Subscribe to Windows IT Pro
October 21, 2002 12:00 AM

Perfect Timing

Configuring and administering the Windows Time service
Kathy Ivens
Windows IT Pro
InstantDoc ID #26697
Rating: (1)

Windows 2000 includes the Windows Time service (W32Time), which you can use to make sure that all Windows XP and Win2K computers on your network run on the same time. W32Time synchronizes a computer you designate as an authoritative time server with an outside time source, then synchronizes all computers on your network to that time server. Let's examine W32Time and discuss how to configure and administer the service on your network.

If you choose not to use W32Time on your network, you might not notice any obvious consequences. However, several features and processes depend on accurate and synchronized timestamps. Kerberos, for example, requires timestamps as part of the authentication ticket generation process. By default, Kerberos authentication fails if the clock time of the client computer and the authenticating domain controller (DC) are more than 5 minutes apart. This interval is called the Maximum Tolerance for Synchronization of Computer Clocks. You can use Group Policy to change this value, but doing so can weaken security on your network.

Replication processes on the network also depend on accurate timestamps as they determine whether to replicate data. In fact, if the time difference between two DCs is greater than the Kerberos Maximum Tolerance for Synchronization of Computer Clocks, authentication between DCs fails, and that failure causes DC data replications to fail. Just as important, computers with different times can wreak havoc on data file writes. And inaccurate timestamps can compromise functions such as synchronizing offline files, entering database data, and working with collaborative documents.

Setting Up an Authoritative Time Server
The authoritative time server is a DC that checks its time against an outside clock deemed to be extremely accurate. If you have multiple DCs in a domain, the authoritative time server is the DC that serves as the Flexible Single-Master Operation (FSMO) PDC emulator. By default, the FSMO PDC emulator is the first DC that you install in a domain. If you have multiple domains (i.e., a forest), the FSMO PDC emulator of the first domain you created in the forest is the authoritative time server for the forest.

You must supply the URL or IP address of the authoritative external clock by entering the following command on the DC that serves as the authoritative time server:

net time /setsntp:(server_ address or server_list)

The target external server must be a Simple Network Time Protocol (SNTP) time server, and UDP port 123 must be open to the Internet. See the sidebar "Locating Time Servers," page 74, for addresses of time servers near you. If you provide a list of target external servers (i.e., so that if one external server isn't available, the system can try to contact another server), follow each address with a space and enclose the entire list in quotation marks, as in the following example:

net time /setsntp:"192.5.41.209 192.5.41.41"

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Anonymous User
    7 years ago
    May 30, 2005

    The followinf URL does not work. Can you please send me the updated URL. You can email me on hoosain.mahomed@delphi.com. Thank you for your assistance.

    http://www.microsoft.com/technet/treeview/default.asp

    url=/TechNet/prodtechnol/winntas/downloads/W32TIME.asp

  • Mike Hall
    8 years ago
    Jan 15, 2004

    Kathy Ivens's column Getting Started with Win2K: "Perfect Timing" (November 2002, http://www.winnetmag.com, InstantDoc ID 26697) incorrectly stated that you need to manually set Windows NT 4.0 computers' clocks with a net time \\\\ /set /yes procedure. Microsoft released as part of the Microsoft Windows NT Server 4.0 Resource Kit a Y2K-compliant Windows Time service called W32Time, which you can use to provide similar functionality to the net time procedure, with several configuration differences. (For more information about the W32Time service, see the Microsoft article "Changes to the W32Time and TimeServ Utilities" at http://support.microsoft.com/?kbid=246145). The W32Time service relies on two files—W32time.exe (in %systemroot%\\system32) and W32time.ini (in %systemroot%). You can use a simple batch file to install and configure the service. We have remote deployment routines that select specific configuration files to copy for workstations, member servers, and domain controllers (DCs) at deployment.


    You're right. Thank you for providing this information.


    —Kathy Ivens

  • Anthony Paulina
    10 years ago
    Nov 15, 2002

    In the article you mention that w32Time service doesn't run on NT4. That is incorrect, prior to Year 2000, Microsoft had released a w32Time service as a replacement for the Time Serv utility in the NT4 Resource Kit. The version of w32time service released for NT4 doesn't operate quite the same way as the native Win2k service but it does keep the servers perfectly synced. I've got a mixed network of Windows 2000 servers and NT4 servers, and as a matter of fact, one of my NT4 servers running the w32Time service is the time server for all the other servers (including windows 2000 servers). Listed below is the URL to get the NT4 version, along with instructions on how to install / configure and replace the older Time Serv utility...

    http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winntas/downloads/W32TIME.asp

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.