Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2010-09-26) Configuring And Managing The Windows Time Service (Part 4)

Posted by Jorge on 2010-09-26


In the previous post (part 3) I discussed how to configure the DCs so that these do not accept and therefore do not time jumps that are too large. Also taking the first post (part 1) and the second post (part 2) into account, it is now interesting to know how you can see what the configuration is a certain DC or AD (member) client is using.

To view the time source a DC or an AD (member) client currently is using to synchronize the time from, use the following command:

W32TM /QUERY /SOURCE

image

To view the Windows Time Service configuration a DC or an AD (member) client currently has, use the following command:

W32TM /QUERY /CONFIGURATION

image

(this picture shows the configuration of the DC with the PDC FSMO role)

The Windows Time Service can be configured to log information into the System event log. The two settings that are available for this are:

  • GPO Node: "Computer Configuration\Policies\Administrative Templates\System\Windows Time Service"
    • GPO Setting: "Global Configuration Settings" = Enabled
      • GPO Setting Item: "EventLogFlags" = 2 (default value)
  • GPO Node: "Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Time Providers"
    • GPO Setting: "Configure Windows NTP Client" = Enabled
      • GPO Setting Item: "EventLogFlags" = 1 (default value) (The GPO shows "0", but in reality the default value is "1"!)

The first "EventLogFlags" option configures the Windows Time Service to log (or not) an event when it is not able to reach the time server from which it synchronizes the time.

The second "EventLogFlags" option configures the Windows Time Service to log (or not) an event when a time jump is made and/or a new time server is being used to synchronize the time from.

In addition to the information in the System event log, it is possible to enable debug logging for the Windows Time Service. When debugging logging is enabled it is possible to see what is happening under the hood by the Windows Time Service.

To enable debug logging for the Windows Time Service, execute the following command:

W32TM /DEBUG /ENABLE /FILE:<Full Path To Log File> /SIZE:<Log File Size In KB> /ENTRIES:<Type Of Entries To Log>

W32TM /CONFIG /UPDATE

‘<Full Path To Log File>’ is the full path to the log file used for denug logging. For example: "C:WindowsDebugW32Time.log"

‘<Log File Size In KB>’ specifies the maximum size of the log file in KB. For example ‘10000000’ means ’10MB’

‘<Type Of Entries To Log>’ is a numerical mask of the entries you wish to log in the log file. Each number in the range between 1 and 300 represents a specific log entry type you would like to log. Just specifying 0-300 is the easiest way to use this as it will log everything.

A sample of the log file is shown below

image

To disable debug logging for the Windows Time Service, execute the following command:

W32TM /DEBUG /DISABLE

W32TM /CONFIG /UPDATE

For more information about configuring the Windows Time Service debug log see the link: ‘Configuring the Time Service: Enabling the Debug Log‘.

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

6 Responses to “(2010-09-26) Configuring And Managing The Windows Time Service (Part 4)”

  1. […] (Part 2)", "Configuring And Managing The Windows Time Service (Part 3)" and "Configuring And Managing The Windows Time Service (Part 4)", ['2'] Any password changes or account lockouts that occur on any DC are communicated to the […]

  2. […] (2010-09-26) Configuring And Managing The Windows Time Service (Part 4) […]

  3. […] You need to create an additional GPO that only targets the DC currently hosting the PDC FSMO role and any candidate DC to host the PDC FSMO role through WMI filtering. You can read more about that in “(2010-09-26) Configuring And Managing The Windows Time Service (Part 1)”, “(2010-09-26) Configuring And Managing The Windows Time Service (Part 2)”, “(2010-09-26) Configuring And Managing The Windows Time Service (Part 3)” and “(2010-09-26) Configuring And Managing The Windows Time Service (Part 4)”. […]

  4. Wow, how no one have commented yet?
    Amazing post series!
    W32time is not much documented and have a lot of fragmented information in the internet. Your serie joined everything!
    Thanks!

  5. […] (2010-09-26) Configuring And Managing The Windows Time Service (Part 4) […]

  6. […] Industry Blog: Configuring And Managing The Windows Time Service (Part 4) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: