The Windows 2000 Server operating system includes a time synchronisation service called w32time or 'Windows Time'. The service is installed by default and runs continuously in the service list. The time service is required by the Kerberos authentication protocol to ensure all computers running in a Windows 2000 environment utilise a common shared time. This article describes how to set up and configure an Authoritative Time Server in a Windows 2000 Server environment. It also discusses the hierarchical relationship at the heart of the service and provides some configuration hints and tips.
The Windows Time Synchronisation Hierarchy The Windows 2000 time service utilises a hierarchical synchronisation structure: Desktop workstations and Member Servers nominate their domain controller as the source of time; Domain controllers nominate the PDC as their source of time synchronisation, but may also utilise a parent domain controller; PDC's follow the hierarchy of domains in the selection of their time synchronisation source.
In the hierarchy the PDC emulator in the forest root domain is the primary time reference for the organisation. The PDC in the forest root domain can have its internal reference clock controlled in a number of ways:
- By utilising it's own internal hardware system clock
- By synchronising to an Internet based NTP time server.
- By synchronising with a local intranet based NTP time server or hardware reference clock.
- By utilising a hardware reference clock.
Each of these methods of synchronisation described above raises a number of issues.
A PDC utilising it's own internal unsynchronised hardware system clock will drift significantly over time, transactions cannot be referenced to a traceable source of time.
A PDC synchronising to an Internet based NTP time server can obtain accurate time. However, this raises security issues since the NTP port in the firewall must be left open for synchronisation. Also, Internet based NTP servers cannot provide authentication, so the source of time cannot be guaranteed.
Many of the above issues can be solved yy synchronising a PDC with a local intranet based NTP time server or hardware clock. A local NTP server or hardware clock has the advantage of providing a traceable time reference and also secure authentication.
The Windows 2000 Time Service Configuration.
Configuration of the Windows 2000 Time Service is carried out by editing registry entries. It is highly recommended that the registry be backed up before conducting any modifications. This allows the registry to be restored in the event of erroneous modification.
To configure the PDC master to utilise its internal system clock requires only that the W32Time registry entry 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags' is set to 'A'. This makes the PDC announce itself as a reliable time source. However, the system clock can drift over time and is not referenced to an accurate time source. Additionally, Windows Time will periodically generate system event log warnings indicating that the PDC should be configured to synchronise to an external time source. This warning can be ignored.
To configure the PDC to to synchronise to an external time reference, a number of registry entries must be modified. The windows time service registry settings are stored in the registry at 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\'.
The 'Type', 'Reliable Time Source' and 'Local NTP' parameters must be set to the value '1'. The 'NTP Server' parameter must be set to a list of space delimited NTP server peers that the computer is to synchronise to. The 'MaxAllowedClockErrInSecs' indicates the maximum number of seconds between the system time and received times that the received time is to be considered a valid new time. The 'Period' parameter indicates the frequency with which the time service is to synchronise.
After the registry entries have been correctly modified, the Windows Time service must be stopped and restarted. At a command prompt enter 'net stop w32time andand net start w32time' to restart the service.
Hints and Tips.
The correct operation of the Windows Time service depends heavily on the correct functioning of network devices and infrastructure. Common problems such as TCP/IP connectivity, DNS resolution, inaccurate NTP time references and network delay can all cause problems with the synchronisation service. Additionally, when synchronising to an Internet NTP server, ensure that USP port 123 is open on the firewall. UDP port 123 is the port reserved for NTP communication packets.
Links:
fixing kernel32 dll error can regenerate nearly all category of dll files automatically. The software owns perfect features on recover dll mistake. It possessed easy-to-use interface. No matter you are a laptop novice or an advanced laptop user, you can use kernel 32 dll error fixer conveniently. Furthermore, it ensures your program perform smoothly.
memory stick recovery is your first and best choice. how to recover files from memory stick is a free, fast and safe solution for your deleted data repair from memory card. This free memory card restore software give common and quick data recovering solutions to recovering lost files from any memory card. It compatible of all type in the market.
Best Video Revealing Websites
Modern Tools For Modern Humans
How To Defend Your Smart Phone Against Attack?
Do You Rate Customer And Employee Loyalty?
Online Video: Beyond Google And Youtube
The Windows Time Synchronisation Hierarchy The Windows 2000 time service utilises a hierarchical synchronisation structure: Desktop workstations and Member Servers nominate their domain controller as the source of time; Domain controllers nominate the PDC as their source of time synchronisation, but may also utilise a parent domain controller; PDC's follow the hierarchy of domains in the selection of their time synchronisation source.
In the hierarchy the PDC emulator in the forest root domain is the primary time reference for the organisation. The PDC in the forest root domain can have its internal reference clock controlled in a number of ways:
- By utilising it's own internal hardware system clock
- By synchronising to an Internet based NTP time server.
- By synchronising with a local intranet based NTP time server or hardware reference clock.
- By utilising a hardware reference clock.
Each of these methods of synchronisation described above raises a number of issues.
A PDC utilising it's own internal unsynchronised hardware system clock will drift significantly over time, transactions cannot be referenced to a traceable source of time.
A PDC synchronising to an Internet based NTP time server can obtain accurate time. However, this raises security issues since the NTP port in the firewall must be left open for synchronisation. Also, Internet based NTP servers cannot provide authentication, so the source of time cannot be guaranteed.
Many of the above issues can be solved yy synchronising a PDC with a local intranet based NTP time server or hardware clock. A local NTP server or hardware clock has the advantage of providing a traceable time reference and also secure authentication.
The Windows 2000 Time Service Configuration.
Configuration of the Windows 2000 Time Service is carried out by editing registry entries. It is highly recommended that the registry be backed up before conducting any modifications. This allows the registry to be restored in the event of erroneous modification.
To configure the PDC master to utilise its internal system clock requires only that the W32Time registry entry 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags' is set to 'A'. This makes the PDC announce itself as a reliable time source. However, the system clock can drift over time and is not referenced to an accurate time source. Additionally, Windows Time will periodically generate system event log warnings indicating that the PDC should be configured to synchronise to an external time source. This warning can be ignored.
To configure the PDC to to synchronise to an external time reference, a number of registry entries must be modified. The windows time service registry settings are stored in the registry at 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\'.
The 'Type', 'Reliable Time Source' and 'Local NTP' parameters must be set to the value '1'. The 'NTP Server' parameter must be set to a list of space delimited NTP server peers that the computer is to synchronise to. The 'MaxAllowedClockErrInSecs' indicates the maximum number of seconds between the system time and received times that the received time is to be considered a valid new time. The 'Period' parameter indicates the frequency with which the time service is to synchronise.
After the registry entries have been correctly modified, the Windows Time service must be stopped and restarted. At a command prompt enter 'net stop w32time andand net start w32time' to restart the service.
Hints and Tips.
The correct operation of the Windows Time service depends heavily on the correct functioning of network devices and infrastructure. Common problems such as TCP/IP connectivity, DNS resolution, inaccurate NTP time references and network delay can all cause problems with the synchronisation service. Additionally, when synchronising to an Internet NTP server, ensure that USP port 123 is open on the firewall. UDP port 123 is the port reserved for NTP communication packets.
Links:
fixing kernel32 dll error can regenerate nearly all category of dll files automatically. The software owns perfect features on recover dll mistake. It possessed easy-to-use interface. No matter you are a laptop novice or an advanced laptop user, you can use kernel 32 dll error fixer conveniently. Furthermore, it ensures your program perform smoothly.
memory stick recovery is your first and best choice. how to recover files from memory stick is a free, fast and safe solution for your deleted data repair from memory card. This free memory card restore software give common and quick data recovering solutions to recovering lost files from any memory card. It compatible of all type in the market.
Best Video Revealing Websites
Modern Tools For Modern Humans
How To Defend Your Smart Phone Against Attack?
Do You Rate Customer And Employee Loyalty?
Online Video: Beyond Google And Youtube
※コメント投稿者のブログIDはブログ作成者のみに通知されます