+ Post New Thread
Results 1 to 11 of 11
Windows Server 2000/2003 Thread, Server Time Issue in Technical; Does anyone have an easy guide to setting up Server 2003 to get it's time from a reliable outside source? ...
  1. #1
    Andie's Avatar
    Join Date
    Sep 2006
    Location
    Cambridgeshire
    Posts
    794
    Thank Post
    167
    Thanked 66 Times in 49 Posts
    Rep Power
    29

    Server Time Issue

    Does anyone have an easy guide to setting up Server 2003 to get it's time from a reliable outside source? This one has been nagging at me for ages, and I've tried looking on here and the web generally, but I need really easy step by step instructions. It would be lovely to finally get the time on our clients to be correct - they're synching to the server and the server is currently about ten minutes fast.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    First off, make sure your LEA hasn't firewalled off NTP. If not then set your DCs to use NTP via group policy.

    Windows Time Service Tools and Settings: Windows Time Service

    Your clients sync with your DCs so only your DCs need to use NTP.

  3. Thanks to Geoff from:

    Andie (6th March 2013)

  4. #3
    Andie's Avatar
    Join Date
    Sep 2006
    Location
    Cambridgeshire
    Posts
    794
    Thank Post
    167
    Thanked 66 Times in 49 Posts
    Rep Power
    29
    Finally had some time to look at this. Turns out NTP traffic is blocked by default, so that is the main issue. However, I need an NTP server to synch to, and our internet provider wants the IP address of that server. At the moment, I have enabled GP for the default of time.windows.com (although it won't work until I get traffic unblocked). I am nervous of picking a time server at random, as some are primary and some secondary (I should use a secondary??) and some are OpenAccess but require notification.

    Anyone got any recommendations for something I can use without getting into trouble?

    Also, in the GP settings, do I need to enable the NTP server bit? The explanation seems to imply that this allows anyone to use my server as an NTP source, but I'm probably being paranoid and that's probably blocked by our internet provider anyway....??? I do need the clients to be able to get time from the server, and this is the GP setting that does this, right?

    Sorry, but this is all very new to me, which is why I have left it so long to sort out.

  5. #4
    Koldov's Avatar
    Join Date
    May 2011
    Location
    Bedfordshire
    Posts
    505
    Thank Post
    101
    Thanked 50 Times in 46 Posts
    Rep Power
    39
    When I took over the tech role in my current school all the servers and pc's were about 30 mins slow! I never did find out why and couldn't get any sense out of the previous tech and he didn't seem to really care...
    Anyway I just reset the time on the main 2003 DC server and all the clients synched and had no more problems that I know of (ymmv).
    Recently I looked deeper into it and found that not only had that server been upgraded from server 2000, but that it was setup to get its time from the domain... (Nt5DS = synchronize from domain hierarchy [default] setting in the registry) I think that means that at some point it wasn't a primary time server and another long gone server had been fulfilling this role or it had never been set up at all.
    So I did a lot of research like you, but not being really comfortable with GP chose to edit the registry settings, luckily our server could see the external time servers. If not I was going to use the internal CMOS setting (however got a bit confused by another bit of info saying that the time server shouldn't synchronise with itself) maybe that's clearer now but after hours of googling it all became a bit too much!

    Anyway, I used the info from here

    How to configure an authoritative time server in Windows Server

    and here

    Configuring an authoritative time source for your Windows domain | Windows HELL

    and it seemed to go ok...

    Oh and by the way, I used uk.pool.ntp.org in the 'peers' section and our local e2bn had one I could ping from the server so I used that too! sntp.****.e2bn.com the stars are the LEA a tip from another EDUGEEK post.

    Our clients sync with a logon script so can't help with GPO for synching with the server.

    Good luck!

    Kol

  6. Thanks to Koldov from:

    Andie (18th March 2013)

  7. #5

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    749
    Thank Post
    172
    Thanked 56 Times in 54 Posts
    Rep Power
    35
    From memory, The server that holds the PDC Emulator role is normally set to look at an external time source and other servers update from that.

    From our experience the DC's were replaced and the NTP wasn't updated, the domain PC's were frequently going off time by 15mins with complaints from staff saying they couldn't end their class in time as the PC clock was out.

    Once I sorted out it was accurate to the speaking clock
    Last edited by Davit2005; 7th March 2013 at 04:53 PM.

