Настройка ntp server на windows server 2019

Network Time Protocol (NTP) runs on the Transport Layer port 123 UDP and enables accurate time synchronization for network computers. This irons out time inconsistencies on servers and clients during file logging or replication of server databases among other resources.

In this article, we’ll outline the process of installing, configuring, and querying an NTP server on Windows Server 2019.

NTP Server

NTP servers utilize the Network Time Protocol to send time signals to servers across the globe upon request. NTP servers use the Universal Time Coordinated (UTC) time source for time signal synchronization.

The main purpose of NTP servers is to provide time synchronization for servers and computer networks with other major network servers and clients across the globe. In turn, this streamlines communications and transactions all over the world.

Installing and Configuring an NTP Server on Windows Server 2019

The process of installing, configuring, and querying an NTP Server on Windows Server 2019 is quite straightforward.

Set the NTP service to Automatic option

To start off, Hit Windows Key + R to launch the Run dialogue. Next, type services.msc and hit ENTER.

In the ‘Services’ window, locate the service ‘Windows Time’. Right-click and select the ‘Properties’ option as shown:

On the pop-up window, select the Startup type as ‘Automatic’.

Finally, click on ‘OK’ and then ‘Apply’.

Configuring NTP Server using Registry Editor

As before, launch the run dialogue by pressing Windows Key + R. Then type ‘regedit’ and hit ENTER.

The Registry editor will be launched as shown:

Navigate to the path shown below:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

On the right pane, locate and double-click the ‘Enabled’ file as shown:

Set the Value data to 1 and click OK.

Next, follow this path.

Computer>HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>W32Time>Config

At the right pane locate the ‘Announce Flags’ file.

Double click on the file and set its value to 5 in the ‘Value Data’ section.

Finally, reboot the NTP server for the changes to take place. Head back to the services Window, right-click on ‘Windows Time’ and select ‘Restart

Configuring NTP Server on Windows 2019 using Windows PowerShell

If you love working in Powershell, launch Powershell as Administrator and enable NTP server using the command:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpServer” -Name “Enabled” -Value 1

Next, configure Announce Flags value as shown:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\services\W32Time\Config” -Name “AnnounceFlags” -Value 5

Finally, restart the NTP server using the command:

Restart-Service w32Time

Important Note: UDP port 123 must be open for the NTP server traffic to reach your Windows Server 2019. If the NTP servers are unreachable, you can check your firewall settings to fix this.

Other useful commands

  1. w32tm /query /configuration to check and shows the NTP server configuration.
  2. w32tm /query /peers for checking the list of NTP servers configured alongside their configuration status
  3. w32tm /resync /nowait to force-synchronize time with your NTP server.
  4. w32tm /query /source to show the source of the time.
  5. w32tm /query /status to reveal NTP time service status.

Final take

Now your Windows Server 2019 clock is synchronized with time the NTP server’s pool.ntp.org and works as NTP client. You can achieve full network and accompanying infrastructure time synchronization by synchronizing all network workstations, servers, routers, hubs, and switches.

Since NTP servers operate over the UDP protocol using TCP/IP, these network infrastructures must be working efficiently for effective NTP server operation. In case you want to make time servers on windows server 2019 hosted on a virtual machine, you should disable the virtual machine time synchronization settings and sync their time with the domain Windows Server 2019.

Network Time Protocol (NTP) runs on the Transport Layer port 123 UDP and enables accurate time synchronization for network computers. This irons out time inconsistencies on servers and clients during file logging or replication of server databases among other resources.

In this article, we’ll outline the process of installing, configuring, and querying an NTP server on Windows Server 2019.

NTP servers utilize the Network Time Protocol to send time signals to servers across the globe upon request. NTP servers use the Universal Time Coordinated (UTC) time source for time signal synchronization.

The main purpose of NTP servers is to provide time synchronization for servers and computer networks with other major network servers and clients across the globe. In turn, this streamlines communications and transactions all over the world.

Installing and Configuring an NTP Server on Windows Server 2019

The process of installing, configuring, and querying an NTP Server on Windows Server 2019 is quite straightforward.

Set the NTP service to Automatic option

To start off, Hit Windows Key + R to launch the Run dialogue. Next, type services.msc and hit ENTER.

In the ‘Services’ window, locate the service ‘Windows Time’. Right-click and select the ‘Properties’ option as shown:

On the pop-up window, select the Startup type as ‘Automatic’.

Finally, click on ‘OK’ and then ‘Apply’.

Configuring NTP Server using Registry Editor

As before, launch the run dialogue by pressing Windows Key + R. Then type ‘regedit’ and hit ENTER.

The Registry editor will be launched as shown:

Navigate to the path shown below:

ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpServer

On the right pane, locate and double-click the ‘Enabled’ file as shown:

Set the Value data to 1 and click OK.

Next, follow this path.

Computer>HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>W32Time>Config

At the right pane locate the ‘Announce Flags’ file.

Double click on the file and set its value to 5 in the ‘Value Data’ section.

Finally, reboot the NTP server for the changes to take place. Head back to the services Window, right-click on ‘Windows Time’ and select ‘Restart

Configuring NTP Server on Windows 2019 using Windows PowerShell

If you love working in Powershell, launch Powershell as Administrator and enable NTP server using the command:

Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesw32timeTimeProvidersNtpServer” -Name “Enabled” -Value 1

Next, configure Announce Flags value as shown:

Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetservicesW32TimeConfig” -Name “AnnounceFlags” -Value 5

Finally, restart the NTP server using the command:

Restart-Service w32Time

Important Note: UDP port 123 must be open for the NTP server traffic to reach your Windows Server 2019. If the NTP servers are unreachable, you can check your firewall settings to fix this.

Other useful commands

  1. w32tm /query /configuration to check and shows the NTP server configuration.
  2. w32tm /query /peers for checking the list of NTP servers configured alongside their configuration status
  3. w32tm /resync /nowait to force-synchronize time with your NTP server.
  4. w32tm /query /source to show the source of the time.
  5. w32tm /query /status to reveal NTP time service status.

Final take

Now your Windows Server 2019 clock is synchronized with time the NTP server’s pool.ntp.org and works as NTP client. You can achieve full network and accompanying infrastructure time synchronization by synchronizing all network workstations, servers, routers, hubs, and switches.

Since NTP servers operate over the UDP protocol using TCP/IP, these network infrastructures must be working efficiently for effective NTP server operation. In case you want to make time servers on windows server 2019 hosted on a virtual machine, you should disable the virtual machine time synchronization settings and sync their time with the domain Windows Server 2019.

Содержание

  1. How to Configure NTP Server on Windows Server 2019
  2. NTP Server
  3. Installing and Configuring an NTP Server on Windows Server 2019
  4. Configuring NTP Server using Registry Editor
  5. Configuring NTP Server on Windows 2019 using Windows PowerShell
  6. Other useful commands
  7. Final take
  8. Windows Time service tools and settings
  9. Network port
  10. Using W32tm.exe
  11. Run W32tm.exe
  12. Set client to use two time servers
  13. Set client to sync time automatically from a domain source
  14. Check client time configuration
  15. Configure computer clock reset
  16. Example: System clock rate off by four minutes
  17. Example: System clock rate off by three minutes
  18. Using Local Group Policy Editor
  19. Windows registry reference
  20. Config entries
  21. Parameters entries
  22. NtpClient entries
  23. NtpServer entries
  24. Enhanced logging
  25. Group Policy Object settings
  26. Global Configuration Settings
  27. Windows NTP Client settings
  28. Related information

How to Configure NTP Server on Windows Server 2019

Network Time Protocol (NTP) runs on the Transport Layer port 123 UDP and enables accurate time synchronization for network computers. This irons out time inconsistencies on servers and clients during file logging or replication of server databases among other resources.

In this article, we’ll outline the process of installing, configuring, and querying an NTP server on Windows Server 2019.

NTP Server

NTP servers utilize the Network Time Protocol to send time signals to servers across the globe upon request. NTP servers use the Universal Time Coordinated (UTC) time source for time signal synchronization.

The main purpose of NTP servers is to provide time synchronization for servers and computer networks with other major network servers and clients across the globe. In turn, this streamlines communications and transactions all over the world.

Installing and Configuring an NTP Server on Windows Server 2019

The process of installing, configuring, and querying an NTP Server on Windows Server 2019 is quite straightforward.

Set the NTP service to Automatic option

To start off, Hit Windows Key + R to launch the Run dialogue. Next, type services.msc and hit ENTER.

In the ‘Services’ window, locate the service ‘Windows Time’. Right-click and select the ‘Properties’ option as shown:

On the pop-up window, select the Startup type as ‘Automatic’.

Finally, click on ‘OK’ and then ‘Apply’.

Configuring NTP Server using Registry Editor

As before, launch the run dialogue by pressing Windows Key + R. Then type ‘regedit’ and hit ENTER.

The Registry editor will be launched as shown:

Navigate to the path shown below:

ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpServer

On the right pane, locate and double-click the ‘Enabled’ file as shown:

Set the Value data to 1 and click OK.

Next, follow this path.

Computer>HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>W32Time>Config

At the right pane locate the ‘Announce Flags’ file.

Double click on the file and set its value to 5 in the ‘Value Data’ section.

Finally, reboot the NTP server for the changes to take place. Head back to the services Window, right-click on ‘Windows Time’ and select ‘Restart

Configuring NTP Server on Windows 2019 using Windows PowerShell

If you love working in Powershell, launch Powershell as Administrator and enable NTP server using the command:

Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesw32timeTimeProvidersNtpServer” -Name “Enabled” -Value 1

Next, configure Announce Flags value as shown:

Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetservicesW32TimeConfig” -Name “AnnounceFlags” -Value 5

Finally, restart the NTP server using the command:

Restart-Service w32Time

Important Note: UDP port 123 must be open for the NTP server traffic to reach your Windows Server 2019. If the NTP servers are unreachable, you can check your firewall settings to fix this.

Other useful commands

  1. w32tm /query /configuration to check and shows the NTP server configuration.
  2. w32tm /query /peers for checking the list of NTP servers configured alongside their configuration status
  3. w32tm /resync /nowait to force-synchronize time with your NTP server.
  4. w32tm /query /source to show the source of the time.
  5. w32tm /query /status to reveal NTP time service status.

Final take

Now your Windows Server 2019 clock is synchronized with time the NTP server’s pool.ntp.org and works as NTP client. You can achieve full network and accompanying infrastructure time synchronization by synchronizing all network workstations, servers, routers, hubs, and switches.

Since NTP servers operate over the UDP protocol using TCP/IP, these network infrastructures must be working efficiently for effective NTP server operation. In case you want to make time servers on windows server 2019 hosted on a virtual machine, you should disable the virtual machine time synchronization settings and sync their time with the domain Windows Server 2019.

Источник

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Azure Stack HCI, versions 21H2 and 20H2

The Windows Time service (W32Time) synchronizes the date and time for all computers managed by Active Directory Domain Services (AD DS). This article covers the different tools and settings used to manage the Windows Time service.

By default, a computer that is joined to a domain synchronizes time through a domain hierarchy of time sources. However, if a computer has been manually configured to synchronize from a specific time source, perhaps because it was formerly not joined to a domain, you can reconfigure the computer to begin automatically sourcing its time from the domain hierarchy.

Most domain-joined computers have a time client type of NT5DS, which means that they synchronize time from the domain hierarchy. An exception to this is the domain controller, which functions as the primary domain controller (PDC) emulator operations master for the root forest domain. The PDC emulator operations master in turn is configured to synchronize time with an external time source.

You can achieve down to one-millisecond time accuracy in your domain. For more information, see Support boundary for high-accuracy time and see Accurate Time for Windows Server 2016.

Don’t use the Net time command to configure or set a computer’s clock time when the Windows Time service is running.

Also, on older computers that run Windows XP or earlier, the Net time /querysntp command displays the name of a Network Time Protocol (NTP) server with which a computer is configured to synchronize, but that NTP server is used only when the computer’s time client is configured as NTP or AllSync. This command has since been deprecated.

Network port

The Windows Time service follows the Network Time Protocol (NTP) specification, which requires the use of UDP port 123 for all time synchronization. Whenever the computer synchronizes its clock or provides time to another computer, it happens over UDP port 123. This port is exclusively reserved by the Windows Time service.

  • If you have a computer with multiple network adapters (is multi-homed), you cannot enable the Windows Time service based on a network adapter.
  • The Windows Time NTP client uses UDP port 123 for both source and destination sync requests. When using network filtering, be aware of the source port being used.

Using W32tm.exe

You can use the command-line tool W32tm.exe to configure Windows Time service settings and to diagnose computer time problems. W32tm.exe is the preferred command-line tool for configuring, monitoring, and troubleshooting the Windows Time service. W32tm.exe is included with Windows XP and later and Windows Server 2003 and later.

Membership in the local Administrators group is required to run W32tm.exe locally, while membership in the Domain Admins group is required to run W32tm.exe remotely.

Run W32tm.exe

  1. In the Windows search bar, enter cmd.
  2. Right-click Command Prompt, then select Run as administrator.
  3. At the command prompt, enter w32tm followed by the applicable parameter, as described below:
Parameter Description
/? Displays the W32tm command-line help
/register Registers the Windows Time service to run as a service and adds its default configuration information to the registry.
/unregister Unregisters the Windows Time service and removes all of its configuration information from the registry.
/monitor [/domain: ] [/computers: [, [, . ]]] [/threads: ] Monitors the Windows Time service.

/domain: Specifies which domain to monitor. If no domain name is given, or neither the /domain nor /computers option is specified, the default domain is used. This option might be used more than once.

/computers: Monitors the given list of computers. Computer names are separated by commas, with no spaces. If a name is prefixed with a *, it is treated as a PDC. This option might be used more than once.

/threads: Specifies the number of computers to analyze simultaneously. The default value is 3. The allowed range is 1-50.

/ntte Converts a Windows NT system time (measured in 10 -7 -second intervals starting from 0h 1-Jan 1601) into a readable format.
/ntpte Converts an NTP time (measured in 2 -32 -second intervals starting from 0h 1-Jan 1900) into a readable format.
/resync [/computer: ] [/nowait] [/rediscover] [/soft] Tells a computer that it should resynchronize its clock as soon as possible, throwing out all accumulated error statistics.

/computer: : Specifies the computer that should resynchronize. If not specified, the local computer will resynchronize.

/nowait: do not wait for resynchronization to occur; return immediately. Otherwise, wait for resynchronization to complete before returning.

/rediscover: Redetects the network configuration and rediscovers network sources, then resynchronizes.

/soft: Resynchronizes by using existing error statistics. This is used for compatibility purposes.

/stripchart /computer: [/period: ] [/dataonly] [/samples: ] [/rdtsc] Displays a strip chart of the offset between this computer and another computer.

/computer: : The computer to measure the offset against.

/period: : The time between samples, in seconds. The default is 2 seconds.

/dataonly: Displays the data only, without graphics.

/samples: : Collects samples, then stops. If not specified, samples will be collected until Ctrl+C is pressed.

/rdtsc: For each sample, this option prints comma-separated values along with the headers RdtscStart, RdtscEnd, FileTime, RoundtripDelay, and NtpOffset instead of the text graphic.

  • RdtscStart: RDTSC (Read Time Stamp Counter) value collected just before the NTP request was generated.
  • RdtscEnd: RDTSC value collected just after the NTP response was received and processed.
  • FileTime: Local FILETIME value used in the NTP request.
  • RoundtripDelay: Time elapsed in seconds between generating the NTP request and processing the received NTP response, computed as per NTP roundtrip computations.
  • NTPOffset: Time offset in seconds between the local computer and the NTP server, computed as per NTP offset computations.
/config [/computer: ] [/update] [/manualpeerlist: ] [/syncfromflags: ] [/LocalClockDispersion: ] [/reliable:(YES|NO)] [/largephaseoffset: ]** /computer: : Adjusts the configuration of . If not specified, the default is the local computer.

/update: Notifies the Windows Time service that the configuration has changed, causing the changes to take effect.

/manualpeerlist: : Sets the manual peer list to , which is a space-delimited list of DNS or IP addresses. When specifying multiple peers, this option must be enclosed in quotes.

/syncfromflags: : Sets what sources the NTP client should synchronize from. should be a comma-separated list of these keywords (not case sensitive):

  • MANUAL: Include peers from the manual peer list.
  • DOMHIER: Synchronize from a domain controller (DC) in the domain hierarchy.

/LocalClockDispersion: : Configures the accuracy of the internal clock that W32Time will assume when it can’t acquire time from its configured sources.

/reliable:(YES|NO): Set whether this computer is a reliable time source. This setting is only meaningful on domain controllers.

  • YES: This computer is a reliable time service.
  • NO: This computer is not a reliable time service.

/largephaseoffset: : sets the time difference between local and network time that W32Time will consider a spike.

/tz Displays the current time zone settings.
/dumpreg [/subkey: ] [/computer: ] Displays the values associated with a given registry key.

The default key is HKLMSystemCurrentControlSetServicesW32Time (the root key for the Windows Time service).

/subkey: : Displays the values associated with subkey of the default key.

/computer: : Queries registry settings for computer

/query [/computer: ] [/verbose] Displays the computer’s Windows Time service information. This parameter was first made available for the Windows Time client in Windows Vista and Windows Server 2008.

/computer: : Queries the information of . If not specified, the default value is the local computer.

/source: Displays the time source.

/configuration: Displays the configuration of run time and where the setting comes from. In verbose mode, display the undefined or unused setting too.

/peers: Displays a list of peers and their status.

/status: Displays Windows Time service status.

/verbose: Sets the verbose mode to display more information.

/debug > Enables or disables the local computer Windows Time service private log. This parameter was first made available for the Windows Time client in Windows Vista and Windows Server 2008.

/disable: Disables the private log.

/enable: Enables the private log.

  • file: : Specifies the absolute file name.
  • size: : Specifies the maximum size for circular logging.
  • entries: : Contains a list of flags, specified by number and separated by commas, that specify the types of information that should be logged. Valid values are 0 to 300. A range of numbers is valid, in addition to single numbers, such as 0-100,103,106. Value 0-300 is for logging all information.

/truncate: Truncate the file if it exists.

Set client to use two time servers

To set a client computer to point to two different time servers, one named ntpserver.contoso.com and another named clock.adatum.com , type the following command at the command prompt, and then press ENTER:

Set client to sync time automatically from a domain source

To configure a client computer that is currently synchronizing time using a manually-specified computer to synchronize time automatically from the AD domain hierarchy, run the following:

Check client time configuration

To check a client configuration from a Windows-based client computer that has a host name of contosoW1 , run the following command:

The output of this command displays a list of W32time configuration parameters that are set for the client.

Windows Server 2016 has improved the time synchronization algorithms to align with RFC specifications. Therefore, if you want to set the local time client to point to multiple peers, we recommended that you prepare three or more different time servers.

If you have only two time servers, you should specify the Ntpserver UseAsFallbackOnly flag (0x2) to de-prioritize one of them. For example, if you want to prioritize ntpserver.contoso.com over clock.adatum.com , run the following command:

Additionally, you can run the following command and read the value of NtpServer in the output:

Configure computer clock reset

In order for W32tm.exe to reset a computer clock, it first checks the offset ( CurrentTimeOffset , also known as Phase Offset ) between the current time and the computer clock time to determine whether the offset is less than the MaxAllowedPhaseOffset value.

  • CurrentTimeOffset ≤ MaxAllowedPhaseOffset : Adjust the computer clock gradually by using the clock rate.
  • CurrentTimeOffset > MaxAllowedPhaseOffset : Set the computer clock immediately.

