Time Server Q and A - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Lounge » Time Server Q and A

Page 1 of 2

Topic Options

#159153 - 2006-03-16 12:04 AM Time Server Q and A
StarwarsKid StarwarsKid Seasoned Scripter Registered: 2005-06-15 Posts: 506 Loc: Oregon, USA	I wanted to see what method others are using for time management on their networks. Please share your method. I have a project and want to see what my options are. Thanks! _________________________ let the wise listen and add to their learning, and let the discerning get guidance- Proverbs 1:5
Top

#159154 - 2006-03-16 12:34 AM Re: Time Server Q and A
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11631 Loc: CA	I think you need to spell out a little more what you're talking about. Time Management can mean a lot of things to different people.
Top

#159155 - 2006-03-16 12:55 AM Re: Time Server Q and A
StarwarsKid StarwarsKid Seasoned Scripter Registered: 2005-06-15 Posts: 506 Loc: Oregon, USA	Okay, here's what I'm trying to do. I have an AD 2000 network. I have two network subnets, one for staff and one for a controlled "control system" network. I have domain member workstations in the "Control" network. I don't want these computers to have internet access and I don't want them to be dependant on the domain controllers on the "staff" network. My plan is to configure a server on the "Control" network as a time server (not sure what method I'll use for this). I will then point all "control" workstations at this server. The server will update its time from an internet time server (like the Navy) or use a utility to perform time sync. So I'm wondering how others are doing this: Scripts, 3rd party utilities, Windows Time Service....... _________________________ let the wise listen and add to their learning, and let the discerning get guidance- Proverbs 1:5
Top

#159156 - 2006-03-16 01:05 AM Re: Time Server Q and A
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	that is funny you brought that up... I just configured my DC to be my domain time server 3 hours ago. Using windows timeservice... why add one, when one it already built in. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters] "LocalNTP"=dword:00000001 "Period"="24" "type"="NTP" "ReliableTimeSource"=dword:00000001 "NtpServer"="time.nist.gov time.windows.com" "MaxAllowedClockErrInSecs"=dword:00000900 _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#159157 - 2006-03-16 01:06 AM Re: Time Server Q and A
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	If you are using AD and you have the workstations joined to that domain, then you only need point your domain controller at a NTP source all other machines will sync with the DC _________________________ Today is the tomorrow you worried about yesterday.
Top

#159158 - 2006-03-16 01:07 AM Re: Time Server Q and A
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	Rad - if you want to have real fun try setting up time services for a hosted IPCC VOIP solution. Three different time protocols to deal with. _________________________ Today is the tomorrow you worried about yesterday.
Top

#159159 - 2006-03-16 01:08 AM Re: Time Server Q and A
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11631 Loc: CA	Quote: "NtpServer"="time.nist.gov time.windows.com" I'd pick some better or more redundant time sources. Those links are often down for us.
Top

#159160 - 2006-03-16 01:27 AM Re: Time Server Q and A
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Go ahead.. muck with the time and watch your AD crumble. AD takes care of time sync cuz it needs ALL to be on the same timesource. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#159161 - 2006-03-16 01:35 AM Re: Time Server Q and A
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Our control system is stuck on NT4 because it cannot tolerate time changes. Our process control folks bought a GPS timesource and tried putting it in service and ran the whole process into the toilet. It will cost them more than half a million to upgrade all their consoles to be able to go to AD and have timesync. As it is, they are finding it increaingly harder to get drivers for NT4 SP3! _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#159162 - 2006-03-16 01:36 AM Re: Time Server Q and A
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11631 Loc: CA	Yes, and I think Rad is just saying he set one of his DC to be that main source, and then IT get's it's time from the Internet.
Top

