Hi folks. I've been asked to analyze the time sync setup for our domain at the new job. The domain is on windows 2003 servers. It's been a while since I've had to do this so I did some research - http://support.microsoft.com/kb/816042 , http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Time-Service.html , http://technet.microsoft.com/en-us/library/cc773061(WS.10).aspx#BKMK_Config I think I've got it broken down to a standard configuration where the PDC emulator for the root domain is getting time from an external source, the other DCs get their time from it, and the workstations/member servers get their time from the authenticating DC. We're using ntp2.usno.navy.mil and tock.usno.navy.mil for the external time sources. My question is, at the sites I've read relating to this, it says that the PDC emulator has to have a 0x01 on the end of the time source in the registry key for the NTP Server Parameters (see attched snip below) but it's not present on the key on the pdc emulator, so is this valid or not? If it's not there what does that mean for the time sync on the domain? Specify the time sources. To do this, follow these steps: 1. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters 2. In the right pane, right-click NtpServer, and then click Modify. 3. In Edit Value, type Peers in the Value data box, and then click OK.
Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect. Steps from link above(http://support.microsoft.com/kb/816042): To configure an internal time server to synchronize with an external time source, follow these steps: 1. Change the server type to NTP. To do this, follow these steps: 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type 3. In the right pane, right-click Type, and then click Modify. 4. In Edit Value, type NTP in the Value data box, and then click OK. 2. Set AnnounceFlags to 5. To do this, follow these steps: 1. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags 2. In the right pane, right-click AnnounceFlags, and then click Modify. 3. In Edit DWORD Value, type 5 in the Value data box, and then click OK. 3. Enable NTPServer. To do this, follow these steps: 1. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer 2. In the right pane, right-click Enabled, and then click Modify. 3. In Edit DWORD Value, type 1 in the Value data box, and then click OK. 4. Specify the time sources. To do this, follow these steps: 1. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters 2. In the right pane, right-click NtpServer, and then click Modify. 3. In Edit Value, type Peers in the Value data box, and then click OK. Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect. Thanks Don K ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
