Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2005-11-20) How To Configure The PDC FSMO In The Forest Root Domain To Sync Time?

Posted by Jorge on 2005-11-20


The time service on the forest root domain PDC emulator FSMO holder can be configured to point to an external NTP time source or it can be configured to use its own internal hardware clock.

(1) configuring the forest root domain PDC FSMO to use an another time source (internal or external)

To configure the PDC FSMO in the forest root domain with one or more time servers:

* W32tm /config /manualpeerlist:"<time server 1> <time server 2> <time server n>",<option> /syncfromflags:manual

* Time servers can be specified as FQDN or IP address of the time server

To update the "Windows Time Service" configuration:

* W32tm /config /update OR

* Net stop w32time & net start w32time

To resync time with a source

* W32tm /resync

To query for specified NTP server(s):

* Net time /querysntp

* The answer must be something like: "The current SNTP value is: <timeserver>,<option>"

REMARK: possible values of <option> are:

* 0x1 use special poll interval SpecialInterval

* 0x2 UseAsFallbackOnly

* 0x4 send request as SymmatricActive mode (the host configured in "symmatric active mode" uses another NTP hosts to sync time, but also gives those other NTP hotes to sync time with the local host)

* 0x8 send request as Client mode (the localhost configured in "client mode" uses the other remote NTP host to sync time)

MORE INFO:

"Configure the Windows Time service on the PDC emulator"

(http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/ce8890cf-ef46-4931-8e4a-2fc5b4ddb047.mspx)

(2) configuring the forest root domain PDC FSMO to use its own internal hardware clock

If the forest root domain PDC FSMO is not synchronized to an external time source, the system log will have a warning of event ID 12. To prevent these events from appearing, that DC needs to be configured with an adjustment in the registry. Copy and paste the following into a REG file and import the REG FILE

####################################################

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
"AnnounceFlags"=dword:00000005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"NtpServer"=""
"Type"="NT5DS"

####################################################

event ID 12:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.  It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source.  Otherwise, this machine will  function as the authoritative time source in the domain hierarchy.  If an external  time source is not configured or used for this computer, you may choose to disable  the NtpClient.

MORE INFO:

"Configure the PDC emulator to synchronize from its internal hardware clock"

(http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/f3257f89-3790-4677-adfd-b85366410322.mspx)

In both situations the following points of attention exist:

(A) If the PDC Emulator FSMO is transfered OR seized the time service configuration is NOT transfered/seized with it and needs to be reconfigured on the new FSMO role owner. If the old FSMO roles owner still is alive, restoring the default configuration is a very good idea!

MORE INFO:

"Change the Windows Time service configuration on the previous PDC emulator"

(http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/4a63190b-c594-4d43-9195-e54e4cb89d25.mspx)

(B) Don’t configure the time service to use cyclic time configuration. This means "don’t configure the time service on the PDC FSMO to use a server in the domain that already syncs with the PDC FSMO"

Additional information in:

* MS-KBQ816042_How to configure an authoritative time server in Windows Server 2003 (http://support.microsoft.com/?id=816042)

* MS-KBQ224799_Basic Operation of the Windows Time Service (http://support.microsoft.com/?id=224799)

* MS-KBQ875424_Time synchronization may not succeed when you try to synchronize with a non-Windows NTP server in Windows Server 2003 (http://support.microsoft.com/?kbid=875424)

* Windows Time Service in Windows Server 2003 (http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/71e76587-28f4-4272-a3d7-7f44ca50c018.mspx)
* Managing the Windows Time Service

(http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/0d4d417a-8055-46fd-abeb-8c455b9b51ed.mspx)

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

2 Responses to “(2005-11-20) How To Configure The PDC FSMO In The Forest Root Domain To Sync Time?”

  1. […] As you may also know the PDC FSMO in the forest root domain could be configured to sync time with an external time source or to sync with its own internal hardware clock. So when seizing or transfering that FSMO role the time sync configured is NOT MOVED! For that you need to configure the new PDC FSMO role owner accordingly, and if the source owner is still up and running you need to remove the time sync configuration. More information on how to do that can be found at: https://jorgequestforknowledge.wordpress.com/2005/11/20/how-to-configure-the-pdc-fsmo-in-the-forest-r… […]

  2. […] addition to a previous post a did, I would like to point you to a Microsoft blog about the Windows Time Service (W32TIME). That […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: