Network Time Protocol (NTP) runs on the Transport Layer port 123 UDP and enables accurate time synchronization for network computers. This irons out time inconsistencies on servers and clients during file logging or replication of server databases among other resources.
In this article, we’ll outline the process of installing, configuring, and querying an NTP server on Windows Server 2019.
NTP Server
NTP servers utilize the Network Time Protocol to send time signals to servers across the globe upon request. NTP servers use the Universal Time Coordinated (UTC) time source for time signal synchronization.
The main purpose of NTP servers is to provide time synchronization for servers and computer networks with other major network servers and clients across the globe. In turn, this streamlines communications and transactions all over the world.
Installing and Configuring an NTP Server on Windows Server 2019
The process of installing, configuring, and querying an NTP Server on Windows Server 2019 is quite straightforward.
Set the NTP service to Automatic option
To start off, Hit Windows Key + R to launch the Run dialogue. Next, type services.msc and hit ENTER.
In the ‘Services’ window, locate the service ‘Windows Time’. Right-click and select the ‘Properties’ option as shown:
On the pop-up window, select the Startup type as ‘Automatic’.
Finally, click on ‘OK’ and then ‘Apply’.
Configuring NTP Server using Registry Editor
As before, launch the run dialogue by pressing Windows Key + R. Then type ‘regedit’ and hit ENTER.
The Registry editor will be launched as shown:
Navigate to the path shown below:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
On the right pane, locate and double-click the ‘Enabled’ file as shown:
Set the Value data to 1 and click OK.
Next, follow this path.
Computer>HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>W32Time>Config
At the right pane locate the ‘Announce Flags’ file.
Double click on the file and set its value to 5 in the ‘Value Data’ section.
Finally, reboot the NTP server for the changes to take place. Head back to the services Window, right-click on ‘Windows Time’ and select ‘Restart’
Configuring NTP Server on Windows 2019 using Windows PowerShell
If you love working in Powershell, launch Powershell as Administrator and enable NTP server using the command:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpServer” -Name “Enabled” -Value 1
Next, configure Announce Flags value as shown:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\services\W32Time\Config” -Name “AnnounceFlags” -Value 5
Finally, restart the NTP server using the command:
Restart-Service w32Time
Important Note: UDP port 123 must be open for the NTP server traffic to reach your Windows Server 2019. If the NTP servers are unreachable, you can check your firewall settings to fix this.
Other useful commands
- w32tm /query /configuration to check and shows the NTP server configuration.
- w32tm /query /peers for checking the list of NTP servers configured alongside their configuration status
- w32tm /resync /nowait to force-synchronize time with your NTP server.
- w32tm /query /source to show the source of the time.
- w32tm /query /status to reveal NTP time service status.
Final take
Now your Windows Server 2019 clock is synchronized with time the NTP server’s pool.ntp.org and works as NTP client. You can achieve full network and accompanying infrastructure time synchronization by synchronizing all network workstations, servers, routers, hubs, and switches.
Since NTP servers operate over the UDP protocol using TCP/IP, these network infrastructures must be working efficiently for effective NTP server operation. In case you want to make time servers on windows server 2019 hosted on a virtual machine, you should disable the virtual machine time synchronization settings and sync their time with the domain Windows Server 2019.
Для начала надо открыть 123 udp порт для контроллера домена.
1. Запускаем командную строку от имени администратора.
2. Останавливаем службу W32Time: net stop w32time
3. Задаем адреса внешних источников времени:
w32tm /config /syncfromflags:manual /manualpeerlist:»0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org»
4. Теперь заставим контроллер отвечать клиентам на запросы о синхронизации времени:
w32tm /config /reliable:yes
5. Запускаем службу времени W32Time:
net start w32time
6. Проверяем текущую конфигурацию службы времени:
w32tm /query /configuration
На этом синхронизацию времени в домене Windows можно считать настроенной
https://support.rdb24.com/hc/ru/articles/212467929-%D0%9A%D0%B0%D0%BA-%D1%81%D0%B8%D0%BD%D1%85%D1%80%D0%BE%D0%BD%D0%B8%D0%B7%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D1%82%D1%8C-%D0%B2%D1%80%D0%B5%D0%BC%D1%8F-%D0%B2-%D0%B4%D0%BE%D0%BC%D0%B5%D0%BD%D0%B5-Active-Directory
There is no question about it, having accurate time in your environment set in critical infrastructure systems is a must. Many business-critical applications and infrastructure systems rely on accurate time synchronized between them to ensure the system functions as expected. Time skew can cause all kinds of weirdness when it is misconfigured or out of sync between different servers/systems. This is especially true in a Windows Server Active Directory domain. Having accurate time between a client computer and domain controllers is essential. Let’s take a look at how to set ntp server Windows 2016 or Windows 2019 to see how this can be easily carried out.
What is NTP?
Wen it comes to synchronizing time in most enviornments, Network Time Protocol (NTP) is the protocol that is used to ensure accurate time across your environent. In most environments, NTP servers, special time servers, are configured that provide an external time source for which your internal servers can synchronize with.
There are several widely known NTP IP addresses on the Internet that provide reliable time sources for your network. The NTP.org servers are one such set of time servers that provide an NTP source for configuration.
There are a few NTP values to be aware of:
- NTP Server – This is a specialized server that is able to detremine the precise time from an external timing reference such as GPS and passes these precise time values on to your network
- Offset – This is the difference in time between the external time server and the time on a local client computer. The larger the offset, the more inaccurate the timing source is.
- Delay – This is the value of the round-trip time (latency) of the timing message between the client to the server and back again.
How Time is synchronized in a Windows Server domain
In a Windows domain, Microsoft has default configuration in place that takes care of a good portion of the NTP configuration. Starting with Windows 2000 Server, Windows clients are configured as NTP Clients. When configured as an NTP client, Windows computers only attempt to contact the domain controller for NTP synchronization or a manually specified NTP server.
Microsoft has made the domain controller the default in a Windows domain since it makes sense that clients already have a secure channel established with DCs for other types of communications. Additionally, accurate and synchronized time between domain controllers and clients is especially important for all kinds of things such as logins, group policy synchronization and other tasks/operations.
The order of operations or hierarchy in a Windows domain is as follows:
- Domain members attempt to synchronize time with any domain controller located in the domain
- Domain controllers synchronize with a more authoritative domain controller
- The first domain controller that is installed in the environment is automatically configured to be a reliable time source.
- Other than the first domain controller installed, the PDC emulator (if role has been moved from the first DC installed) generally holds the position of best time source.
An important point to consider and that comes into play when thinking about why we set ntp server in Windows 2016 or Windows 2019 is the authoritative domain controller must have a reliable source to synchronize with as well. This is generally an external time server outside of the domain hierarchy.
Now that we know how the domain hierarchy for time is configured, how is the external time source configured on your domain controller that is configured as the reliable source of time?
Configuring Windows Time Service with W32tm.exe
When it comes to Windows Server environments like Windows Server 2016 or Windows Server 2019, there is a special Windows service that controls the time synchronization of your Windows hosts. This is the Windows Time Service.
Microsoft provides a command line tool to interact with the Windows Time Service called W32tm.exe. This has been included in Windows operating systems since Windows XP/Windows 2003 and later. It can be used to configure Windows Time service parameters as well as diagnose time service problems. This is generally the tool of choice when it comes to configuring, monitoring, and administering Windows Time.
Using the W32tm.exe utility is fairly straightforward. It can be used from a normal command prompt as well as from a PowerShell prompt. There are several command parameters included that allow not only configuring the NTP servers you want to query, but also parameters that allow viewing the low level registry configuration as well as the synchronization status.
You can read the official Microsoft KB on the Windows Time service and the W32tm.exe utility here:
- https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings
However, there are a few commands I would like to show you for the purposes of configuring your Domain controller that is to be the reliable time source (PDC Emulator) for your domain.
