daknetworks.com

You are here: Blog Setting Windows Time - w32tm

Setting Windows Time - w32tm

Tuesday, 02 February 2016 12:34

There should only be one NTP SERVER on the network. You can have more but it would be redundant.

SERVER / NON-DOMAIN COMPUTERS

The domain-server should be set to sync with an external source.

  • -open POWERSHELL (as admin)
  • $w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org" /reliable:yes /update
  • $stop-service w32time
  • $sc stop w32time
  • $start-service w32time
  • $sc start w32time

DOMAIN COMPUTERS

The domain-clients should automatically get their time from the server. If for some reason, a domain-client doesn't, then force it:

  • -open POWERSHELL (as admin)
  • $w32tm /config /syncfromflags:domhier /update
  • $stop-service w32time
  • $sc stop w32time
  • $start-service w32time
  • $sc start w32time

HYPER-V MANAGER

If it is a VIRTUAL-OS, disable TIME-SYNCHRONIZATION from the HYPER-V settings:

  • -open HYPER-V MANAGER
  • -click on the VM
  • -click SETTINGS (on the right-hand side)
  • -scroll down to INTEGRATION SERVICES
  • -uncheck TIME-SYNCHRONIZATION
  • -click OK

You can check to see if a NTP Server is working.

If it's a VIRTUAL-HOST,

  • -check to see if an external NTP server is working.
  • -if you get an error, check to see if an internal NTP server is working.
  • -set the server to a working NTP server
  • External: $w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org" /reliable:yes /update
  • Internal: $w32tm /config /syncfromflags:manual /manualpeerlist:192.168.1.1 /reliable:yes /update

You can check the config:

  • $w32tm /query /configuration
  • $w32tm /query /status
  • $w32tm /query /source
  • External-check: $w32tm /monitor /computers:pool.ntp.org
  • Internal-check: $w32tm /monitor /computers:192.168.1.1

Won't change from Local CMOS Clock

I had a really strange issue where the clock would not use the external pool.ntp.org servers. It stayed Local CMOS Clock.

Check the config with:

  • w32tm /query /configuration | findstr /i policy
  • reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\
  • reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
  • reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
  • reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\\TimeProviders

If you see "(Policy)", then the setting is set by policy and overrides your manual settings.

Change the local policy by:

  • gpedit.msc
  • computer-configuration > administrative-template > system > windows-time-service

Find the FSMO role of PDC:

  • netdom query fsmo

The local policy might be overriding the settings but the PDC FSMO should have the following:

1. PDC announces that it is an NTP server:
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Key Name: AnnounceFlags
Type: REG_DWORD (DWORD Value )
Data: 0x5
AnnounceFlags value determines whether the authoritative time server receives its time from an external time source (e.g. internet time server) or its built in CMOS clock.
1) AnnounceFlags value to 0xA/10 means that the server announce itself as a reliable time source and uses the built-in complementary metal oxide semiconductor (CMOS) clock.
2) AnnounceFlags value 0x5 is used to configure an internal time server to synchronize with an external time source.

2. Change the server type to NTP:
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
Key Name: Type
Type: REG_SZ(String Value)
Data: NTP

3. Enable the NTP server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Key Name: Enabled
Type: REG_DWORD
Data: 1

4. Specify which server to act as the NTP server:
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Key Name: NtpServer
Type: REG_SZ(String Value)
Data: Peers (example: pool.ntp.org,0x9 or 192.168.2.50,0x9)

5. Only if our PDC machine is a virtual machine, we need to set this registry. If it is not a virtual machine, there is no information about this registry. Because our PDC is a virtual machine, we need set the following registry.
HLM\SYSTEM\CurrentControlSet\services\w32time\TimeProviders\VMICTimeProvider
Name: Enabled
Type: REG_DWORD
Data:0

 

 

Some recommend (I have not tried this):

  • -force the VIRTUAL-HOST to use an external source via regedits
  • (HKLM/SYSTEM\CURRENTCONTROLSET\SERVICES\W32TIME\TIMEPROVIDERS\NTPSERVER\ENABLED: 1)
  • -set the external: $w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org" /reliable:yes /update
  • $stop-service w32time
  • $start-service w32time
  • -then set the VIRTUAL-OS to use the internal VIRTUAL-HOST: $w32tm /config /syncfromflags:manual /manualpeerlist:192.168.1.1 /reliable:yes /update
  • (rather than through INTEGRATION SERVICES)
  • $stop-service w32time
  • $start-service w32time

Some recommend (I have not tried this):

-set the VIRTUAL-OS to use the internal VIRTUAL-HOST via INTEGRATON SERVICES

The issue is usually around the vmitimesync.

I'll update this when needed. So far, I simply sync'd to external on 1 server and sync'd everything else to that. Seems to work. I'll post when I run into issues

Contact Dak Networks

We are not taking on new clients at this time.