Server Time Issue
Does anyone have an easy guide to setting up Server 2003 to get it's time from a reliable outside source? This one has been nagging at me for ages, and I've tried looking on here and the web generally, but I need really easy step by step instructions. It would be lovely to finally get the time on our clients to be correct - they're synching to the server and the server is currently about ten minutes fast.
First off, make sure your LEA hasn't firewalled off NTP. If not then set your DCs to use NTP via group policy.
Windows Time Service Tools and Settings: Windows Time Service
Your clients sync with your DCs so only your DCs need to use NTP.
Finally had some time to look at this. Turns out NTP traffic is blocked by default, so that is the main issue. However, I need an NTP server to synch to, and our internet provider wants the IP address of that server. At the moment, I have enabled GP for the default of time.windows.com (although it won't work until I get traffic unblocked). I am nervous of picking a time server at random, as some are primary and some secondary (I should use a secondary??) and some are OpenAccess but require notification.
Anyone got any recommendations for something I can use without getting into trouble?
Also, in the GP settings, do I need to enable the NTP server bit? The explanation seems to imply that this allows anyone to use my server as an NTP source, but I'm probably being paranoid and that's probably blocked by our internet provider anyway....??? I do need the clients to be able to get time from the server, and this is the GP setting that does this, right?
Sorry, but this is all very new to me, which is why I have left it so long to sort out.
When I took over the tech role in my current school all the servers and pc's were about 30 mins slow! I never did find out why and couldn't get any sense out of the previous tech and he didn't seem to really care...
Anyway I just reset the time on the main 2003 DC server and all the clients synched and had no more problems that I know of (ymmv).
Recently I looked deeper into it and found that not only had that server been upgraded from server 2000, but that it was setup to get its time from the domain... (Nt5DS = synchronize from domain hierarchy [default] setting in the registry) I think that means that at some point it wasn't a primary time server and another long gone server had been fulfilling this role or it had never been set up at all.
So I did a lot of research like you, but not being really comfortable with GP chose to edit the registry settings, luckily our server could see the external time servers. If not I was going to use the internal CMOS setting (however got a bit confused by another bit of info saying that the time server shouldn't synchronise with itself) maybe that's clearer now but after hours of googling it all became a bit too much!
Anyway, I used the info from here
How to configure an authoritative time server in Windows Server
Configuring an authoritative time source for your Windows domain | Windows HELL
and it seemed to go ok...
Oh and by the way, I used uk.pool.ntp.org in the 'peers' section and our local e2bn had one I could ping from the server so I used that too! sntp.****.e2bn.com the stars are the LEA a tip from another EDUGEEK post.
Our clients sync with a logon script so can't help with GPO for synching with the server.
From memory, The server that holds the PDC Emulator role is normally set to look at an external time source and other servers update from that.
From our experience the DC's were replaced and the NTP wasn't updated, the domain PC's were frequently going off time by 15mins with complaints from staff saying they couldn't end their class in time as the PC clock was out.
Once I sorted out it was accurate to the speaking clock :D
Thanks. Good to know that I am not the only one struggling to make sense of all this. We can't ping any of the time sources - it is forbidden by our Internet Provider. Still struggling to get up and running - asking for time.windows.com to be unblocked hasn't helped (possibly it is changing it's IP address regularly). We are E2BN too, so may go down that route instead. It also looks like our Internet Provider supplied router is set to be used, but it may not have correct time or can't be used for this purpose. I am continuing discussions with our Internet Provider!
Originally Posted by Koldov
Your second article looks good. I went through the first article from another source and checked all the registry settings. As far as I could tell, they were OK. The second article sorts out some of the confusing bits, so I may have to take a deep breath and edit the registry. I have backed it up already anyway, before I did the checking. But when you only have one server, and an ancient one at that, it is a bit daunting.
If you cannot get access to an external NTP server to sync against there are other time sources you can use. Short of asking the physics department to buy an atomic clock you can use a GPS receiver or a radio clock. For example you can build a DCF77 receiver very cheaply.
Simple Radio Clock for PC's
I had a problem with external time servers and firewall blocking. We were with the SWGFL at the time and I couldnt sync to any time servers. I eventually found that the SWGFL has its own inside thier firewall. I setup to sync to them and all works fine now. Maybe you ISP has the same?
Well, if they have, they're not telling me. I've had various discussions with them about unblocking time servers, and they've never offered me theirs! But then I suppose, as always, I need to ask them the actual question...too much to expect that they will know what i need and offer it...!
Originally Posted by Brpilot99
Other thing to check is to poke about on your Broadband providers network. Their DNS/Web/etc servers might be running NTP anyway. Also check for a time.domain.co.uk, ntp.domain.co.uk or any other 'obvious' dns names for a potential ntp server. They may have one and have forgotten about it. Last resort would be to brute force the issue and nmap scan the whole subnet(s) for a host responding on the NTP port.