Tuesday, January 13, 2015

Configuring NTP at Windows 2008 R2

How To Clear NTP Configuration

The next thing to do is to clear up any previous attempts to configure NTP using these commands on your soon-to-be Windows 2008 R2 NTP server:
net stop w32time
w32tm /unregister
w32tm /register
Once your NTP configuration has been cleared up, you can then configure your Windows 2008 R2 server to be an NTP server.

Configuring Windows 2008 R2 as an NTP Server

You’re probably going to want to configure your domain controller to be the NTP server. Why? Because Kerberos requires authenticating clients to have the same time as the authenticating domain controller, so it makes sense to have the domain controller as the NTP server so it is in control over what the correct time is. To configure Windows 2008 R2 as an NTP server, run these commands:
w32tm /config /manualpeerlist:pool.ntp.org,0×8 /syncfromflags:MANUAL
net stop w32time
net start w32time
The first command configures the server as an NTP client to pool.ntp.org, sending the request in client mode. If you don’t want to connect as client mode, here are the alternative settings:
0×01 – use special poll interval SpecialInterval
0×02 – UseAsFallbackOnly
0×04 – send request as SymmetricActive mode
0×08 – send request as Client mode
I usually like to set any redundant domain controllers up in the same way, but pointing to the primary domain controller as the NTP server instead of pool.ntp.org.
pool.ntp.org is a round-robin group of NTP servers, but if you want to set your own pool up you can do this either in DNS or preferably by putting the manualpeerlist in quotes and seperating muliple NTP server addresses with a space like this:
w32tm /config /manualpeerlist:”ntp1 ntp2″,0×8 /syncfromflags:MANUAL
Finally, ensure that NTP protocol is allowed on your firewall. NTP uses port 123.

Troubleshooting NTP

You can confirm that NTP is working correctly by performing a manual sync with this command:
w32tm /resync
or determine the time of the last sync with this command:
w32tm /query /status
Finally, if you are still having trouble with NTP, you can enable debug logs with this command:
w32tm /debug /enable /file:C:\w32tmdebug.log /size:10485760 /entries:0-300
But don’t forget to disable logging when you’ve finished troubleshooting NTP. You can disable NTP logging with this command:
w32tm /debug /disable
Finally, if it’s still not working, you can start again and clear the NTP configuration with this command:
net stop w32time
w32tm /unregister
w32tm /register

No comments: