Configuring time synchronization for Windows Server R2 domain controllers

Source: Internet
Author: User

1.specify an external time source and synchronize it with the Administrator command line on the domain controllerwhere the PDC resides (the PDC role (the default authoritative time service source within the domain)).

W32tm/config/manualpeerlist: "ntp.fudan.edu.cn 210.72.145.44"/syncfromflags:manual/reliable:yes/update

net stop W32Time & net start W32Time

W32tm/resync

W32tm/query/status

??

/manualpeerlist represents the list of external time source servers, separated by spaces between multiple servers, 210.72.145.44 is the time server IP address of the China National Timing Center

/syncfromflags:manual indicates synchronization with a server in the specified external time source server list

/reliable:yes Setting this computer is a reliable time source. This setting is only meaningful for domain controllers.

/update notifies the time service to configure changed notifications for the changes to take effect

In a domain environment, you only need to set the external time source of the root domain controller, and the other servers will be automatically set to synchronize with the domain controller time when they are added to the domain.

??

Clients in the domain want to synchronize with the primary domain time, execute the following command.

Command: W32tm/resync/rediscover

??

IP address of the National Timing Center Server (210.72.145.44)

ntp.fudan.edu.cn (Fudan) Recommended use

Time-b.nist.gov1 s1a.time.edu.cn Posts and telecommunications

S1b.time.edu.cn Tsinghua University

S1c.time.edu.cn Peking University

s1d.time.edu.cn Southeast University

S1e.time.edu.cn Tsinghua University

S2a.time.edu.cn Tsinghua University

S2b.time.edu.cn Tsinghua University

S2c.time.edu.cn Posts and Telecommunications

s2d.time.edu.cn Southwest Network Center

s2e.time.edu.cn Northwest Network Center

s2f.time.edu.cn Northeast Regional Network Center

s2g.time.edu.cn East China South Area Network Center

s2h.time.edu.cn Sichuan University Network Management Center

s2j.time.edu.cn Dalian University of Computer Network Center

s2k.time.edu.cn cernet Guilin Master Node

S2m.time.edu.cn Peking University

??

2. Show the time difference between local time and destination

W32tm/stripchart/computer:ntp.fudan.edu.cn/samples:30/dataonly

??

3, display the current server specified external time source

W32tm/query/source

??

4. Restore the default value of Windows Time service (do not do this easily, be sure to do it at the command line of the administrator)

net stop W32Time

W32tm/unregister

W32tm/register

net start W32Time

Perform the above operation and you may experience the following problem.

C:\Users\administrator. Ganghui>w32tm/register

W32Time successfully registered.

??

C:\Users\administrator. Ganghui>net Stop W32Time & net start W32Time

The Windows Time service is not started.

??

Please type NET helpmsg 3521 for more help.

??

System error 1290 has occurred.

??

The service failed to start because the service SID type setting for one or more services in the same process is incompatible. Has

Services with a limited service SID type can coexist in the same process only with other services that have a restricted SID type. If you just

You have just configured the service SID type for this service, you must restart the hosting process to start the service.

This requires a reboot of the server, one reboot, no reboot, until you can start the w32time service

??

5. Domain Control (PDC) of the OU, be sure not to set NtpServer. Leave the system default settings in a non-set state.

Gpo:policies, administratortive templates, System-Windows Time setting, time providers, Configu Re Windows NTP Client--NtpServer

If the time server domain name is set, the PDC time synchronization error will be caused. Similar to the following:

The reason is that the setting within the GPO is higher than the setting in step 1 above, in which case the PDC will fail based on this set of time synchronization attempts, and the non-PDC is not within the scope of the discussion, so no explanation is given.

??

If you have already configured the following issues occur:

C:\Users\administrator. Ganghui>w32tm/resync

To send the Resync command to the local computer

This computer is not resynchronized because there is no time data available.

C:\Users\administrator. Ganghui>w32tm/query/source

Local CMOS Clock

??

??

6, set the synchronization interval time (school time period)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval

The value of the modifier key specialpollinterval is 604800 decimal (that is, 604,800 seconds, 1 days)

??

7. View Event Log-system log, find W32Time receive clock synchronization information

??

8.Configure Group Policy to set time synchronization for domain members ( this policy must not affect the PDC)

  1. Open "Active Directory Users and Computers", right-click on the domain, properties. Group Policy, Open.
  2. Right-click on "Default Domain Policy" and edit.
  3. Computer Configuration-Administrative Templates-system-windows Time service, double-click Global Time Configuration, select Enabled.

    Modify the value of MaxNegPhaseCorrection to 3600 (that is, 3,600 seconds, 1 hours)

    Modify the value of MaxPosPhaseCorrection to 3600 (that is, 3,600 seconds, 1 hours)

    Modify the value of AnnounceFlags to 5

    Click "Apply" and "OK".

  4. Computer Configuration-Administrative Templates-system-windows Time service-time provider, enable Windows NTP Client, select Enabled.

    Configure Windows NTP Client, select Enabled.

    Modify the value of Ntpsever to ad-server.rybb.com,0x6

    Modify the value of type to NTP

    Modify the value of SpecialPollInterval to 1800 (30 minutes)

??

??

The reference URL is as follows:

http://zjwsk.blog.163.com/blog/static/598306132012112973544376/

Configuring time synchronization for Windows Server R2 domain controllers

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.