  8. #6
    Andie's Avatar
    Join Date
    Sep 2006
    Location
    Cambridgeshire
    Posts
    794
    Thank Post
    167
    Thanked 66 Times in 49 Posts
    Rep Power
    29
    Quote Originally Posted by Koldov View Post
    When I took over the tech role in my current school all the servers and pc's were about 30 mins slow! I never did find out why and couldn't get any sense out of the previous tech and he didn't seem to really care...
    Anyway I just reset the time on the main 2003 DC server and all the clients synched and had no more problems that I know of (ymmv).
    Recently I looked deeper into it and found that not only had that server been upgraded from server 2000, but that it was setup to get its time from the domain... (Nt5DS = synchronize from domain hierarchy [default] setting in the registry) I think that means that at some point it wasn't a primary time server and another long gone server had been fulfilling this role or it had never been set up at all.
    So I did a lot of research like you, but not being really comfortable with GP chose to edit the registry settings, luckily our server could see the external time servers. If not I was going to use the internal CMOS setting (however got a bit confused by another bit of info saying that the time server shouldn't synchronise with itself) maybe that's clearer now but after hours of googling it all became a bit too much!

    Anyway, I used the info from here

    How to configure an authoritative time server in Windows Server

    and here

    Configuring an authoritative time source for your Windows domain | Windows HELL

    and it seemed to go ok...

    Oh and by the way, I used uk.pool.ntp.org in the 'peers' section and our local e2bn had one I could ping from the server so I used that too! sntp.****.e2bn.com the stars are the LEA a tip from another EDUGEEK post.

    Our clients sync with a logon script so can't help with GPO for synching with the server.

    Good luck!

    Kol
    Thanks. Good to know that I am not the only one struggling to make sense of all this. We can't ping any of the time sources - it is forbidden by our Internet Provider. Still struggling to get up and running - asking for time.windows.com to be unblocked hasn't helped (possibly it is changing it's IP address regularly). We are E2BN too, so may go down that route instead. It also looks like our Internet Provider supplied router is set to be used, but it may not have correct time or can't be used for this purpose. I am continuing discussions with our Internet Provider!

    Your second article looks good. I went through the first article from another source and checked all the registry settings. As far as I could tell, they were OK. The second article sorts out some of the confusing bits, so I may have to take a deep breath and edit the registry. I have backed it up already anyway, before I did the checking. But when you only have one server, and an ancient one at that, it is a bit daunting.
    Last edited by Andie; 18th March 2013 at 12:30 PM.

  9. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    If you cannot get access to an external NTP server to sync against there are other time sources you can use. Short of asking the physics department to buy an atomic clock you can use a GPS receiver or a radio clock. For example you can build a DCF77 receiver very cheaply.

    Simple Radio Clock for PC's

  10. #8

    Join Date
    Apr 2007
    Location
    Christchurch
    Posts
    420
    Thank Post
    41
    Thanked 64 Times in 62 Posts
    Rep Power
    25
    I had a problem with external time servers and firewall blocking. We were with the SWGFL at the time and I couldnt sync to any time servers. I eventually found that the SWGFL has its own inside thier firewall. I setup to sync to them and all works fine now. Maybe you ISP has the same?

  11. #9
    Andie's Avatar
    Join Date
    Sep 2006
    Location
    Cambridgeshire
    Posts
    794
    Thank Post
    167
    Thanked 66 Times in 49 Posts
    Rep Power
    29
    Quote Originally Posted by Brpilot99 View Post
    I had a problem with external time servers and firewall blocking. We were with the SWGFL at the time and I couldnt sync to any time servers. I eventually found that the SWGFL has its own inside thier firewall. I setup to sync to them and all works fine now. Maybe you ISP has the same?
    Well, if they have, they're not telling me. I've had various discussions with them about unblocking time servers, and they've never offered me theirs! But then I suppose, as always, I need to ask them the actual question...too much to expect that they will know what i need and offer it...!

  12. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Other thing to check is to poke about on your Broadband providers network. Their DNS/Web/etc servers might be running NTP anyway. Also check for a time.domain.co.uk, ntp.domain.co.uk or any other 'obvious' dns names for a potential ntp server. They may have one and have forgotten about it. Last resort would be to brute force the issue and nmap scan the whole subnet(s) for a host responding on the NTP port.

  13. #11
    Andie's Avatar
    Join Date
    Sep 2006
    Location
    Cambridgeshire
    Posts
    794
    Thank Post
    167
    Thanked 66 Times in 49 Posts
    Rep Power
    29
    Opened a new thread for further help in diagnosis:

    Time Server DNS Issue: Help in Diagnosis Needed

SHARE:
+ Post New Thread

Similar Threads

  1. Server security issue
    By steve_nfi in forum Windows
    Replies: 5
    Last Post: 1st July 2008, 02:09 PM
  2. 10.5 server email issues
    By mactech03 in forum Mac
    Replies: 2
    Last Post: 24th April 2008, 10:30 AM
  3. Internet proxy server cache issues
    By _Bat_ in forum Wireless Networks
    Replies: 5
    Last Post: 6th November 2006, 12:36 PM
  4. 2000 Server Time
    By Nij.UK in forum Windows
    Replies: 2
    Last Post: 19th May 2006, 11:49 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •