Tuesday, July 10, 2012

Windows Time Sync Changes in 2008 Server

There has been changes in the way you configure the Windows Time Hierarchy in Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.  In previous versions of the Windows Operating system such as XP and 2003 you configured your computers Windows Time Service to synchronise with a Simple Network Time Protocol (SNTP) service by using the following command:

net time \\computername /setsntp:sntpserveraddress

In the later versions of Windows starting from Windows Vista onwards, you configure your Windows Time Service to synchronise from a simple network time protocol using the following command:

w32tm /config /update /manualpeerlist:ntpservername /reliable /syncfromflags:all

For example I utilise the free NTP time service which is redundant and accessible from anywhere in the world, pool.ntp.org.  To configure a computer to synchronise with the internet time source pool.ntp.org you would run the following command:

w32tm /config /update /manualpeerlist:pool.ntp.org /reliable /syncfromflags:all

Note: Microsoft also has a NTP server running under time.windows.com which you can synchronise with for free.
Once you have configured your computer to synchronise with an SNTP server, your computer will synchronise time with that server by default every week at 1am on Sunday.  This is controlled by a scheduled task built into Windows Task Scheduler.

It is possible to manually change this schedule by modifying the SynchronizeTime scheduled task.

If you want to perform a manual time sync, this can be done by executing the following command:

w32tm /resync

After executing this command from a command prompt running with elevated rights "Run as administrator" you can verify that it synchronised successfully by checking the windows system logs in Event Viewer.  The source of the log entry is from Kernel-General.


For those of you whos computer/server is a member of an Active Directory domain, do not manually configure your computer to synchronise from an external time source.  The only computer that should be configured to synchronise to an external time source in an Active Directory environment is the server running the PDC emulator role in the forest root domain.  All other domain controllers including those in child domains synchronise up the Windows Time Hierarchy.

The following diagram taken from TechNet provides a high level illistration of how time synchronisation works in an Active Directory environment.



Time synchronisation is critical in an Active Directory environment due to the Kerberos authentication time offset of 5 minutes.

If you are a Windows Administrator and are responsible for maintaining an Active Directory environment, it is very important to understand how the Windows Time Hierarchy works.  If you are new to this I recommend you read the following TechNet article for additional information.

http://technet.microsoft.com/en-us/library/cc773013.aspx

2 comments:


  1. microsoft outlook 2007 sale , product key windows 7 , buy windows 10 product key , windows 7 proffessional product key , activate microsoft project professional 2010 , windows 10 product key , window 7 professional product key free download , cheapest windows 7 home premium upgrade activation key , llyOgz

    ReplyDelete

  2. windows 10 professional key , office mac stores.com review , windows 8 genuine product key onlne , xp home edition key , windows 10 serial keys product key torrent , product key microsoft project standard 2010 , windows 7 professional product keygen , rosett astone spanish latinamerica key , wiJVhA

    office 2013 product key

    windows 10 enterprise key

    vmware workstation 11 to buy

    ReplyDelete