The W32Time service
Every server should always have an accurate system clock. This is especially important if the server uses systems like Shibboleth because they place time restrictions on the data that is being transmitted to enhance security.
Windows provides a built-in NTP client from version 2000. It allows you to synchronize the time of this server to a special NTP server somewhere in the internet by running the NTP client on this server. For Windows Server 2003 and Windows XP the NTP client is enabled by default (in that case you do not have to use this small guide).
The W32Time Service is a fully compliant implementation of the Simple Network Time Protocol (SNTP) as detailed in IETF RFC 1769. SNTP uses UDP port 123 by default. If you want to synchronize your time server with an SNTP server on the Internet, make sure that port is available.
c:\net time /setsntp:ntp.belnet.be
Start the W32time service:
c:\net start W32Time
Running as a service
You can also set the start option of the Windows Time Synchronization Service (W32Time) to Automatic, so the service will start when
Windows Registry settings
Set the correct value for the following Registry entries. (http://support.microsoft.com/kb/q223184/)
The registry values are located in the following registry key:
AvoidTimeSyncOnWan: REG_DWORD (optional)
Prevents the computer from synchronizing with a computer that is in another site.
0 = the site of the time source is ignored [default]
1 = the computer does not synchronize with a time source that is in a different site
GetDcBackoffMaxTimes: REG_DWORD (optional)
The maximum number of times to double the backoff interval when successive attempts to
find a domain controller do not succeed. An event is logged every time a wait of the
maximum length occurs.
0 = the wait between successive attempts is always the minimum and no event is logged
7 = [default]
GetDcBackoffMinutes: REG_DWORD (optional)
The initial number of minutes to wait before looking for a domain controller if the
last attempt did not succeed. 15 = [default]
Used to start the SNTP server.
0 = do not start the SNTP server unless this computer is a domain controller[default]
1 = always start the SNTP server
NtpServer: REG_SZ (ntp.belnet.be)
NtpServer: REG_SZ (optional) Used to manually configure the time source. Set this to
the DNS name or IP address of the NTP server to synchronize from. You can modify this
from the command line by using the net time command. Value is blank by default
Period : REG_DWORD or REG_SZ
Used to control how often the time service synchronizes. If a string value is
specified, it must be one of special ones listed below.
0 = once a day
65535, "BiDaily" = once every 2 days
65534, "Tridaily" = once every 3 days
65533, "Weekly" = once every week (7 days)
65532, "SpecialSkew" = once every 45 minutes until
3 good synchronizations occur, then once every 8 hours (3 per day) [default]
65531, "DailySpecialSkew" = once every 45 minutes until 1 good synchronization occurs, then once every day
freq = freq times per day
ReliableTimeSource: REG_DWORD (optional)
Used to indicate that this computer has reliable time.
0 = do not mark this computer as having reliable time [default]
1 = mark this computer as having reliable time (this is only useful on a domain controller)
The Adj and msSkewPerDay values contain information about the computer's clock between restarts. Do not manually edit these values.
Used to control how a computer synchronizes.
Nt5DS = synchronize to domain hierarchy [default]
NTP = synchronize to manually configured source
NoSync = do not synchronize time
note: The Nt5DS setting may not use a manual configured source.
For further information about NTP when using Windows 2000 see:
Authors: Brusten Philip & Van der Velpen Jan
Last modified: Wednesday, 16-Nov-2005 09:29:17 CET