The first command is the command line entry to specify your NTP servers, which in this case I am using the NTP.org servers to set as the source of my NTP synchronization.
w32tm /config /syncfromflags:manual /manualpeerlist:"0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org" /update Stop-Service w32time Start-Service w32time
If you want to view the status of the NTP synchronization on your server after you have configured the values and restarted the w32time service, you can use the following command:
w32tm /query /status
You can also check the values configured in your registry key hkey local machine system currentcontrolset services w32time config using the commands below. You can drill into the configuration parameters using the /dumpreg /subkey command.
w32tm /dumpreg w32tm /dumpreg /subkey:parameters
Final Thoughts
As shown, you can easily set NTP Server Windows 2016 or Windows 2019 using the w32tm command utility that allows interacting with the time service in Windows Server.
In a Windows domain, you want to configure your authoritative time source domain controller, which by default is the PDC Emulator, to pull time information from an authoritative source like NTP.org or some other reliable NTP time server.
After configuring the time source, the other domain controllers will synchronize with this server and then the Windows clients joined to the domain will synchronize with the domain controllers that have the corrected time from the authoritative server.
- Remove From My Forums
-
Question
-
Добрый день. Подскажите как настроить синхронизацию времени, чтоб пользователи домена в том числе и прочие серверы входящие в домен получали правильное время с контроллера домена.
Потому что сейчас файловый сервер подключенный к контроллеру домена получает неверный часовой пояс, изменить не получается пишет что эти настройки управляются вашей организацией…
На основном Контроллере домена стоит недавно установленный 2019 server strd, настроены роли AD, DHCP, DNS. Больше ничего установлено не было, всё остальное по умолчанию. Ед что сделал это создал свою гр политику и применил её для
моего домена в самый верхний приоритет. (в этой политике я установил только параметры паролей) больше ничего не делал.-
Moved by
Friday, February 7, 2020 8:15 AM
(технический вопрос по администрированию служб и ролей сервера) -
Edited by
Sibirin
Friday, February 7, 2020 8:59 PM
-
Moved by
Answers
-
Меня интересует именно настройка синхронизации DC с клиентами.
dc время с клиентами не синхронизирует. клиенты синхронизируют время с контроллерами домена
посмотрите
статью (много тексту но по сути и с картинками)
The opinion expressed by me is not an official position of Microsoft
-
Marked as answer by
Petko KrushevMicrosoft contingent staff, Owner
Thursday, March 5, 2020 8:24 AM
-
Marked as answer by
If the computer is an Active Directory Domain Controller, the NTP Server feature is enabled automatically. So, the following example is for a computer that needs to enable NTP Server in a WorkGroup environment.
- KMS activation deployment for Windows 10, Windows 8.1, Windows Server 2012 R2, Windows Server 2016
- HOW TO INSTALL ISA SERVER ENTERPRISE 2000 — Part III
Configure NTP Server in Windows Server 2019
If the computer is an Active Directory Domain Controller, the NTP Server feature is enabled automatically. So, the following example is for a computer that needs to enable NTP Server in a WorkGroup environment.