#159163 - 2006-03-16 02:38 AM Re: Time Server Q and A
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	We use Dillobits SNTPd for Windows for all critical application servers, and Windows Time for the non-critical systems. We have 3 statum-2 servers that sync from GPS receivers. Every router syncs to those 3 systems. The application servers and DCs sync to the routers, and the workstations and non-critical servers sync with the DCs. We don't use Windows Time for our critical application servers because MS uses a derivative of NTP. The SNTP service we use syncs to +/-2ms, is fully configurable with regard to the sync rate and such, and has excellent logging. Windows Time is designed to be "good enough" for Kerberos, which requires a time tolerance of 5 minutes. If Windows Time is used exclusively, time between servers in the same subnet could vary up to 4 seconds (+/- 2 sec accuracy at sync) and up to 20 seconds between the farthest ends of a WAN. For our app servers, which must be no more than 0.5 seconds apart at opposite ends of the country, Windows Time was not "good enough". The approach you use will depend on your application. Windows Time is fine for workstations and most typical file/print & A/D purposes, although I am not personally happy with the lack of logging that is available compared to other products. At home, I use a 3rd party SNTP service on the firewall, which syncs with public time sources in the northeast US. The two AD-DC servers use the same SNTP service to sync with the firewall, and those SNTP services are set to "Ignore Not Sync'd" messages from the firewall. This way, the 2 DCs stay in sync with the firewall and with each other (+/- 2ms) even if I lose Internet connectivity. The remaining servers and workstations sync with the SNTP service running on the DCs. (I basically eliminated Windows Time on my home net.) One word of caution - Windows will REFUSE to join a domain if the Windows Time service is removed! When the server or workstation is joined to the domain, the Windows Time service is started (even if it isn't actually used to set the time) during the domain joining process. Allow that to complete, then simply stop and disable Windows Time if you are using SNTP. One more note regarding SNTP vs Windows Time.. I had a Kix app that compared the timestamp of a file on a remote system to a copy on the local system. Using Windows Time, the compare almost always failed - off by 1-3 seconds. When both servers were updated to SNTP, I have yet to have a miscompare unless they are off by an hour or more. (The master copy is updated, and the different times triggers a full directory sync.) Again - the decision of Windows Time vs SNTP depends on the time accuracy required by your application. Glenn PS - one more caution. Time is a tricky thing to deal with. We had a major issue a few years ago because the design of the system was linear. "A" got time from a GPS, "B" got time from "A", "C" from "B", and all the "D" systems sync'd with "C". When the GPS unit failed, "A" said "Not Sync'd" (which means "don't trust my time"). "B" knew it lost sync, so passed on the "not sync'd" message, and so on.. Instead of the "B" level servers being set to ignore the not sync'd message and keeping all the systems in sync with each other, all the systems decided not to trust the time source and use their internal clocks. These clocks had different drift rates, and after a few hours, systems were as much as 30 minutes off from one-another. The irony was that the level-A server was only off by 3 seconds - had the second-level servers been configured to always trust the local master time source, the entire network would have been in sync, and would have only been 3 seconds off from the real world. This isn't something to be approached casually! _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#159164 - 2006-03-16 08:41 AM Re: Time Server Q and A
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	Quote: If you are using AD and you have the workstations joined to that domain, then you only need point your domain controller at a NTP source all other machines will sync with the DC yupp... that's all that's really needed, unless you got extreme requirements. You can also specify several NTP sources, for example: Win2000 server: Code: net time /setsntp:"ntp1.sp.se ntp2.sp.se" for win2003 srv: Code: w32tm /config /manualpeerlist:"ntp1.chalmers.se ntp2.chalmers.se ntp.lth.se" /syncfromflags:manual /reliable:YES /update Edited by masken (2006-03-16 08:44 AM) _________________________ The tart is out there
Top

#159165 - 2006-03-16 05:57 PM Re: Time Server Q and A
StarwarsKid StarwarsKid Seasoned Scripter Registered: 2005-06-15 Posts: 506 Loc: Oregon, USA	Thanks for the input everyone. Glenn, especially thank you for the indepth on Dillobit SNTPd. I'm working on time sync for a waste treatment plant. I must keep time sync between all control computers. This sounds like a good direction to go. Thanks! _________________________ let the wise listen and add to their learning, and let the discerning get guidance- Proverbs 1:5
Top

#159166 - 2006-03-16 07:19 PM

Re: Time Server Q and A

NTDOC

Administrator

Registered: 2000-07-28
Posts: 11631
Loc: CA

You could brute force it too, though not recommended

I've used this for stand alone machines.

