What Time is It?

I was recently evaluating a client’s network in which they reported they had issues with file sharing. Upon further inspection, some of the client’s Kerberos authentication was failing. Now one of the things that I learned from the get-go was that the concept of accurate time is extremely important to computers and this case proves it. When I saw the clock on the client’s and the servers I knew something was up.

There are specifically two protocols that Windows servers can take advantage of. SNTP or Simple Network Time Protocol was the first supported and easiest to use in Windows networks. I would believe that most IT pro’s know of the “net time” command. You are able to use SNTP to set/monitor time up through Windows Vista. But when Windows 2000 came to be, there was a much better choice that didn’t get the attention it deserved: The W32tm command!

W32tm uses NTP or Network Time Protocol. The protocol has been in existence forever, but Microsoft fully implemented in Windows XP and above. I will give you a brief overview of this command and how it relates to successful & accurate time infrastructure.

NTP relies on a hierarchy of time sources. Each branch of this hierarchy is called a Stratum and is followed by a number. For instance, stratum 0 would indicate the first branch of accurate or reliable time. This is often a time source with incredible precision and reliability like an atomic clock. You won’t own one of these. These are then linked to a set of computers, and these would be Stratum 1  servers. Stratum 2 computers sync with stratum 1 and stratum 3 sync with stratum 2. It is important to note that just because you are getting higher on the stratum tree doesn’t indicate that you’re going to get less reliable time. One of the big differences between SNTP and NTP is that NTP keeps track of statistics and other performance data in regards to past & present time traffic between different servers in stratum. This increases accuracy.

When a domain is created, the server with the PDC FSMO role acts as a default central time clock for its clients. Other DC’s look towards this server (this can be changed) initially for accurate time. So this makes it easy. Configure the PDCe for time and you get the rest for free! I’m a fan of the NTP pool over at NTP.org so I will use them. Also, my setup is Windows Vista and Windows Server 2008. Earlier command versions may need to change the syntax a bit but should be similar.

To check the status of NTP client on your PDCe, start with:

w32tm /query /status

 



This indicates how the NTP client is configured. Take a look at the SOURCE field. Most often it will indicate the CMOS Clock. Time to change that.

w32tm /config /manualpeerlist:0.pool.ntp.org

 



 This will update a list of peers that it will attempt to sync with. If you want to setup multiple peers (as you should) use the following syntax.

w32tm /config “/manualpeerlist:0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org”

 



Notice that when configuring multiple peers you need to separate them with a space and they need to be enclosed with quotes. The only thing left is to have WTS (Windows Time Service) use the peer list. You change this by setting a flag.

w32tm /config /syncfromflags:MANUAL

 



So now you’ve configured the peer list but you need to save the configuration.

w32tm /config /update

 



At this point, I usually restart the WTS. After that occurs I force a resync of the Time Service by entering the following:

w32tm /resync

 



When this is completed, you can go back and run a query and it should indicate in the source field one of your peers. To get a full list of manual peers, type the following:

w32tm /query /peers


Ok, we have now configured the servers but what about the network clients? Well if everything else is going ok with your Windows clients, than there is really nothing else you need to do. But to make sure, you can pass a

w32tm /resync /rediscover

 



to them. This tells WTS to check the time (/resync) and that you should check based upon the network (/rediscover) topology. If their configuration was modified from the original, you can reset it by doing the following.


   1:  w32tm /unregister

   2:  w32tm /register


If you want some more information, you can check out the links below!