Step 1. Run PowerShell with admin rights and configure the following:
Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # confirm current setting (follows are default settings) PS C:UsersAdministrator> Get-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesw32timeTimeProvidersNtpServer" InputProvider : 0 AllowNonstandardModeCombinations : 1 EventLogFlags : 0 ChainEntryTimeout : 16 ChainMaxEntries : 128 ChainMaxHostEntries : 4 ChainDisable : 0 ChainLoggingRate : 30 RequireSecureTimeSyncRequests : 0 DllName : C:WindowsSYSTEM32w32time.DLL Enabled : 0 PSPath : Microsoft.PowerShell.CoreRegistry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServ icesw32timeTimeProvidersNtpServer PSParentPath : Microsoft.PowerShell.CoreRegistry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServ icesw32timeTimeProviders PSChildName : NtpServer PSDrive : HKLM PSProvider : Microsoft.PowerShell.CoreRegistry # enable NTP Server feature PS C:UsersAdministrator> Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesw32timeTimeProvidersNtpServer" -Name "Enabled" -Value 1 # set [AnnounceFlags] to 5 # number means # 0x00 : Not a time server # 0x01 : Always time server # 0x02 : Automatic time server # 0x04 : Always reliable time server # 0x08 : Automatic reliable time server PS C:UsersAdministrator> Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetservicesW32TimeConfig" -Name "AnnounceFlags" -Value 5 # restart Windows Time service PS C:UsersAdministrator> Restart-Service w32Time # if Windows Firewall is running, allow NTP port PS C:UsersAdministrator> New-NetFirewallRule ` -Name "NTP Server Port" ` -DisplayName "NTP Server Port" ` -Description 'Allow NTP Server Port' ` -Profile Any ` -Direction Inbound ` -Action Allow ` -Protocol UDP ` -Program Any ` -LocalAddress Any ` -LocalPort 123
Step 2. NTP Server Host also needs time synchronization with other Hosts as the NTP Client.
Configure NTP Client in Windows Server 2019
NTP Client settings are configured with NTP Server [time.windows.com] by default Windows, so if the computer is connected to the Internet, the date and time will be synchronized.
Furthermore, if the computer is in Active Directory Domain, the NTP Client settings are also configured as follows, so generally there is no need to change the settings:
- Domain Controller synchronizes time with PDC in the domain.
- The PDCs in a domain time synchronize with the PDCs in the Parent Domain (primary domain) or with other Domain Controllers.
- The client computers synchronize the time with the Domain Controller on which the client is currently logged on.
In the WorkGroup environment, you can change the default NTP server to other servers as follows.
Step 1. Run PowerShell with admin rights and configure the following:
Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # confirm current synchronization NTP Server PS C:UsersAdministrator> w32tm /query /source time.windows.com,0x8 # change target NTP Server (replace to your timezone server) # number means # 0x01 : SpecialInterval # 0x02 : UseAsFallbackOnly # 0x04 : SymmetricActive # 0x08 : NTP request in Client mode PS C:UsersAdministrator> Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesw32timeParameters" -Name "NtpServer" -Value "ntp.nict.jp,0x8" # restart Windows Time service PS C:UsersAdministrator> Restart-Service w32Time # re-sync manually PS C:UsersAdministrator> w32tm /resync Sending resync command to local computer The command completed successfully. # verify status PS C:UsersAdministrator> w32tm /query /status Leap Indicator: 0(no warning) Stratum: 4 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0252246s Root Dispersion: 0.0824040s ReferenceId: 0x85F3EEF3 (source IP: 133.243.238.243) Last Successful Sync Time: 9/23/2019 10:15:33 PM Source: ntp.nict.jp,0x8 Poll Interval: 8 (256s)
Step 2. If a computer is in an Active Directory domain environment and is a Forest Root, the synchronization target is usually configured to [Local CMOS Clock] (Hardware Clock). Then, if you want to change the setting from [Local CMOS Clock] to NTP server network, please set as follows:
Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # in AD Domain Environment, [Type] is set to [NT5DS] PS C:UsersAdministrator> (Get-Item -Path "HKLM:SYSTEMCurrentControlSetServicesw32timeParameters").GetValue("Type") NT5DS # if target is [Local CMOS Clock] but you'd like to change it, change [Type] to [NTP] first # next, change to NTP server with the same way in [1] section PS C:UsersAdministrator> Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesw32timeParameters" -Name "Type" -Value "NTP"
Read more
- Deploy KMS activation on Windows Server 2008
- Creating SSL Server 2008 Server with ISA 2006 Firewalls (Part 1)
- How to Install, Configure, and Test Windows Server 2012 R2 Single Subnet DHCP Server
- Instructions for setting up individual FTP Server with FileZilla
- Set up a VPN server on Router Tomato — Part 2
- Install Windows Server 2003 and create a backup server