Re: Issues with w32tm on AD network

From: Martin Burnicki <martin.burnicki@xxxxxxxxxxx>
Date: Mon, 25 Feb 2008 15:42:34 +0100

Andrew,

Andrew Hodgson wrote:

On Fri, 22 Feb 2008 09:31:38 +0100, Martin Burnicki
<martin.burnicki@xxxxxxxxxxx> wrote:

Though it's normally preferable to run ntpd rather than w32time, there is
a limitation if you run ntpd on a domain controller:
The domain members (workstations) will stop detecting the domain
controller automatically as their primary time source, so you'll have to
configure the domain controller explicitely as times source on every
client.

Yes, I have found this in a previous life, plus it caused some other
issues for us as well, which is why I would like to keep W32tm if
possible.

Do you remember which kind of issues that were?

If you also run any Linux or other *ix server then a better approach would
be to let the *ix machine synchromize to the pool servers, and configure
the *ix machine as "internet time source" for w32time on the domain
controller.

Unfortunately the Debian box I have is a laptop that is not on
continuously, so no good. I do have an ASA firewall and a Cisco
router however, which at present are set to get time from the Windows
box, but I could set one up as an NTP server perhaps?

I don't know the ASA firewall, but I've heard several times that routers
don't do a good job as NTP servers.

Maybe you have another Windows server on which you can install NTP. That
server could get the time from the pool servers, and the root PDC could run
w32time and get the time from the server running ntpd.

This is a good basic configuration if you want to use a built-in radio clock
or GPS receiver as time source, which come with their own driver software.

The reason is because it's hard to tell w32time that it does not need to
have an upstream time source configured and thus not touch the system time,
because the system time is already disciplined by another driver, and
w32time just had to distribute that synchronized time on the network.

With ntpd this configuration is pretty easy: just configure the local clock
as ref time source with stratum 0.

Martin
--
Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont
Germany
.

References:
- Issues with w32tm on AD network
  - From: Andrew Hodgson
- Re: Issues with w32tm on AD network
  - From: Martin Burnicki
- Re: Issues with w32tm on AD network
  - From: Andrew Hodgson

Prev by Date: Re: Issues with w32tm on AD network
Next by Date: Re: no ntp synchronisation: 2s to 6s time shift !
Previous by thread: Re: Issues with w32tm on AD network
Next by thread: Re: Issues with w32tm on AD network
Index(es):
- Date
- Thread

Relevant Pages

Re: NTP in Win 2003 domains (awaiting response of my previous post)
... The purpose of the Windows Time service is to make sure that all computers that are running Microsoft Windows 2000 or later versions in an organization use a common time. ... All domain controllers in a domain nominate the primary domain controller operations master as their in-bound time partner. ... When you configure the authoritative time server to sync with an Internet time source, ...
(microsoft.public.windows.server.active_directory)
Re: Windows 2003 Time service
... to the authoratative time server? ... sync with the next step on the domain hierarchy and there are no higher ... domain hierarchy to use as a time source. ... Can you restart Windows Time service on this domain controller? ...
(microsoft.public.windows.server.setup)
Re: time sync from NTP in win 2003
... On any domain member computer, the Environment Variable called "logonserver" holds the name of the "authenticating domain controller", which is not necessarily the Domain Controller holding the PDC FSMO Role. ... Domain Controllers on the other hand, use a more complicated algorithm to synchronize their time with a "reliable time source", which is, by default, the Domain Controller with the PDC Emulator FSMO Role. ... The default configuration on clients and Domain Controllers normally works just fine. ... It shows that a member server or member workstation can synchronize time with ANY domain controller in their domain and will not necessarily synchronize with the one holding the PDC Emulator FSMO role. ...
(microsoft.public.windows.server.active_directory)
Re: time sync from NTP in win 2003
... which is not necessarily the Domain Controller holding the PDC FSMO Role. ... about which Domain Controller the member computers use as the time source? ... member server or workstation may synchronize time with any of them. ... configuration - it just works - when a computer joins the domain, ...
(microsoft.public.windows.server.active_directory)
Re: Issues with w32tm on AD network
... configure the domain controller explicitely as times source on every ... members did identify their PDC as time source when w32time was running on ... the PDC, but not when ntpd was running on the PDC. ...
(comp.protocols.time.ntp)