Search This Blog

Sunday, July 03, 2011

Setting up a standalone (non-domain) Windows Server 2008 as Time Server (ntp) and its client servers.

Before I start this I have to say that a lot of the information I give below can be obtained in the following excellent articles. I do recommend reading these articles as it fully explains the w32tmn service.  I have tried to just simplify for my specific scenario.
http://blogs.technet.com/b/industry_insiders/archive/2006/08/29/w32-tm-service.aspx

http://www.piclist.com/techref/os/win/w32time.htm

edit: NTPTool – I used this tool to help me fault find issues, its free and a great little tool (http://www.ntp-time-server.com/ntp-server-tool.html)

note: Please ensure there is nothing running on port 123, existing ntp software, or if you are using the ntptool I refer to, ensure this tool is closed when you are starting the service. The service will start ok, but nothing will work, and even with debugging login turned on you will find the w32tim service does not give you any informative error messages, it will just time out trying to connect.

note: another issue I found was that it would appear that after syncing for a while the clients would then fail to sync. I discovered this after spending hours trying to debug a new client I was setting up (it was behind a firewall so I figured I had something misconfigured. But in the end a restart for the ntp server fixed the problem…..) Grrrr… man I  love wasting my time chasing my tail, thanks MS!. In the end I set up a scheduled task to restart the w32time service daily, hopefully this fixes my issue.

For reference the errors I was seeing the the w32time service log on the client was.

  • “Packet test 8 failed (bad value for root delay or root dispersion).”

additional info: I got this error a few times setting up a new server to talk to the ntp server. In each case it was resolved by a restart of the w32time service on the ntp serve machine. Strange but that's MS.

additional info: mmmm maybe it wasn’t MSs fault….. Smile , I found that while configuring the clients I actually configured the server as well (via scripts) so it was trying to sync with itself. I have now corrected this its syncing with an external source. Fingers crossed this fixes the issue.

additional info: Something I have just discovered is that in Windows 2008 the windows time service is by default set to manual. The trigger to start the service is in task scheduler under Microsoft\Windows\TimeSynchronisation.

This means after a restart the time service will not sync until the scheduler event is triggered, by default this is weekly on Sunday @ 01:00.


I have recently had to setup an internal ntp server to allow our servers to have consistent internal time.

Originally we had an ntp server setup on our firewall, due to an upgrade of the firewall this was no longer possible.

The decision was to create a couple of servers internally to sync with an external (internet) time source and then allow all other internal servers to sync with these servers… Sounds easy enough… :) You’d have thought so….

I was certain you could set windows as a time server, however on investigation I found that it wasn’t a nice straight easy process to setup the ntp server and its client server to sync from the newly created internal  ntp server.

Below I detail what I had to do to get this up and running, and the problems I had and what I did to overcome them.

Background.

Our environment is a server farm containing a number of standalone servers. No Domain, which would have automatically have set up the servers to sync with a DC.

Procedure

Setup ntp server

To force a standalone server to become an ntp server, instead of just an ntp client, you must change a few registry entries.

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

In the above registry key check that TYPE is set to ‘NTP’, it should be if the server is NOT in a domain. It was in my scenario.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\

Modify the DWORD AnnounceFlags, set it to 5 (it probably is set to 10).
5 here is a combination of 0x04 - Always reliable time server and 0x01 -Always time server.

Next we enable the ntp server

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer\

Modify the DWORD Enabled to 1 (should be 0).

Next we setup up the polling interval, if this is default it is probably set to 7 days (604800 seconds).

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\

Modify the DWORD SpecialPollInterval to 1800 (decimal), this will set polling to every 30 minutes.

Now I set up my time source using the GUI (right clicking the clock, adjust date/time settings, etc..) on this server, however as you will see later I had issue with the internal servers doing this. So I include here the w32tm command to do the same thing from the command line, running from the command line fixed the issues I had later.

(Please watch the quotes here, ensure they are the right type (I had issue that something kept reformatting the quotes to “xxx” from "xxx", this caused problems, so is you copy and paste the below command I would replace the quotes manually to ensure you have the correct type. This took me a while to track down.)

w32Tm /configure /manualpeerlist:"timeserver1.com,0x09 timeserver2.com,0x09"  /syncfromflags:manual /update

Here we configure a list of servers for our ntp server to sync to.

/manualpeerlist: This is a space delimited list of servers with mode.

mode (0x09) – Is a code to tell w32time service how to sync. In our case we have combined 2 mode values to create 0x09 (0x01 and 0x08 )

Mode Values

  • 0x01 - use special poll interval SpecialInterval
  • 0x02 - UseAsFallbackOnly
  • 0x04 - send request as SymmetricActive mode
  • 0x08 - send request as Client mode

/syncfromflags: Set to manual which informs the time service that our list of servers is conatined in th peerlist.

/update: Should alert the time service that update to configuration has occurred and it should implement them, it will also resync time.

(more info / more info2)

In the image below I have tried to show the issue that confused me for a while. I was expecting my changes to be picked up by the windows adjust/date time gui. In the example below I  set the peerlist to wwv.nist.gov, the gui was used originally to set the time server to time.nist.gov. All I will say is ignore this diaglog if you are stup w32time from th ecommand prompt this gui is just confusing.image

If you are having issue with the time service not picking up your changes, you can try restarting the w32time service.

net stop w32time && net start w32time

Setup windows servers as ntp clients to our windows ntp server

First we need to change the polling interval so the time service syncs more regularly. The default is probably set to 7 days (604800 seconds).

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\

Modify the DWORD SpecialPollInterval to 900 (decimal), this will set polling to every 15 minutes.

I had real issue just trying to use the server settings value in the “adjust time/date settings dialog” in windows. It just did not work. The only way I got this to work was to use the command line.

w32tm /configure /manualpeerlist:<IP of configured internal ntp server>,<mode> /syncfromflags:manual /update

Now I tried to use (w32tm /resync) to force a rysnc but I got an error message, however I have since found that the clock had synched, so not sure what the error message was about.

w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.

note: if you need to configure a windows 2000 server then this can be done using the command.

net time /setsntp:<server>

net stop w32time && net start w32time

*********************************************************************
*********************************************************************

w32tm Parameters

http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx

w32tm registry entries

http://support.microsoft.com/kb/q223184/

Setting Up logging for NTP

http://support.microsoft.com/kb/816043

 

Reference URLs

http://support.microsoft.com/kb/816042

http://support.microsoft.com/kb/875424

http://www.streetdirectory.com/travel_guide/114492/computers/how_to_configure_a_windows_time_server.html

http://www.winserverkb.com/Uwe/Forum.aspx/windows-server-networking/10/NTP-bug-in-Windows-2003

Excellent articles on time service in  windows.

http://blogs.technet.com/b/industry_insiders/archive/2006/08/29/w32-tm-service.aspx

http://www.piclist.com/techref/os/win/w32time.htm

NTPTool

http://www.ntp-time-server.com/ntp-server-tool.html


Share/Bookmark

No comments:

Post a Comment