jump to navigation

Windows Time Service reasons and problems April 4, 2008

Posted by daakeung in IT, Microsoft.
Tags: , , ,
trackback

Windows time service plays an important role in the Kerberos authentication protocol. The purpose of the Windows Time service is to make sure that all computers that are running Microsoft Windows 2000 or later versions in an organization use a common time.

This being said, windows time service uses a hierarchical relationship that controls authority and does not permit loops.

The PDC operations master at the root of the forest becomes authoritative for the organization. Microsoft recommends that you configure your authoritative time server to sync with a hardware source, since syncing with external internet sources, does not perform any form of authentication when gathering time information.
To configure the PDC master without using an external time source, change the announce flag on the PDC master. The PDC master is the server that holds the forest root PDC master role for the domain. This configuration forces the PDC master to announce itself as a reliable time

To set it as NTP server, do the following modification in the registry, please backup the registry prior to doing this.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
In the right pane, right-click AnnounceFlags, and then click Modify.
In Edit DWORD Value, type A in the Value data box, and then click OK.

And then restart w32tm service.

If your application log for the PDC generate the following error, you will need to disable NTP client

Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 12
Date: 4/4/2008
Time: 8:38:13 AM
User: N/A
Computer: XXXXX

Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
To disable NTP client,

Open your registry
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient
Create or Modify a new dword called “Enable”
Set value as 0 to disable this tweak and 1 to enable this tweak

and reboot the system for it to take effect.

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: