I'll try to answer to the best of my understanding of the questions- > So you don't need W32Time running on the XP box to be a time source to the root PDCe?
Not in the scenario I mentioned, the PDCe is just talking to a NTP provider. Is it possible? Probably, W32time is much more intricate in XP/2003. I am just experienced using NTP as a source separate from W32time. >Will the XP box respond to NTPS from the PDCe without W32Time running on it? If you mean as a client, no. The XP box can't participate in the NT5DS mode if it doesn't run W32time. You don't want it to since you are trying to make it authoritative. It should only trust your HW clock. > W32Time can be configured to 'NoSync' using W32TM on the XP box and therefore mitigate the time >loop risk. NoSynch means it trusts it's own clock as a client. I was thinking more of the case where it could possibly be serving time to other clients if it had w32time running. >I'm assuming that the root PDCe has W32Time set to 'NTP' but had assumed that it meant that the >target box (the XP box in this case) also needed W32Time running. The PDCe has Type=NTP, that means it synchronizes from the servers specified in the NtpServer registry entry. That can be any NTP box. >Perhaps when you say 'disabled' for W32Time you mean 'NoSync' or do you >actually mean stopping and disabling the service? I meant disabled because I have actual experience with running NTPd on a W32 box, I *know* it works and it is rather trivial to implement. There are a lot more settings available for w32time in XP/2003 so you might be able to play with the TimeProviders keys and get it to work just fine. The registry settings are well documented in Windows Time Service Tools and Settings: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/T echRef/b43a025f-cce2-4c82-b3ea-3b95d482db3a.mspx?pf=true One of the MS folks who owns W32time drops in here occasionally, he could certainly give you a more authoritative answer than I can if he sees this . -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Baudino Sent: Wednesday, April 13, 2005 11:49 AM To: [email protected] Subject: RE: [ActiveDir] Using "net time" Strongly agree on the use of W32TM over NET TIME. Questions though: So you don't need W32Time running on the XP box to be a time source to the root PDCe? Will the XP box respond to NTPS from the PDCe without W32Time running on it? W32Time can be configured to 'NoSync' using W32TM on the XP box and therefore mitigate the time loop risk. I'm assuming that the root PDCe has W32Time set to 'NTP' but had assumed that it meant that the target box (the XP box in this case) also needed W32Time running. I've been curious about this for some time but have not yet been able to test. Perhaps when you say 'disabled' for W32Time you mean 'NoSync' or do you actually mean stopping and disabling the service? Thanks, Mike "Free, Bob" <[EMAIL PROTECTED]> To: <[email protected]> Sent by: cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Using "net time" tivedir.org 04/13/2005 11:51 AM Please respond to ActiveDir Net Time uses the old NetRemoteTOD API, for computers not running the time service, when they issue a NET TIME command without any parameters the clients issue a NetServerEnum to enumerate the servers from the browse list (yuk) with the TS (timesource )flag. Archaic and inaccurate as compared to W23time. In your situation, off the top of my head, I would be inclined to run NTP on the XP box with W32time disabled, point the PDCe of the forest to it and let W32time run in it's NT5DS mode on all the other machines so you have the proper hierarchical flow of time down the forest without making any changes anywhere else and it just appears as an external source to the PDCe. It might be possible to do it with W32time running on the XP box but I have no direct experience with doing it that way and you could conceivably introduce a time loop. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark Sent: Wednesday, April 13, 2005 7:33 AM To: [email protected] Subject: [ActiveDir] Using "net time" Following on from my earlier question about time synchronisation, can anyone please tell me, when you type in the command "net time", just where exactly how does the client determine where to pull this information from ? I ask because I assumed it would be querying its logon server by default, however in my case it is querying a DC from a sub-domain ?!?! Why on Earth is that ? The DC in question is not configured as a reliable time source (The "AnnounceFlags" value is 10 and not 4) I am confused and bewildered. Thanks again for any help. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark Sent: Wednesday, April 13, 2005 4:15 PM To: [email protected] Subject: [ActiveDir] Time synchronisation in a W2K domain I was recently handed a new hardware clock to install into our domain. As the device needs to be placed in an area with good radio reception I decided to install it onto a PC. Our server farm is located in a secure bunker with no reception at all. I know the usual time sync model is for DC's to get the time from the PDC role holder and then the time filters down from there to members servers and workstations. However, my PC is running Windows XP. So the question is, is it possible to set the XP workstation (with hardware connected) as the reliable primary source for time in the domain ? Should the Windows Time service be disabled on the PC ? What changes need to be nmade to the PDC Role holder and other DC's in the domain to make sure they are forced to sync with the XP workstation. Or is it just not possible to use an XP workstation ? I have noticed that some of my machines are synching with the PC but others are not and I have not as yet determine why there is this erratic behviour. If I use the "w32tm /resync" command then on some machines it works and on others it doesn't. Do I need to manually configure all DC's t point to the XP machine ? Do members servers need special configuration ? Why are general user workstations not showing the same time as the Time PC ? Any advice greatly appreciated. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ******************* PLEASE NOTE ******************* This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
