The Windows 2000 Server operating system includes a time synchronisation service called w32time or Windows Time. The service is installed by default and runs continuously within the service list. The time service is compulsory by the Kerberos authentication protocol to make sure that all computers running in a Windows 2000 environment utilise an usual shared time. This post describes how to set up and configure an Authoritative Time Server in a Windows 2000 Server environment. It also discusses the hierarchical relationship at the heart regarding the service and gives some configuration hints and tips.
The Windows Time Synchronisation Hierarchy The Windows 2000 structure of atom a hierarchical synchronisation structure: Desktop workstations and Member Servers nominate their website controller as the source of time; Website controllers nominate the PDC as their source of time synchronisation, but shall also utilise a parent website controller; PDCs follow the hierarchy of domains within the selection of their time synchronisation source. Within the hierarchy the PDC emulator within the forest root website is the primary time reference for the organisation. The PDC within the forest root website can have its internal reference clock controlled in a many ways: - By utilising its own internal hardware system clock - By synchronising to an Net based NTP time server. - By synchronising with a regional intranet based NTP time server or hardware reference clock. - By utilising a hardware reference clock.
Each of these methods of synchronisation described above raises a many issues. A PDC utilising its own internal unsynchronised hardware system clock shall drift significantly over time, transactions cannot be referenced to a traceable source of time. A PDC synchronising to an Net based NTP time server can obtain accurate time. However, this raises security issues since the NTP port within the firewall should be left reveal for synchronisation. Also, Net based NTP servers cannot give authentication, so the source of time cannot be guaranteed.
Many regarding the above issues should be solved yy synchronising a PDC with a regional intranet based NTP time server or hardware clock. A regional NTP server or hardware clock has the advantage of providing a traceable time reference and also secure authentication. The Windows 2000 Time Service Configuration. Configuration regarding the Windows 2000 Time Service is carried out by editing registry entries. It is highly recommended that the registry be backed up prior to conducting any modifications.
This allows the registry to be restored within the function of erroneous modification. To configure the PDC master to utilise its internal system clock requires only that the W32Time registry entry HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services W32Time Config AnnounceFlags is set to A. This creates the PDC announce itself like a reliable time source. However, the system clock can drift over time and is not referenced to an accurate time source. Additionally, Windows Time shall periodically generate system function log warnings indicating that the PDC should be configured to synchronise to an external time source.
This warning should be ignored. To configure the PDC to to synchronise to an external time reference, a many registry entries should be modified. The windows time service registry settings are stored within the registry at HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services W32Time Parameters. The Type, Reliable Time Source and Regional NTP parameters should be set to the price 1. The NTP Server parameter should be set to a list of space delimited NTP server peers that the computer is to synchronise to.
The MaxAllowedClockErrInSecs indicates the maximum many seconds between the system time and received times that the received time is to be thought about a valid new time. The Period parameter indicates the frequency with which the time service is to synchronise. Subsequent to the registry entries have been correctly modified, the Windows Time service should be stopped and restarted. At a command prompt enter net stop w32time and and net begin w32time to restart the service. The correct procedure regarding the Windows Time service depends heavily on the correct functioning of network devices and infrastructure.
Common problems for example TCP or IP connectivity, DNS resolution, inaccurate NTP time references and network delay can all cause problems together with the synchronisation service. Additionally, when synchronising to an Net NTP server, make sure that that USP port 123 is reveal on the firewall. UDP port 123 is the port reserved for NTP communication packets.
No comments:
Post a Comment