Then, to adjust the computer clock by using the clock rate, W32tm.exe calculates a PhaseCorrection value. This algorithm varies depending on the version of Windows:

Windows Server 2016 and later versions:

PhaseCorrection_raw = | CurrentTimeOffset | Г· (16 Г— PhaseCorrectRate Г— pollIntervalInSeconds )
MaximumCorrection = | CurrentTimeOffset | Г· ( UpdateInterval Г· 100)
PhaseCorrection = min( PhaseCorrection_raw , MaximumCorrection )

Windows Server 2012 R2 and earlier versions:

To get the SystemClockRate value, you can use the following command and convert it from seconds to clock ticks by using the formula of (seconds Г— 1,000 Г— 10,000):

PhaseCorrection = | CurrentTimeOffset | Г· ( PhaseCorrectRate Г— UpdateInterval )

All versions of Windows use the same final equation to check PhaseCorrection :

PhaseCorrection ≤ SystemClockRate ÷ 2

Windows Server 2019 and Windows 10 1809 have the same formula as [Windows Server 2016 and later versions] described above by applying cumulative updates from KB5006744 onwards.

These equations use PhaseCorrectRate , UpdateInterval , MaxAllowedPhaseOffset , and SystemClockRate measured in units of clock ticks. On Windows systems, 1 ms = 10,000 clock ticks.

MaxAllowedPhaseOffset is configurable in the registry. However, the registry parameter is measured in seconds instead of clock ticks.

To see the SystemClockRate and pollIntervalInSeconds values (measured in seconds), open a Command Prompt window and then run W32tm /query /status /verbose . This command produces output that resembles the following.

The output presents the poll interval in both clock ticks and in seconds. The equations use the value measured in seconds (the value in parentheses).
The output presents the clock rate in seconds. To see the SystemClockRate value in clock ticks, use the following formula:

( value in seconds ) Г— 1,000 Г— 10,000

For example, if SystemClockRate is 0.0156250 seconds, the value that the equation uses is 156,250 clock ticks. For full descriptions of the configurable parameters and their default values, see Config entries later in this article.

The following examples show how to apply these calculations for Windows Server 2012 R2 and earlier versions.

Example: System clock rate off by four minutes

Your computer clock time is 11:05 and the actual current time is 11:09:

UpdateInterval = 30,000 clock ticks

SystemClockRate = 156,000 clock ticks

MaxAllowedPhaseOffset = 10 min = 600 seconds = 600 Г— 1,000 Г— 10,000 = 6,000,000,000 clock ticks

| CurrentTimeOffset | = 4 min = 4 Г— 60 Г— 1,000 Г— 10,000 = 2,400,000,000 clock ticks

Is CurrentTimeOffset ≤ MaxAllowedPhaseOffset ?

AND does it satisfy the following equation?

(| CurrentTimeOffset | ÷ ( PhaseCorrectRate × UpdateInterval ) ≤ SystemClockRate ÷ 2)

Is 2,400,000,000 / (30,000 × 1) ≤ 156,000 ÷ 2

80,000 ≤ 78,000: FALSE

Therefore, W32tm.exe would set the clock back immediately.

In this case, if you want to set the clock back slowly, you would also have to adjust the values of PhaseCorrectRate or UpdateInterval in the registry to make sure that the equation result is TRUE.

Example: System clock rate off by three minutes

Your computer clock time is 11:05 and the actual current time is 11:08:

UpdateInterval = 30,000 clock ticks

SystemClockRate = 156,000 clock ticks

MaxAllowedPhaseOffset = 10 min = 600 seconds = 600 Г— 1,000 Г— 10,000 = 6,000,000,000 clock ticks

| CurrentTimeOffset | = 3 mins = 3 Г— 60 Г— 1,000 Г— 10,000 = 1,800,000,000 clock ticks

Is CurrentTimeOffset ≤ MaxAllowedPhaseOffset ?

AND does it satisfy the following equation?

(| CurrentTimeOffset | ÷ ( PhaseCorrectRate × UpdateInterval ) ≤ SystemClockRate ÷ 2)

(1,800,000,000) ÷ (1 × 30,000) ≤ 156,000 ÷ 2

In this case, the clock will be set back slowly.

Using Local Group Policy Editor

The Windows Time service stores several configuration properties as registry entries. You can use Group Policy Objects (GPOs) in Local Group Policy Editor to configure most of this information. For example, you can use GPOs to configure a computer to be an NTPServer or NTPClient, configure the time synchronization mechanism, or configure a computer to be a reliable time source.

Group Policy settings for the Windows Time service can be applied on Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 domain controllers and can be applied to computers running Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2.

Windows stores the Windows Time service policy information in the Local Group Policy Editor under Computer ConfigurationAdministrative TemplatesSystemWindows Time Service . It stores configuration information that the policies define in the Windows registry, and then uses those registry entries to configure the registry entries specific to the Windows Time service. As a result, the values defined by Group Policy overwrite any pre-existing values in the Windows Time service section of the registry. Some of the preset GPO settings differ from the corresponding default Windows Time service registry entries.

For example, suppose you edit policy settings in the Time ProvidersConfigure Windows NTP Client policy. Windows loads these settings into the policy area of the registry under the following subkey:

Then Windows uses the policy settings to configure the related Windows Time service registry entries under the following subkey:

The following table lists the policies that you can configure for the Windows Time service, and the registry subkeys that those policies affect.

When you remove a Group Policy setting, Windows removes the corresponding entry from the policy area of the registry.

Group Policy 1 Registry locations 2, 3
Global Configuration Settings W32Time
W32TimeConfig
W32TimeParameters
Time ProvidersConfigure Windows NTP Client W32TimeTimeProvidersNtpClient
Time ProvidersEnable Windows NTP Client W32TimeTimeProvidersNtpClient
Time ProvidersEnable Windows NTP Server W32TimeTimeProvidersNtpServer

1 Category path: Computer ConfigurationAdministrative TemplatesSystemWindows Time Service
2 Subkey: HKLMSOFTWAREPoliciesMicrosoft
3 Subkey: HKLMSYSTEMCurrentControlSetServices

Windows registry reference

This information is provided as a reference for use in troubleshooting and validation. Windows registry keys are used by W32Time to store critical information. Don’t change these values. Modifications to the registry are not validated by the registry editor or by Windows before they are applied. If the registry contains invalid values, Windows may experience unrecoverable errors.

The Windows Time service stores information in the registry at the HKLMSYSTEMCurrentControlSetServicesW32Time path under the following subkeys:

In the following tables, «All versions» refers to Windows 7, Windows 8, Windows 10, Windows Server 2008 and Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.

Some of the parameters in the registry are measured in clock ticks and some are measured in seconds. To convert the time from clock ticks to seconds, use these conversion factors:

  • 1 minute = 60 sec
  • 1 sec = 1000 ms
  • 1 ms = 10,000 clock ticks on a Windows system, as described at DateTime.Ticks Property.

For example, 5 minutes becomes 5 Г— 60 Г— 1000 Г— 10000 = 3,000,000,000 clock ticks.

Config entries

The Config subkey entries are located at HKLMSYSTEMCurrentControlSetServicesW32TimeConfig .

Registry entry Versions Description
AnnounceFlags All versions Controls whether this computer is marked as a reliable time server. A computer is not marked as reliable unless it is also marked as a time server.

  • 0x00. Not a time server
  • 0x01. Always time server
  • 0x02. Automatic time server
  • 0x04. Always-reliable time server
  • 0x08. Automatic reliable time server

The default value for domain members is 10. The default value for stand-alone clients and servers is 10.

ChainDisable Controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), a read-only domain controller (RODC) can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. This is a boolean setting, and the default value is .
ChainEntryTimeout Specifies the maximum amount of time that an entry can remain in the chaining table before the entry is considered to be expired. Expired entries may be removed when the next request or response is processed. The default value is 16 (seconds).
ChainLoggingRate Controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. The default is 30 (minutes).
ChainMaxEntries Controls the maximum number of entries that are allowed in the chaining table. If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. The default value is 128 (entries).
ChainMaxHostEntries Controls the maximum number of entries that are allowed in the chaining table for a particular host. The default value is 4 (entries).
ClockAdjustmentAuditLimit Windows Server 2016 Version 1709 and later versions; Windows 10 Version 1709 and later versions Specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target computer. The default value is 800 (parts per million — PPM).
ClockHoldoverPeriod Windows Server 2016 Version 1709 and later versions; Windows 10 Version 1709 and later versions Indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7,800 seconds.
EventLogFlags All versions Controls which events that the time service logs.

  • 0x1. Time jump
  • 0x2. Source change

The default value on domain members is 2. The default value on stand-alone clients and servers is 2.

FrequencyCorrectRate All versions Controls the rate at which the clock is corrected. If this value is too small, the clock is unstable and overcorrects. If the value is too large, the clock takes a long time to synchronize. The default value on domain members is 4. The default value on stand-alone clients and servers is 4.

Note
Zero is not a valid value for the FrequencyCorrectRate registry entry. On Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 computers, if the value is set to , the Windows Time service automatically changes it to 1.

HoldPeriod All versions Controls the period of time for which spike detection is disabled in order to bring the local clock into synchronization quickly. A spike is a time sample indicating that time is off a number of seconds, and is received after good time samples have been returned consistently. The default value on domain members is 5. The default value on stand-alone clients and servers is 5.
LargePhaseOffset All versions Specifies that a time offset greater than or equal to this value in 10 -7 seconds is considered a spike. A network disruption such as a large amount of traffic might cause a spike. A spike will be ignored unless it persists for a long period of time. The default value on domain members is 50000000. The default value on stand-alone clients and servers is 50000000.
LastClockRate All versions Maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default value on domain members is 156250. The default value on stand-alone clients and servers is 156250.
LocalClockDispersion All versions Controls the dispersion (in seconds) that you must assume when the only time source is the built-in CMOS clock. The default value on domain members is 10. The default value on stand-alone clients and servers is 10.
MaxAllowedPhaseOffset All versions Specifies the maximum offset (in seconds) for which W32Time attempts to adjust the computer clock by using the clock rate. When the offset exceeds this rate, W32Time sets the computer clock directly. The default value for domain members is 300. The default value for stand-alone clients and servers is 1.
MaxClockRate All versions Maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default value for domain members is 155860. The default value for stand-alone clients and servers is 155860.
MaxNegPhaseCorrection All versions Specifies the largest negative time correction, in seconds, that the service makes. If the service determines that a change larger than this is required, it logs an event instead.

Note
The value 0xFFFFFFFF is a special case. This value means that the service always corrects the time.

The default value for domain members is 0xFFFFFFFF (hexadecimal). The default value for domain controllers is 172,800 (48 hrs). The default value for stand-alone clients and servers is 54,000 (15 hrs).

MaxPollInterval All versions Specifies the largest interval, in log2 seconds, allowed for the system polling interval. A system must poll according to the scheduled interval, a provider can refuse to produce samples when requested to do so. The default value for domain controllers is 10. The default value for domain members is 15. The default value for stand-alone clients and servers is 15.
MaxPosPhaseCorrection All versions Specifies the largest positive time correction in seconds that the service makes. If the service determines that a change larger than this is required, it logs an event instead.

Note
The value 0xFFFFFFFF is a special case. This value means that the service always corrects the time.

The default value for domain members is 0xFFFFFFFF (hexadecimal). The default value for domain controllers is 172,800 (48 hrs). The default value for stand-alone clients and servers is 54,000 (15 hrs).

MinClockRate All versions Maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default value for domain members is 155860. The default value for stand-alone clients and servers is 155860.
MinPollInterval All versions Specifies the smallest interval, in log base 2 seconds, allowed for the system polling interval. A system does not request samples more frequently than this, a provider can produce samples at times other than the scheduled interval. The default value for domain controllers is 6. The default value for domain members is 10. The default value for stand-alone clients and servers is 10.
PhaseCorrectRate All versions Controls the rate at which the phase error is corrected. Specifying a small value corrects the phase error quickly, but might cause the clock to become unstable. If the value is too large, it takes a longer time to correct the phase error.

The default value on domain members is 1. The default value on stand-alone clients and servers is 7.

Note
Zero is not a valid value for the PhaseCorrectRate registry entry. On Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 computers, if the value is set to , the Windows Time service automatically changes it to 1.

PollAdjustFactor All versions Controls the decision to increase or decrease the poll interval for the system. The larger the value, the smaller the amount of error that causes the poll interval to be decreased. The default value on domain members is 5. The default value on stand-alone clients and servers is 5.
RequireSecureTimeSyncRequests Windows 8 and later versions Controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC will not respond to requests using such protocols. This is a boolean setting, and the default value is .
SpikeWatchPeriod All versions Specifies the amount of time that a suspicious offset must persist before it is accepted as correct (in seconds). The default value on domain members is 900. The default value on stand-alone clients and workstations is 900.
TimeJumpAuditOffset All versions An unsigned integer that indicates the time jump audit threshold, in seconds. If the time service adjusts the local clock by setting the clock directly, and the time correction is more than this value, then the time service logs an audit event.
UpdateInterval All versions Specifies the number of clock ticks between phase correction adjustments. The default value for domain controllers is 100. The default value for domain members is 30,000. The default value for stand-alone clients and servers is 360,000.

Note
Zero is not a valid value for the UpdateInterval registry entry. On computers running Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2, if the value is set to , the Windows Time service automatically changes it to 1.

UtilizeSslTimeData Windows versions later than Windows 10 build 1511 Value of 1 indicates that W32Time uses multiple SSL timestamps to seed a clock that is grossly inaccurate.

Parameters entries

The Parameters subkey entries are located at HKLMSYSTEMCurrentControlSetServicesW32TimeParameters .

