Need an open access NTP server that works.

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Anyone know of a reliable NTP server I can use on my PDC for time synchronization?
It is Windows 2003 SBS and is the only DC.

I've confirmed my setup through a combination of the instructions for external time server synchronization via these two links
http://support.microsoft.com/kb/816042
http://www.windowsnetworking.com/articl ... rvice.html

The neccessary registry settings are correct.
I've used a variety of "open access" NTP servers from this list including all the US ones
http://support.ntp.org/bin/view/Servers ... imeServers

After changing time servers I stop and restart the w32time

When I run w32tm /resync /rediscover I get "The computer did not resync because no time data was available".

I had been using the windows default time.windows.com but noticed my DC and as a result the rest of my network is running about 5 minutes faster than what I know real time is.

The warning that I have in my system log in event viewer is:
Quote:
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 12
Date: 2/5/2009
Time: 10:00:11 AM
User: N/A
Computer: ALARON-SBS-01
Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6809
  • Loc: Martinsburg, WV

Post 3+ Months Ago

I have struggled with NTP for a couple of years and have finally got it working spot on across the domain. We actually have a dedicated time clock though and may be something to look into.

Ours is made by Spectracom

http://www.spectracomcorp.com/Products/ ... fault.aspx

The key is setting your PDC emulator to not use the domain hierarchy, which if you only have one domain controller that is it, if you have two then you need to check the FSMO roles to see which one is the PDC. Try running this command on the PDC emulator from the command prompt:
Quote:
w32tm /config /manualpeerlist:peers /syncfromflags:manual /reliable:yes
/update


Replace peers with the server address of your time clock such as time.microsoft.com or the IP address.

Also make sure you did this step on the PDC emulator
Quote:
Change the server type to NTP. To do this, follow these steps:
Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
In the right pane, right-click Type, and then click Modify.
In Edit Value, type NTP in the Value data box, and then click OK.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I made sure of that registry setting. In fact, I have everything set as noted in the two articles I posted above including setting the Type to NTP - it was originally NoSync

I ran the w32tm command you suggested with this timeserver nist1.uccaribe.edu (supposedly open access), and the time.windows.com

Stopped and started w32time after any change.

Still when running w32tm /resync /rediscover I get the same errors posted above.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

If it helps in my Default Domain GPO, under Computer Configuration> Administrative Templates> System> Windows Time Service> Global Configuration Settings are not configured.
Under Time Providers:

Enable Windows NTP Client - is Not Configured
Configure Windows NTP Client - is Enabled
Enable Windows NTP Server - is Enabled


Not sure how that affects what I'm trying to do.
  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6809
  • Loc: Martinsburg, WV

Post 3+ Months Ago

NTP is a pain in the ass.

Take a look at this tool

http://www.bytefusion.com/products/fs/n ... query.html

This will let you know if a time source can be reached from your server.

I just read a paper that stated the 3 NTP GPO settings should all be set to Not configured. He didn't state why. So try doing that and see if that fixes anything.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

grinch2171 wrote:
http://www.bytefusion.com/products/fs/n ... query.html


*doh. I could see immediately in the screen shots what I believe at least part of the problem is. Noticed NTP port is 123, and without looking I can almost guarantee that port 123 isn't open on the firewall.

I don't suppose you know the command line code for a Cisco Pix 506E to open port 123 for NTP do you?

Cisco is not one of my forte's.

//Just looked and it's not open.
grrrrrrrrrrrrrrrrrr.....!
  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6809
  • Loc: Martinsburg, WV

Post 3+ Months Ago

Quote:
I don't suppose you know the command line code for a Cisco Pix 506E to open port 123 for NTP do you?


Sure don't but do you realize Cisco no longer supports the Pix? You may want to get something new.

I found this but not sure if it will work, you may want to save your config before trying
Quote:
access-list acl_in permit udp host any eq 123
access-group acl_in in interface inside
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

actually that looks pretty close to most commands I've seen and used in the past for other things. And yes I know Pix is at EOL. But it is still working but plan to look at a new one very soon. I'll try that on Monday when I get back into work. I do always save the config and I can test it out before I flash it to memory. If it doesn't work I'll just exit without saving the change.

I need to look at some Cisco training. We always had an outside vendor do any of the firewall config and we don't use them any longer.

Post Information

  • Total Posts in this topic: 8 posts
  • Users browsing this forum: No registered users and 87 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.