Linux ntp windows server

NTP: How To Sync Time Between Servers, Workstations (Windows, Ubuntu)

It’s important for all workstations and servers to agree what time it is. There’s a long list of reasons for this, including log file synchronization, and avoiding the inevitable end-user complaints when their computer’s time does not match their phone’s time. Unfortunately, when I recently set up a LAN with a number of Windows Server 2008 R2 and Ubuntu Server 12.04 VMs, I found that all the servers had their own ideas about what time it was. Making matters worse, the Windows XP Pro and Windows 7 Pro workstations were periodically logging events complaining about not being able to contact a time server, and so they too were all drifting through time like lost sailboats.

The error that is logged on a Windows machine (System log) when it can’t sync to the NTP server is:

Event ID 129, Source: Time-Service
Warning: NtpClient was unable to set a domain peer to use as a time source because of a discovery error. NtpClient will try again in minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

When I initially noticed this, I was neck-deep in 1000 high-priority issues related to getting the servers up and running smoothly, so I gave up after a short period of troubleshooting, setting it aside for later. Well that time finally came. And the good news for you? I’m not going to run through the long list of things I tried (from various Google searches) that didn’t work. Instead, I’ll list what did ultimately work. And just to clarify, all of these servers are pretty stock/minimal set ups – nothing exotic is going on – I only configured/installed/tweaked what had to be done to get the function accomplished that I was looking for. So if this worked for me, it should work for you, assuming you too have a relatively run-of-the-mill installation. But, of course, YMMV. 😉

I have a file server acting as my PDC & Primary DNS, which I decided to make my NTP server (i.e., the server in charge of telling everybody else what time it is). All the other Windows & Ubuntu servers get their time from this server, as do the workstations. To my surprise, every single server had to be configured in some way to get this all working smoothly – NONE of them just automatically did what one might assume they’d do (i.e., PDC acts as NTP server, member/secondary servers look to the PDC for the time, etc.). The configuration is below:

Читайте также:  Как удалить скрины в linux

First, make sure all machines have UDP port 123 open. This is the port used by NTP to sync time, and this actually was open on all the machines I checked, so thankfully, no modifications were necessary for me there.

(Bonus tip: Normally you can test to see if you’re communicating on an open port by Telneting to it, but since this is on a UDP port, this trick doesn’t work. Telnet only works via TCP – this is something that I figured out only after banging my head against the wall, for longer than I care to admit, trying to figure out why this port wasn’t responding!)

To get the PDC to advertise itself as a good time source, enter this command at the administrator-level command prompt:

w32tm /config /manualpeerlist:0.us.pool.ntp.org,0x1 /syncfromflags:manual /reliable:yes /update

Then restart the Windows Time service and type this to confirm it worked:

Or check event log (note – it can take a few seconds to take effect).

The first command above is telling the Windows Time service to acquire time from a a list of internet servers specified in “manualpeerlist.” In this example I’m using my local time server for someone living in the Northeast, USA. (Go to http://ntp.org for more info on finding the best server in your area.) I could’ve specified additional servers by separating them with spaces, so it could’ve been “0.us.pool.ntp.org,0x1 1.us.pool.ntp.org,0x1 2.us.pool.ntp.org,0x1” etc.

The “,0x1” is an important part that I missed in my initial troubleshooting. If I remember correctly, it basically tells the server that it’s in charge and should take what this server says as trustworthy. If you really want the technical explanation, you can do a “w32tm /?” at the prompt or some Google searches. 😉 The other switch that I missed in my initial failed attempts to get this working was “/reliable:yes” – again, this basically tells the server that it’s in charge and is considered a reliable time source.

You then need the “/syncfromflags:manual” switch to tell it to sync from the servers you listed in the manualpeerlist switch. Seems redundant to me, but whatever – that’s Windows for you. Without that switch, I couldn’t get it working.

