Windows Server 2000/2003 Thread, Server Time Issue in Technical; Does anyone have an easy guide to setting up Server 2003 to get it's time from a reliable outside source? ...
12th December 2012, 04:13 PM #1
Server Time Issue
Does anyone have an easy guide to setting up Server 2003 to get it's time from a reliable outside source? This one has been nagging at me for ages, and I've tried looking on here and the web generally, but I need really easy step by step instructions. It would be lovely to finally get the time on our clients to be correct - they're synching to the server and the server is currently about ten minutes fast.
IDG Tech News
12th December 2012, 04:23 PM #2
First off, make sure your LEA hasn't firewalled off NTP. If not then set your DCs to use NTP via group policy.
Windows Time Service Tools and Settings: Windows Time Service
Your clients sync with your DCs so only your DCs need to use NTP.
6th March 2013, 04:10 PM #3
Finally had some time to look at this. Turns out NTP traffic is blocked by default, so that is the main issue. However, I need an NTP server to synch to, and our internet provider wants the IP address of that server. At the moment, I have enabled GP for the default of time.windows.com (although it won't work until I get traffic unblocked). I am nervous of picking a time server at random, as some are primary and some secondary (I should use a secondary??) and some are OpenAccess but require notification.
Anyone got any recommendations for something I can use without getting into trouble?
Also, in the GP settings, do I need to enable the NTP server bit? The explanation seems to imply that this allows anyone to use my server as an NTP source, but I'm probably being paranoid and that's probably blocked by our internet provider anyway....??? I do need the clients to be able to get time from the server, and this is the GP setting that does this, right?
Sorry, but this is all very new to me, which is why I have left it so long to sort out.
7th March 2013, 04:52 PM #4
When I took over the tech role in my current school all the servers and pc's were about 30 mins slow! I never did find out why and couldn't get any sense out of the previous tech and he didn't seem to really care...
Anyway I just reset the time on the main 2003 DC server and all the clients synched and had no more problems that I know of (ymmv).
Recently I looked deeper into it and found that not only had that server been upgraded from server 2000, but that it was setup to get its time from the domain... (Nt5DS = synchronize from domain hierarchy [default] setting in the registry) I think that means that at some point it wasn't a primary time server and another long gone server had been fulfilling this role or it had never been set up at all.
So I did a lot of research like you, but not being really comfortable with GP chose to edit the registry settings, luckily our server could see the external time servers. If not I was going to use the internal CMOS setting (however got a bit confused by another bit of info saying that the time server shouldn't synchronise with itself) maybe that's clearer now but after hours of googling it all became a bit too much!
Anyway, I used the info from here
How to configure an authoritative time server in Windows Server
Configuring an authoritative time source for your Windows domain | Windows HELL
and it seemed to go ok...
Oh and by the way, I used uk.pool.ntp.org in the 'peers' section and our local e2bn had one I could ping from the server so I used that too! sntp.****.e2bn.com the stars are the LEA a tip from another EDUGEEK post.
Our clients sync with a logon script so can't help with GPO for synching with the server.
7th March 2013, 05:50 PM #5
From memory, The server that holds the PDC Emulator role is normally set to look at an external time source and other servers update from that.
From our experience the DC's were replaced and the NTP wasn't updated, the domain PC's were frequently going off time by 15mins with complaints from staff saying they couldn't end their class in time as the PC clock was out.
Once I sorted out it was accurate to the speaking clock
Last edited by Davit2005; 7th March 2013 at 05:53 PM.
18th March 2013, 01:21 PM #6
Thanks. Good to know that I am not the only one struggling to make sense of all this. We can't ping any of the time sources - it is forbidden by our Internet Provider. Still struggling to get up and running - asking for time.windows.com to be unblocked hasn't helped (possibly it is changing it's IP address regularly). We are E2BN too, so may go down that route instead. It also looks like our Internet Provider supplied router is set to be used, but it may not have correct time or can't be used for this purpose. I am continuing discussions with our Internet Provider!
Originally Posted by Koldov
Your second article looks good. I went through the first article from another source and checked all the registry settings. As far as I could tell, they were OK. The second article sorts out some of the confusing bits, so I may have to take a deep breath and edit the registry. I have backed it up already anyway, before I did the checking. But when you only have one server, and an ancient one at that, it is a bit daunting.
Last edited by Andie; 18th March 2013 at 01:30 PM.
18th March 2013, 01:49 PM #7
If you cannot get access to an external NTP server to sync against there are other time sources you can use. Short of asking the physics department to buy an atomic clock you can use a GPS receiver or a radio clock. For example you can build a DCF77 receiver very cheaply.
Simple Radio Clock for PC's
18th March 2013, 02:04 PM #8
I had a problem with external time servers and firewall blocking. We were with the SWGFL at the time and I couldnt sync to any time servers. I eventually found that the SWGFL has its own inside thier firewall. I setup to sync to them and all works fine now. Maybe you ISP has the same?
18th March 2013, 02:36 PM #9
Well, if they have, they're not telling me. I've had various discussions with them about unblocking time servers, and they've never offered me theirs! But then I suppose, as always, I need to ask them the actual question...too much to expect that they will know what i need and offer it...!
Originally Posted by Brpilot99
18th March 2013, 03:05 PM #10
Other thing to check is to poke about on your Broadband providers network. Their DNS/Web/etc servers might be running NTP anyway. Also check for a time.domain.co.uk, ntp.domain.co.uk or any other 'obvious' dns names for a potential ntp server. They may have one and have forgotten about it. Last resort would be to brute force the issue and nmap scan the whole subnet(s) for a host responding on the NTP port.
16th April 2013, 04:28 PM #11
Opened a new thread for further help in diagnosis:
Time Server DNS Issue: Help in Diagnosis Needed
By steve_nfi in forum Windows
Last Post: 1st July 2008, 03:09 PM
By mactech03 in forum Mac
Last Post: 24th April 2008, 11:30 AM
By _Bat_ in forum Wireless Networks
Last Post: 6th November 2006, 01:36 PM
By Nij.UK in forum Windows
Last Post: 19th May 2006, 12:49 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)