Registry entry Versions Description
AllowNonstandardModeCombinations All versions Indicates that non-standard mode combinations are allowed in synchronization between peers. The default value for domain members is 1. The default value for stand-alone clients and servers is 1.
NtpServer All versions Specifies a space-delimited list of peers from which a computer obtains time stamps, consisting of one or more DNS names or IP addresses per line. Each DNS name or IP address listed must be unique. Computers connected to a domain must synchronize with a more reliable time source, such as the official U.S. time clock.

  • 0x1 SpecialInterval
  • 0x2 UseAsFallbackOnly
  • 0x4 SymmetricActive: For more information about this mode, see Windows Time Server.
  • 0x8 Client

There is no default value for this registry entry on domain members. The default value on stand-alone clients and servers is time.windows.com,0x1 .

ServiceDll All versions Maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default location for this DLL on both domain members and stand-alone clients and servers is %windir%System32W32Time.dll.
ServiceMain All versions Maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default value on domain members is SvchostEntry_W32Time. The default value on stand-alone clients and servers is SvchostEntry_W32Time.
Type All versions Indicates which peers to accept synchronization from:

  • NoSync. The time service does not synchronize with other sources.
  • NTP. The time service synchronizes from the servers specified in the NtpServer. registry entry.
  • NT5DS. The time service synchronizes from the domain hierarchy.
  • AllSync. The time service uses all the available synchronization mechanisms.

The default value on domain members is NT5DS. The default value on stand-alone clients and servers is NTP.

NtpClient entries

The NtpClient subkey entries are located at HKLMSYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpClient

Registry entry Version Description
AllowNonstandardModeCombinations All versions Indicates that non-standard mode combinations are allowed in synchronization between peers. The default value for domain members is 1. The default value for stand-alone clients and servers is 1.
CompatibilityFlags All versions Specifies the following compatibility flags and values:

  • 0x00000001 — DispersionInvalid
  • 0x00000002 — IgnoreFutureRefTimeStamp
  • 0x80000000 — AutodetectWin2K
  • 0x40000000 — AutodetectWin2KStage2

The default value for domain members is 0x80000000. The default value for stand-alone clients and servers is 0x80000000.

CrossSiteSyncFlags All versions Determines whether the service chooses synchronization partners outside the domain of the computer. The options and values are:

  • — None
  • 1 — PdcOnly
  • 2 — All

This value is ignored if the NT5DS value is not set. The default value for domain members is 2. The default value for stand-alone clients and servers is 2.

DllName All versions Specifies the location of the DLL for the time provider.

The default location for this DLL on both domain members and stand-alone clients and servers is %windir%System32W32Time.dll.

Enabled All versions Indicates if the NtpClient provider is enabled in the current Time Service.

  • 1 — Yes
  • — No

The default value on domain members is 1. The default value on stand-alone clients and servers is 1.

EventLogFlags All versions Specifies the events logged by the Windows Time service.

  • 0x1 — Reachability changes
  • 0x2 — Large sample skew (This is applicable to Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 only)

The default value on domain members is 0x1. The default value on stand-alone clients and servers is 0x1.

InputProvider All versions Indicates whether to enable the NtpClient as an InputProvider, which obtains time information from the NtpServer. The NtpServer is a time server that responds to client time requests on the network by returning time samples that are useful for synchronizing the local clock.

  • 1 — Yes
  • — No

Default value for both domain members and stand-alone clients is 1.

LargeSampleSkew All versions Specifies the large sample skew for logging, in seconds. To comply with Security and Exchange Commission (SEC) specifications, this should be set to three seconds. Events will be logged for this setting only when EventLogFlags is explicitly configured for 0x2 large sample skew. The default value on domain members is 3. The default value on stand-alone clients and servers is 3.
ResolvePeerBackOffMaxTimes All versions Specifies the maximum number of times to double the wait interval when repeated attempts to locate a peer to synchronize with fail. A value of zero means that the wait interval is always the minimum. The default value on domain members is 7. The default value on stand-alone clients and servers is 7.
ResolvePeerBackoffMinutes All versions Specifies the initial interval to wait, in minutes, before attempting to locate a peer to synchronize with. The default value on domain members is 15. The default value on stand-alone clients and servers is 15.
SpecialPollInterval All versions Specifies the special poll interval, in seconds, for manual peers. When the SpecialInterval 0x1 flag is enabled, W32Time uses this poll interval instead of a poll interval determined by the operating system. The default value on domain members is 3,600. The default value on stand-alone clients and servers is 604,800.

New for build 1703, SpecialPollInterval is contained by the MinPollInterval and MaxPollInterval Config registry values.

SpecialPollTimeRemaining All versions Maintained by W32Time. It contains reserved data that is used by the Windows operating system. It specifies the time, in seconds, before W32Time will resynchronize after the computer has restarted. Any changes to this setting can cause unpredictable results. The default value on both domain members and on stand-alone clients and servers is left blank.

NtpServer entries

The NtpServer subkey entries are located at HKLMSYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpServer .

Registry Entry Versions Description
AllowNonstandardModeCombinations All versions Indicates that non-standard mode combinations are allowed in synchronization between clients and servers. The default value for domain members is 1. The default value for stand-alone clients and servers is 1.
DllName All versions Specifies the location of the DLL for the time provider. The default location for this DLL on both domain members and stand-alone clients and servers is %windir%System32W32Time.dll .
Enabled All versions Indicates if the NtpServer provider is enabled in the current Time Service.

  • 1 — Yes
  • — No

The default value on domain members is . The default value on stand-alone clients and servers is .

InputProvider All versions Indicates whether to enable the NtpClient as an InputProvider, which obtains time information from the NtpServer. The NtpServer is a time server that responds to client time requests on the network by returning time samples that are useful for synchronizing the local clock.

  • 1 — Yes
  • — No = 0

Default value for both domain members and stand-alone clients: 0

Enhanced logging

The following registry entries are not a part of the W32Time default configuration but can be added to the registry to obtain enhanced logging capabilities. The information logged to the System Event log can be modified by changing values for the EventLogFlags setting in the Group Policy Object Editor. By default, the Windows Time service logs an event every time that it switches to a new time source.

In order to enable W32Time logging, add the following registry entries:

Entry Versions Description
FileLogEntries All versions Controls the number of entries created in the Windows Time log file. The default value is none, which does not log any Windows Time activity. Valid values are to 300. This value does not affect the event log entries normally created by Windows Time
FileLogName All versions Controls the location and file name of the Windows Time log. The default value is blank, and should not be changed unless FileLogEntries is changed. A valid value is a full path and file name that Windows Time will use to create the log file. This value does not affect the event log entries normally created by Windows Time.
FileLogSize All versions Controls the circular logging behavior of Windows Time log files. When FileLogEntries and FileLogName are defined, defines the size, in bytes, to allow the log file to reach before overwriting the oldest log entries with new entries. Please use 1000000 or larger value for this setting. This value does not affect the event log entries normally created by Windows Time.

Group Policy Object settings

Group Policy settings are contained in the Global Configuration Settings and the Windows NTP Client Settings GPOs.

Global Configuration Settings

These are the global Group Policy settings and default values for the Windows Time service. These settings are contained in the Global Configuration Settings GPO in Local Policy Editor.

Group Policy setting Default value
AnnounceFlags 10
EventLogFlags 2
FrequencyCorrectRate 4
HoldPeriod 5
LargePhaseOffset 1,280,000
LocalClockDispersion 10
MaxAllowedPhaseOffset 300
MaxNegPhaseCorrection 54,000 (15 hours)
MaxPollInterval 15
MaxPosPhaseCorrection 54,000 (15 hours)
MinPollInterval 10
PhaseCorrectRate 7
PollAdjustFactor 5
SpikeWatchPeriod 90
UpdateInterval 100

Windows NTP Client settings

These are the Windows NTP client settings and default values for the Windows Time service. These settings are contained in the Configure Windows NTP Client GPO in Local Group Policy Editor.

Group Policy setting Default value
NtpServer time.windows.com , 0x1
Type NT5DS — Used for domain-joined computers
NTP — Used for non-domain-joined computers
CrossSiteSyncFlags 2
ResolvePeerBackoffMinutes 15
ResolvePeerBackoffMaxTimes 7
SpecialPollInterval 3,600
EventLogFlags

If you use Group Policy to set the NtpServer value as part of the Configure Windows NTP Client policy and apply it to a domain member, the Windows Time Service will not use the NtpServer Registry value. To view your NTP configuration, open a Command Prompt and run w32tm /query /configuration .

See RFC 1305 — Network Time Protocol of the Internet Engineering Task Force (IETF).

Источник

Maintaining accurate time on your server is critical largely because many services and IT applications rely on accurate time settings to function as expected. These include logging services, monitoring and auditing applications, and database replication to mention a few.

Time skew in servers, and any client systems for that matter, is undesirable and usually causes conflict in time-critical applications.  To maintain accurate time settings on your server and across the network by extension, it’s preferred to install and enable a NTP server on your server.

What is an NTP server?

NTP, short for Network Time Protocol, is a protocol that synchronizes time across network devices. It listens on UDP port 123 and always ensures that time inconsistencies across the server and client systems are mitigated and that client systems are always in sync with the server.

NTP server refers to a network device or a service that fetches time from an external time source and syncs the time across the network using the NTP protocol. This guide will focus on installing NTP service on Windows server 2019.

How Does NTP Work ?

Being a protocol, NTP requires a client-server architecture. The NTP client residing on a Windows PC, for example, initiates a time request exchange with the NTP server.

A time-stamp data exchange happens between the server and client and this helps in adjusting the clock on client’s systems to the highest degree of accuracy to match the time on the NTP server. In this guide, we will walk you through the installation and configuration of NTP server on Windows Server 2019.

There are several ways of setting up NTP server and we will look at each in turn.

In Windows Server environments, there is a special Windows time service that handles time synchronization between the server and the client systems. This is known as Windows Time service. PowerShell provides a command-line tool known as w32tm.exe and comes included in all versions of Windows from Windows XP and Windows Server 2008 to the latest versions of each OS.

Using the w32tm.exe utility, you can configure your Windows system to sync with online time servers. Usually, this is the tool of choice when setting up and monitoring time on your Windows Server system.

Using the command-line utility is quite straightforward.

For example, to set the Server to point to 2 different time servers, namely 0.us.pool.ntp.org  and  1.us.pool.ntp.org , launch  PowerShell as the Administrator and  run the command below

w32tm /config /syncfromflags:manual /manualpeerlist:”0.us.pool.ntp.org 1.us.pool.ntp.org” /update

Then restart Windows Time service using the commands:

Stop-Service w32time
Start-Service w32time

Here’s a snippet of the commands.

You can thereafter confirm the values of NTP servers configured in the registry by running this command:

w32tm /dumpreg /subkey:parameters

Configure NTP Server on Windows Server 2019 using Registry editor

The second method of installing and configuring the NTP server is using the registry editor. If you are not a fan of the Windows PowerShell, then this will truly come in handy.

To get started, open the registry editor. Press ‘Windows key + R’ and type ‘regedit’ and hit ENTER. The windows registry will be launched as shown below.

Next, head over to the path shown below

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

On the right pane. Be sure to find & double-click the file labelled ‘Enabled’ in the diagram shown below.

Next, In the ‘value data’ text field, set the value to ‘1’ and click the ‘Ok’ button.

Next, head over to the path:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

In the right pane, double click the ‘Announce Flags’ file.

Double-click the file and in the Value data text field, type the value ‘5’ and click ‘OK’.

For the changes to come into effect, you need to reboot the NTP server by heading to the services Window. To achieve this, press ‘Windows key + R’ and type ‘services.msc’. Scroll and find ‘Windows Time’, right-click on it and select the ‘Restart’ option.

Useful w32tm commands

Once you have set up your NTP server, you can use the following commands to verify various aspects of the server:

To check the status of the NTP server, run the command:

w32tm /query /status

To reveal the current NTP pool being used to sync time with execute:

w32tm /query /source

You can also display a list of NTP time servers along with their configuration status as shown.

w32tm /query /peers

To display NTP server configuration settings, run the command:

w32tm /query /source

This shows quite a wealth of information.

Final Take

We cannot stress enough how important it is to maintain accurate time and date settings on your server. As you have seen, setting up an NTP server on your Windows server instance is quite easy and straight forward.

Once you have configured the NTP service on your server, other domain controllers in your environment will sync with this server and the Windows clients in the domain will sync with the domain controllers. Hopefully, you can now install and configure NTP on Windows Server 2019.

StarWind VSAN

Viewing-the-NTP-registry-values-that-are-configured-for-your-Windows-Server
Viewing-the-NTP-registry-values-that-are-configured-for-your-Windows-Server

There is no question about it, having accurate time in your environment set in critical infrastructure systems is a must. Many business-critical applications and infrastructure systems rely on accurate time synchronized between them to ensure the system functions as expected. Time skew can cause all kinds of weirdness when it is misconfigured or out of sync between different servers/systems. This is especially true in a Windows Server Active Directory domain. Having accurate time between a client computer and domain controllers is essential. Let’s take a look at how to set ntp server Windows 2016 or Windows 2019 to see how this can be easily carried out.

What is NTP?

Wen it comes to synchronizing time in most enviornments, Network Time Protocol (NTP) is the protocol that is used to ensure accurate time across your environent. In most environments, NTP servers, special time servers, are configured that provide an external time source for which your internal servers can synchronize with.

There are several widely known NTP IP addresses on the Internet that provide reliable time sources for your network. The NTP.org servers are one such set of time servers that provide an NTP source for configuration.
There are a few NTP values to be aware of:

  • NTP Server – This is a specialized server that is able to detremine the precise time from an external timing reference such as GPS and passes these precise time values on to your network
  • Offset – This is the difference in time between the external time server and the time on a local client computer. The larger the offset, the more inaccurate the timing source is.
  • Delay – This is the value of the round-trip time (latency) of the timing message between the client to the server and back again.

How Time is synchronized in a Windows Server domain

In a Windows domain, Microsoft has default configuration in place that takes care of a good portion of the NTP configuration. Starting with Windows 2000 Server, Windows clients are configured as NTP Clients. When configured as an NTP client, Windows computers only attempt to contact the domain controller for NTP synchronization or a manually specified NTP server.

Altaro VM Backup

Microsoft has made the domain controller the default in a Windows domain since it makes sense that clients already have a secure channel established with DCs for other types of communications. Additionally, accurate and synchronized time between domain controllers and clients is especially important for all kinds of things such as logins, group policy synchronization and other tasks/operations.

The order of operations or hierarchy in a Windows domain is as follows:

  • Domain members attempt to synchronize time with any domain controller located in the domain
  • Domain controllers synchronize with a more authoritative domain controller
  • The first domain controller that is installed in the environment is automatically configured to be a reliable time source.
  • Other than the first domain controller installed, the PDC emulator (if role has been moved from the first DC installed) generally holds the position of best time source.

An important point to consider and that comes into play when thinking about why we set ntp server in Windows 2016 or Windows 2019 is the authoritative domain controller must have a reliable source to synchronize with as well. This is generally an external time server outside of the domain hierarchy.

Now that we know how the domain hierarchy for time is configured, how is the external time source configured on your domain controller that is configured as the reliable source of time?

Configuring Windows Time Service with W32tm.exe

When it comes to Windows Server environments like Windows Server 2016 or Windows Server 2019, there is a special Windows service that controls the time synchronization of your Windows hosts. This is the Windows Time Service.

Microsoft provides a command line tool to interact with the Windows Time Service called W32tm.exe. This has been included in Windows operating systems since Windows XP/Windows 2003 and later. It can be used to configure Windows Time service parameters as well as diagnose time service problems. This is generally the tool of choice when it comes to configuring, monitoring, and administering Windows Time.

Using the W32tm.exe utility is fairly straightforward. It can be used from a normal command prompt as well as from a PowerShell prompt. There are several command parameters included that allow not only configuring the NTP servers you want to query, but also parameters that allow viewing the low level registry configuration as well as the synchronization status.

You can read the official Microsoft KB on the Windows Time service and the W32tm.exe utility here:

  • https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings

However, there are a few commands I would like to show you for the purposes of configuring your Domain controller that is to be the reliable time source (PDC Emulator) for your domain.

The first command is the command line entry to specify your NTP servers, which in this case I am using the NTP.org servers to set as the source of my NTP synchronization.

w32tm /config /syncfromflags:manual /manualpeerlist:"0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org" /update

Stop-Service w32time
Start-Service w32time

Configuring-the-time-source-for-your-domain-with-the-w32tm-utility

Configuring the time source for your domain with the w32tm utility

If you want to view the status of the NTP synchronization on your server after you have configured the values and restarted the w32time service, you can use the following command:

w32tm /query /status

Querying-the-NTP-synchronization-status-of-your-Windows-Server-2016-or-2019-domain-controller

Querying the NTP synchronization status of your Windows Server 2016 or 2019 domain controller

You can also check the values configured in your registry key hkey local machine system currentcontrolset services w32time config using the commands below. You can drill into the configuration parameters using the /dumpreg /subkey command.

w32tm /dumpreg

w32tm /dumpreg /subkey:parameters

Viewing-the-NTP-registry-values-that-are-configured-for-your-Windows-Server

Viewing the NTP registry values that are configured for your Windows Server

Final Thoughts

As shown, you can easily set NTP Server Windows 2016 or Windows 2019 using the w32tm command utility that allows interacting with the time service in Windows Server.

In a Windows domain, you want to configure your authoritative time source domain controller, which by default is the PDC Emulator, to pull time information from an authoritative source like NTP.org or some other reliable NTP time server.

After configuring the time source, the other domain controllers will synchronize with this server and then the Windows clients joined to the domain will synchronize with the domain controllers that have the corrected time from the authoritative server.

Tutorial Configure NTP Server in Windows Server 2019

Tutorial Configure NTP Server in Windows Server 2019. It is important to have accurate timing on all clients and servers. If time is not accurate on computers, serious network problems will occur. Fortunately, Windows has taken this into account. The service Network Time Protocol (NTP) has been around since Windows XP and Windows Server 2003. Also, most Unix and Linux versions of the NTP service supported the first version.

In this article, we will teach you how to configure the NTP server in windows server 2019.

You can Choose your perfect Windows VPS Server Packages from eldernode.

A) Open the Registry Editor

1. Click on the start menu and search for the Run.

2. Type Regedit and hit Enter. A window will open as shown below.

Configure NTP Server in Windows Server 2019

3. In the window that opens, select HKEY_LOCAL_MACHINE.

Configure

4. Follow the path below to reach the NtpServer option.

 SYSTEM>CurrentControlSet>Services>W32Time>TimeProviders>NtpServer  

Configure NTP Server in Windows Server 2019-3

5. On the right page, double-click Enabled.

In the Value data section, change the value from 0 to 1 and click ok.

Configure NTP Server in Windows Server 2019-4

6. Continue the path below until you reach the config option.

 Computer>HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>W32Time>Config.  

From the page on the right, double-click AnnounceFlags and change its value to 5 and click ok.

Configure NTP Server in Windows Server 2019-5

The following options explain the information about AnnounceFlags:

0x00 Not a time server

0x01 Always time server

0x02 Automatic time server

0x04 Always reliable time server

0x08 Automatic reliable time server

default value for domain members and stand-alone clients and servers is 10.

B) Restart NTPServer

1. Open the Services by searching in start menu or hitting on the windows key.

2. In the window that opens, select the windows time option. Then right-click on it and select Restart.

Configure NTP Server in Windows Server 2019-6

C) Open UDP port 123 in Firewall

You can follow the Learn how to open a port on a Windows firewall.

Note that this port is UDP and not TCP.

Dear user, we hope you would enjoy this tutorial, you can ask questions about this training in the comments section, or to solve other problems in the field of Eldernode training, refer to the Ask page section and raise your problem in it as soon as possible. Make time for other users and experts to answer your questions.

Goodluck.

You may also be interested in some related articles:

  • Настройка punto switcher для windows 10
  • Настройка rdp через интернет windows server
  • Настройка ntp server windows server 2008 r2
  • Настройка proxy server windows server
  • Настройка rdp на windows server 2019 без домена