Friday, 12 October 2012

NTP Time Server Configuration in Windows Server 2008R2 and 2012R2

Introduction

Time synchronization is one one of the most important aspect in a modern computer network. Network Time Protocol (UDP 123) is the protocol designed to synchronize the clocks of your computers over the network. This tutorial will guide you to configure an NTP Time server in your network. This server will act like an authoritative time server in your domain which will serve the client computers. The NTP Time server in your network will get time from an external time source like time.windows.com or time.nist.gov or from the system BIOS. In our scenario I am going to configure an NTP Server in a PDC Emulator that will obtain time from an external source.But Windows recommend us to configure an NTP server to obtain the time from a hardware source for improved security and accuracy. So optionally I will mention how to get the time from an internal source too.















Here I am listing out few importance of Time synchronization in a network:

1. Effective DC & DFS Replication.

2. Tracking security breaches, network usage, or problems affecting a large number of components can be nearly impossible if timestamps in logs are inaccurate. Time is often the critical factor that allows an event on one network node to be mapped to a corresponding event on another.

3. To reduce confusion in shared filesystems, it is important for the modification times to be consistent, regardless of what machine the filesystems are on.
This document will help you to configure a NTP Time server in Windows Server 2008.

Enabling & Configuring NTP Server

1. Change the server type to NTP.
Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
In the pane on the right, right-click Type, and then click Modify. In Edit Value, type NTP in the Value data box, and then click OK.

2. Set AnnounceFlags to 5. 
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
 In the pane on the right, right-click AnnounceFlags, and then click Modify. In Edit DWORD Value, type 5 in the Value data box, and then click OK.


3. Enable NTPServer.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
 In the pane on the right, right-click Enabled, and then click Modify .In Edit DWORD Value, type 1 in the Value data box, and then click OK.



4. Specify the time sources.
Open a command prompt and type the command as below: w32tm /config /manualpeerlist:peers /syncfromflags:manual /reliable:yes /update
peers: time.windows.com or time.nist.gov

eg: w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update

5. At the command prompt, type the following command to restart the Windows Time service, and then press Enter:
    
net stop w32time 
net start w32time 

Some Useful commands

Make sure that you run these commands from an elevated command prompt

1. To resynchronize time : w32tm /resync  or w32tm /resync /rediscover
2. To verify the configuartion : w32tm /query /configuration and w32tm /query /status
3. Display the current time zone settings : w32tm /tz
4. To reset the registry settings of NTP server: 
     net stop w32time
     w32tm /unregister
     w32tm /register
     net start w32time
5. To synchronize time on a linux client : ntpdate server_IP


Allow UPD Port 123 through Firewall

Make an exception in your firewall to allow UDP port number 123.

Apply the NTP client settings via Group Policy(Optional)

Now we have to tell the client computers to obtain the time from the NTP Server. The policy is applied via GPO. The procedure is as follows:

1. Locate the Group Policy Object : Computer configuration/ Policies/Administrative Templates/ System /Windows Time Services/ Time providers

2.  Enable the below settings:
    Configure Windows NTP Client (In our case, it is the IP of the PDC)
    Enable Windows NTP Client



    Obtaining time from a Local Source (Optional)

    This configuration forces the PDC master to announce itself as a reliable time source and uses the built-in complementary metal oxide semiconductor (CMOS) clock. To configure the PDC master by using an internal hardware clock, follow these steps:

    1. Click Start, click Run, type regedit, and then click OK.
    Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
    In the right-pane, right-click AnnounceFlags, and then click Modify.
    In Edit DWORD Value, type A in the Value data box, and then click OK.
     Close Registry Editor.
     At the command prompt, type the following command to restart the Windows Time service:
        net stop w32time && net start w32time

    By accomplishing the above tasks you can configure an NTP server in your domain.

    For more information about NTP you can visit : http://www.ntp.org/

    1 comment: