w32time) need do is
look at the registry. When changing w32time parameters, you can force
policy reapplication to see if your parameters are overwritten:
gpupdate /force

Cheers,
Dave Hart
Ryan Malayter
2009-04-02 03:31:50 UTC
Permalink
Post by Dave Hart
I suspect both policy approaches end up overwriting any locally
configured registry settings each time the policy is applied, so to
figure out the active configuration all you (or w32time) need do is
look at the registry. ?When changing w32time parameters, you can force
gpupdate /force
Actually, group policies do not, in general modify application
registry keys for applications directly. Those that do are pretty
non-standard, often third-party policy templates. Policy settings are
usually "soft policies" and actually stored in places in the registry
like:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies

Policy-aware applications voluntarily read data from here, overriding
any values set in the actual application-specific or user registry
keys for the application.

This scheme allows for easy return to the settings a user had
preveiously selected for an application if a group policy was removed
or a setting changed to "not configured/inherit".
--
RPM
Dave Hart
2009-04-02 07:21:26 UTC
Permalink
Post by Ryan Malayter
Actually, group policies do not, in general modify application
registry keys for applications directly. Those that do are pretty
non-standard, often third-party policy templates. Policy settings are
usually "soft policies" and actually stored in places in the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
http://support.microsoft.com/kb/902229 confirms that is the case with
w32time, which preferentially uses values from:

HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\W32Time

Cheers,
Dave Hart

Loading...