Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, September 3, 2010 10:02 AM
Hi,
I am a Linux guy. We have informed by the management to implement a time server on a windows server 2008 R2. But our Windows Engineer on vacation. So I have to do that task but i don't now how to do that. Could any body help me to configure Windows server 2008 R2 as a NTP server for our DC, ADC, Domain Clients and redhat machines. Can we setup a windows 2008 server R2 domain client as a NTP server or NTP server should be on a DC for the above mentioned environment. Please advice me and provide setup procedure.
Thanks,
vrp
All replies (17)
Monday, January 17, 2011 10:51 PM ✅Answered
Hello,
as said before the WSUS server will not give the updates to the client, the client checks the WSUS server if updates are available and then download and install them.
Have never seen that updating the machine reset the time to different one.
Did you consider posting this into the WSUS forum? http://social.technet.microsoft.com/Forums/en-us/winserverwsus/threads
Please check with w32tm command line details about the time servce on the problem machines and the domain:
http://technet.microsoft.com/en-us/library/w32tm(WS.10).aspx
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Friday, September 3, 2010 10:29 AM | 1 vote
You can setup a Windows 2008 server R2 as a NTP server and a NTP client. You should modify register entries to achive your goal (start>run>regedit)
- To configure a NTP server, you can do it by proceeding to modify these register entries:
SYSTEM\CurrentControlSet\services\W32time\Config\AnnounceFlags= 1
SYSTEM\CurrentControlSet\services\W32time\Parameters\NtpServer = time.windows.com (This will allow the NTP Server to synchronize with time.windows.com, if you don't need that you can let it empty)
SYSTEM\CurrentControlSet\services\W32time\Parameters\Type = NTP (This is optional and should be enabled if you want your NTP server synchronize with another NTP server)
- To configure a NTP client, you can do it by proceeding to modify these register entries:
SYSTEM\CurrentControlSet\services\W32time\Config\AnnounceFlags= 0
SYSTEM\CurrentControlSet\services\W32time\Parameters\NtpServer = the IP address or the DNS name of the NTP server
SYSTEM\CurrentControlSet\services\W32time\Parameters\Type = NTP
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Friday, September 3, 2010 10:33 AM
I just want to add that if you've got a domain and all your computers are member of this domain then they will, by default, synchronize with the domain controller hosting the PDC Emulator FSMO role.
So, if it is the case, you don't really need to have a NTP server.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Friday, September 3, 2010 6:10 PM
What you said is right. But we have 7 ESXi servers, 10 Redhat server to be updated their time through NTP.
Friday, September 3, 2010 6:20 PM
Thanks for your reply. I want NTP server should synchronize with local hardware time not with time.windows.com. Could you please advice .
Friday, September 3, 2010 6:25 PM
I want NTP server should synchronize with local hardware time not with time.windows.com. Could you please advice .
What do you mean by local hardware time?
SYSTEM\CurrentControlSet\services\W32time\Parameters\NtpServer entry is used to specify the NTP server (like time.windows.com) with which your NTP server will sync. If it is empty it will not sync and the local clock will be used for client computer sync process.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Friday, September 3, 2010 6:31 PM
linux07,
see this section of the article "To configure the PDC master without using an external time source, change the announce flag on the PDC master. "
http://support.microsoft.com/kb/816042
to do this you must edit the registry on the pdc emulator. you also need to know if the default sync method for windows machines in the domain has been changed, and if so, create or edit an existing a gpo to revert windows machines to the default sync method. I cannot tell you how to configure non-windows machines.
What I recommend, and please do not be offended, is to wait for your windows guy to return. It's critical for windows machines to maintain accurate time sync for kerberos.
Roy Mayo | MCSE
Friday, September 3, 2010 6:56 PM
Hi Thank you very much. let me try it.
Saturday, January 8, 2011 11:04 PM
i have similar system.we have 4 esx ; one domain ,dc and adc are visual machines(both of them is not on physical machine ) both,redhat linux and oracle also visual. i know,recomended is phsical for dcs. ,but my system is like that and if it is on physical take time from bios, do you know my system time is where???in my system sometimes my times is working wrong(5-15 minutes late)..my esx's(pdc installed on) ntp configuration is not enable (it is empty),is it cause?or what i configure...
and i want configure ntp server for all my system (linux ,domain,dc ,pdc,domain clients,non domain client,swithes syncronise over ntp server ).
what do you reccommend..?
do you not reccommen change pdc time from outside source?(which i install ntp server on windows server 2008 r2)?