In addition, you should verify that this registry key is set to “NTP” (it usually is):

(NOTE: if your Windows server is running as a VM in VMware, then you’ll also want to go into the VMware tools icon running in your server’s systray and verify that the box is unchecked that tells the VM to sync with VMware’s clock. For me this was already unchecked by default, but VMware advises you do this if you’re having sync problems between machines, so better safe than sorry!)

If you do the things listed above, you’ll have configured a server to be the master time keeper in your organization. Now, we need to tell the other machines about it! The good news is, your workstations should catch on to this change automatically within an hour or so of the master server coming online, so there’s nothing to do there. You’ll see their time change SLOWLY though, because if a machine’s time is like 20 minutes off, it could potentially cause problems to jump that far in a single moment, so instead Windows will incrementally shave seconds off every few seconds, bringing the time into sync, over a few minutes. You can actually watch it to this if you double-click on the clock in the systray and watch the second-hand magically skip ahead faster than normal.

Читайте также:  Linux if true false

To get other servers to act as clients and look to the PDC for their time, first change this key to say: NT5DS

Then type this at an elevated command prompt:

w32tm /config /manualpeerlist:10.0.1.2,0×8 /syncfromflags:MANUAL /update

Then restart the Windows Time service and type this to confirm it worked:

Or check event log (note – it can take a few seconds to take effect). To force it to resync right now, instead of taking the time it usually takes, type:

Again, the manualpeerlist is key here. Replace “10.0.1.2” above with the address of your main NTP server, that you configured earlier. You can also use the FQDN if you don’t feel like using IP address. The “,0x8” part tells it to essentially be a client machine, and get its info from the NTP server.

Ok, so now you’ve got all of your Windows servers and workstations configured, but what if you want to get your Ubuntu servers to sync to that Windows NTP server we configured above too? No problem!

Type “date” on the command line to see the current time & date. It’s probably pretty far off.

Test communication with an NTP server by typing:

(you could also replace “10.0.1.2” with “ntp.ubuntu.com” or “0.us.pool.ntp.org”, etc. if you want to sync externally instead of using your internal NTP server.)

Once you decide which NTP server to use, tell Ubuntu to update its time against that server daily by typing:

sudo vi /etc/cron.daily/ntpdate

And insert (press the “i” key) a line that says:

sudo chmod 755 /etc/cron.daily/ntpdate

That’s it! Now everyone agrees what time it is! Now if only we could get the office phones to stay in sync too…

Share on twitter

Share on google

Share on facebook

Share on reddit

Share on pinterest

Share on tumblr

Share on diggit

Share on stumbleupon

Share on linkedin

Share on email

The Point-and-Shoot Camera Might Be Dead, But The DSLR Will Live Long And Prosper

Share This Post

Share on twitter

Share on google

Share on facebook

Share on reddit

Share on pinterest

Share on tumblr

Share on diggit

Share on stumbleupon

Share on linkedin

Share on email

Start Here

Raving Roo is a tech blog covering IT topics including Windows, Mac, Active Directory, and information security. And we also feature craft beer reviews!

To get started, check out today’s most popular posts, browse our categories, or perform a search:

Categories

Oh, and about those craft beer reviews.

Our methodology of craft beer reviews is refined to this exacting standard: No point in wasting our time or yours on a nasty grog.

The Roo Only Raves
What It Craves.

Please share your thoughts

Latest Blog Posts

C:RETRO ROO> Atari XEGS Reboot, Part 1: 8-bit Nostalgia

Decades in the making, now the moment of truth. Plugs seated, power anchor dropped, and after a not-[. ]

Fix: Google Chrome Slow Scrolling On MacBook

This fix may work on other platforms, but I can only verify that it works on my 2013 MacBook Air run[. ]

Читайте также:  Виртуал бокс линукс окно

Windows 2012 R2 Remote Desktop Is A Black Screen With Command Prompt Only

If you ever find yourself in a situation where Windows Server 2012 R2 decides to spontaneously switc[. ]

Merge MP3 Files Using CAT Command On Mac OS X

Are you looking for a super quick way to merge multiple MP3 files into one big MP3 file? This can be[. ]

Fix: Corrupt Windows 2012 RDS Basic Color Scheme

This is a bizarre issue that has happened on multiple occasions with Windows 2012 servers in a Remot[. ]

iPhone / Mac Text Replacement: Shortcuts For Phrases

In both iOS and Mac OS X, Apple offers a feature called Text Replacement that allows you to configur[. ]

How To Edit Google Chrome Custom Spell Check Dictionary

So, you’ve accidentally added a misspelled word to Google Chrome’s custom dictionary, how do you rem[. ]

Office: Quickly Remove Text Formatting From Copy-Paste

Here are two quicker methods to copy-paste formatted text as unformatted text in Microsoft Office Ou[. ]

Источник

Windows NTP server with Linux clients

Has anyone got any experience syncing Linux (specifically Red Hat) to a Windows NTP server? Currently our Windows server is syncing to an stratum 1 server on the internet but the Linux boxes refuse to acknowledge it as a good time source. Having done a bit of research it seems our problem is the Root Dispersion value is possibly too high. Here’s the output from ntpq —

ntpq> peers remote refid st t when poll reach delay offset jitter ============================================================================== ntp1.ourdomain 10.10.10.1 4 u 20 128 377 0.376 1397.10 22.800 ntpq> ass ind assID status conf reach auth condition last_event cnt =========================================================== 1 30939 90b4 yes yes none reject reachable 11 ntpq> rv 30939 assID=30939 status=90b4 reach, conf, 11 events, event_reach, srcadr=ntp1.ourdomain.com, srcport=123, dstadr=10.10.10.2, dstport=123, leap=00, stratum=4, precision=-6, rootdelay=93.750, rootdispersion=2333.466, refid=10.10.10.1, reach=377, unreach=0, hmode=3, pmode=4, hpoll=7, ppoll=7, flash=400 peer_dist, keyid=0, ttl=0, offset=1369.793, delay=0.000, dispersion=21.915, jitter=15.387, reftime=d7493cd7.fd3528d6 Mon, Jun 16 2014 10:52:23.989, org=d74944eb.b857f9bc Mon, Jun 16 2014 11:26:51.720, rec=d74944ea.5709a581 Mon, Jun 16 2014 11:26:50.339, xmt=d74944ea.56ea01a7 Mon, Jun 16 2014 11:26:50.339, filtdelay= 0.48 0.51 0.00 0.43 0.50 0.44 0.40 0.55, filtoffset= 1380.34 1376.38 1369.79 1362.68 1360.75 1353.16 1349.80 1343.46, filtdisp= 15.63 17.58 19.48 21.42 23.37 25.30 27.25 29.20 

What I’m trying to understand is why this value is so high and is there anything we can configure on the Windows server to change it. Update Here’s some information from our Windows NTP server —

c:\Windows\System32>w32tm /query /status Leap Indicator: 0(no warning) Stratum: 2 (secondary reference - syncd by (S)NTP) Precision: -6 (15.625ms per tick) Root Delay: 0.0312500s Root Dispersion: 1.2097655s ReferenceId: 0x9E2BC042 (source IP: 158.43.192.66) Last Successful Sync Time: 18/06/2014 04:41:16 Source: ntp2.pipex.net Poll Interval: 15 (32768s) c:\Windows\System32>w32tm /query /peers #Peers: 2 Peer: ntp1.pipex.net State: Active Time Remaining: 6264.1144284s Mode: 1 (Symmetric Active) Stratum: 2 (secondary reference - syncd by (S)NTP) PeerPoll Interval: 15 (32768s) HostPoll Interval: 15 (32768s) Peer: ntp2.pipex.net State: Active Time Remaining: 6264.1144284s Mode: 1 (Symmetric Active) Stratum: 1 (primary reference - syncd by radio clock) PeerPoll Interval: 15 (32768s) HostPoll Interval: 15 (32768s) 

Источник

Оцените статью
Adblock
detector