Code:

Function SetTimeServer($Peers,$Pos,$Neg,$Poll)
  Dim $Key,$Set,$Admin
  $Admin=IIf(InGroup(@WKSTA+'\'+SidToName('S-1-5-32-544'))-1+@INWIN=1,1,0)
  ;If user does not have Admin rights then quit.
  If Not $Admin Exit 5 EndIf
  $Key='HKLM\SYSTEM\CurrentControlSet\Services\W32Time\'
  $Set=WriteValue($Key+'Parameters','Type','NTP',REG_SZ)
  $Set=WriteValue($Key+'Config','AnnounceFlags',5,REG_DWORD)
  $Set=WriteValue($Key+'TimeProviders\NtpClient','SpecialPollInterval',$Poll,REG_DWORD)
  $Set=WriteValue($Key+'TimeProviders\NtpServer','Enabled',1,REG_DWORD)
  $Set=WriteValue($Key+'Parameters','NtpServer',$Peers,REG_SZ)
  $Set=WriteValue($Key+'Config','MaxPosPhaseCorrection',$Pos,REG_DWORD)
  $Set=WriteValue($Key+'Config','MaxNegPhaseCorrection',$Neg,REG_DWORD)
  SHELL '%comspec% /e:1024 /c  net stop w32time >NUL 2>NUL'
  SHELL '%comspec% /e:1024 /c  net start w32time >NUL 2>NUL'
  ;The w32tm command does not appear to set the errorlevel.
  ;You will have to check it against another source to confirm success
  SHELL '%comspec% /e:1024 /c w32tm /resync /rediscover >NUL 2>NUL'
EndFunction

Top

#159167 - 2006-03-16 11:38 PM Re: Time Server Q and A
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	But this method still has the accuracy limitation of W32Time... Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#159168 - 2006-03-16 11:40 PM Re: Time Server Q and A
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	My favorite "Free" SNTP service is "AboutTime", but requires SrvAny to run as a service. Dillobits is one of the better Win32 Service-based products out there, and very reasonably priced. Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#159169 - 2006-03-16 11:43 PM Re: Time Server Q and A
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11631 Loc: CA	Quote: But this method still has the accuracy limitation of W32Time... Glenn Yes, but that is still probably good enough for 99% of the Companies around the World.
Top

#173774 - 2007-02-08 05:40 PM Re: Time Server Q and A [Re: NTDOC]
Dugster Dugster Fresh Scripter Registered: 2006-12-12 Posts: 11	Hi, I would like to be able to set the sntp as decribed above and restart the w32time service irrespective of whether users have admin rights or not. Do you think this is possible or will I have to set the sntp and then wait until next reboot? Thanks as ever.
Top

#173776 - 2007-02-08 06:02 PM Re: Time Server Q and A [Re: Dugster]
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	Maybe you should open an new thread, put you question in it and a link to this thread. But what the h#ll that’s all in the past. You can write to the registry of a remote computer by writing to \\computernamegoeshere\hklm\..... If I recall correctly there is at least one UDf that can restart a service remotely. A GPO can also configure the time service. Windows Time Service and Internet Communication @ the MS website SERVICESTART() Starts or Stops and Starts a Service on a Local or Remote Workstation/Server. SetTimeServer() - Sets the authoritative time server in Windows WMIService() - Control NT services Edited by Mart (2007-02-08 06:08 PM) _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#173779 - 2007-02-08 06:25 PM Re: Time Server Q and A [Re: Dugster]
DStelz DStelz Getting the hang of it Registered: 2007-01-26 Posts: 72 Loc: Green Bay, WI	I just wanted a little input back on this as well as I'm not familiar with it and I don't think whoever set it up was either, but these are our settings on our PDC: NtpServer="time.windows.com,0x1" ServiceDll="c:\windows\system32\w32time.dll" ServiceMain="SvchostEntry_W32Time" Type="NT5DS" These are obviously different then what some people have. Just wanted some opinions on it. Thanks and sorry if this should be in a new thread. Edited by DStelz (2007-02-08 06:26 PM)
Top

Page 1 of 2

Previous Topic View All Topics

Index Next Topic

Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org