Windows Sync with an External Time Server

· Windows Windows Scripts

I originally set up time servers a while back, but we started seeing time errors so I decided to redo them. Please be very careful when playing around with the time sources because Kerberos requires the timestamps to be very close in order to authenticate.

First, remove all policies from Domain Controllers Policy:

  1. Navigate to Default Domain Controllers Policy -> Computer Configuration -> Administrative Template -> System -> Windows Time Service
  2. Set Global Configuration Settings to Not Configured
  3. Navigate to Time Providers
  4. Set all three entries to Not Configured

Next, determine which domain controller is your PDC

  1. Click Start -> Run -> Type in: dsa.msc -> Press Enter
  2. Right click on the root domain -> Click Operations Masters -> Select the PDC Tab
  3. Your PDC server will be in the Operations master field

Finally, set up your domain controller sync with an external time source:

  1. Logon to the PDC server
  2. Click Start -> Run -> Type in: cmd -> Press Enter to open up Command Prompt
  3. Type the following commands:

    • net stop w32time (stop the time server)
    • w32tm /unregister (uninstall the time service)
    • w32tm /register (install the time service with the defaults)
    • w32tm /config /manualpeerlist:nist1.aol-va.symmetricom.com,0x1 /syncfromflags:manual /reliable:yes /update (this sets the domain controller to use an external source based in Reston)
    • w32tm /resync (sync with the time source)
    • w32tm /monitor (Ensure the new time source is next to the PDC server)

Now you can set the rest of your servers to use the PDC as your time source via Group Policy.

Source: http://tf.nist.gov/tf-cgi/servers.cgi – Select a time server

Source: http://blogs.msdn.com/b/w32time/archive/2009/02/02/group-policy-settings-explained.aspx – Time values explained

Source: http://blogs.msdn.com/b/w32time/archive/2008/02/26/configuring-the-time-service-ntpserver-and-specialpollinterval.aspx – Time server flags explained

Source: http://support.microsoft.com/kb/929276/en-us – Disable Group Policy

Source: http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/127e7fe7-6fff-469d-8536-8da1c9825cb0/

Source: http://support.microsoft.com/kb/816043 – Enable Time Server Logging

Source: http://technet.microsoft.com/en-us/library/cc784553(WS.10).aspx – Sync with External Source

Source: http://morgansimonsen.wordpress.com/2010/03/11/configuring-a-windows-domain-controller-to-synchronize-its-clock-with-an-external-time-source/ – Reset w32tm

author image

About Joseph Spurrier

I'm passionate about building solutions to automate tasks and improve efficiency. I worked for a few companies in the digital healthcare space. My education is in forensics. Tech guy. Traveler. Runner. Guitar player. Scotch and beer enthusiast. GitHub LinkedIn Twitter Google+

Share this post


Comments powered by Disqus