So,how can i configure my whole systems on same time???
please help.What is recommended solutions on systems....all over the network
Sunday, January 9, 2011 10:55 AM
Hello datagrids,
in a Windows domain time is essential and the time source is the DC having the PDCEmulator FSMO. No other time source should be used otherwise you have a lot additional configuration to do.
Also using ESX time sync tool will result in problems as the Windows domain machines will then theoretical sync with the DCs and additional with the ESX time sync tool. If there is a difference you are in trouble as a Windows domain by default only accept a difference of max 5minutes.
More details also in: http://msmvps.com/blogs/mweber/archive/2010/06/27/time-configuration-in-a-windows-domain.aspx
So as recommendation, use only the Windows way for time sync and disable the time sync function with the ESX time sync.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Sunday, January 9, 2011 8:28 PM
so,do you reccommend me that:? is this way is tru? 1)Use time source as pdc and so my domain member take automatically from pdc,(like default, no additional configuration and so time from bios- ).do you?(dc and adc is on esx..while adc and dc is on esx ,still take time from bios?) 2.Whole network machines must at same time, so my non domain member machines like redhat linux,swithes,and other machines how to configurate to take time from dc? İs this way is best..? Thanks and please help
Sunday, January 9, 2011 9:37 PM
Hello,
i don't know and you didn't desdcribe which NTP server you are using and how the not Windows machines handle time sync. But make sure the Windows domain members work with the Windows way.
So if the NTP server is an external or whatever time server(NOT domain member machine), configure the DC with the PDCEmulator FSMO to use it as a time source. In a domain all existing DCs sync automatically with that one and the other domain members will sync with an available DC. That way the Windows domain is in sync with the time. Also about the importance of the equal time no other time sync mechanism cna be used so disable on all VMs the time sync with the ESX server.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Friday, January 14, 2011 5:02 PM
1-all domain members take time from pdc(automatically ,it isnot need any configuration).
2-non domain member Linux and Windows machine configure from adjust date-time -internet time tab -change settings- choose syncronize with an internet time and give ip of dc. time and other machine
you know ,i have 1pdc and 1 adc and both of them is on esx.
i use pdc for time sync and time is syncronize from dc.
1-all domain members take time from pdc(automatically ,it isnot need any configuration).
2-non domain member Linux and Windows machine configure from adjust date-time -internet time tab -change settings- choose syncronize with an internet time and give ip of dc. time and other machine
,my problem is that when wsus give uptades to my machines ;time is get back 10-15 minutes all over enterprise and time go wrong......
help Me please?
Saturday, January 15, 2011 1:05 AM
Hello,
is the WSUS also DC?
A WSUS server will not give the updates to the client, the client checks the WSUS server if updates are available and then download and install them.
If the WSUS is also domain member run the follwoing on it, to make sure it sync the time with the domain also:
w32tm /config /syncfromflags:domhier /update
After that you have to run:
net stop w32time
net start w32time
This command lines can also be scripted and be used on all domain machines.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Saturday, January 15, 2011 7:54 PM
wsus(wsus and dc is both virtual machine) and dc is not on same virtual machine.
Monday, January 17, 2011 6:45 PM
you know ,i have 1pdc and 1 adc and both of them is on esx.
i use pdc for time sync
1-all domain members take time from pdc(automatically ,it isnot need any configuration).
2-non domain member Linux and Windows machine configure from adjust date-time -internet time tab -change settings- choose syncronize with an internet time and give ip of dc. time and other machine
,my problem is that when wsus give uptades to my machines ;time is get back 10-15 minutes all over enterprise and time go wrong......
help Me please?
help me please what is the reason of this late time problem...
Sunday, February 24, 2013 7:11 PM
Thanks for your reply. I want NTP server should synchronize with local hardware time not with time.windows.com. Could you please advice .
Sorry for late response. You can setup own NTP server on the network using for example NTS server tool -- it can be synced with any local NTP/SNTP source in your network