Time Service - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Lounge » Time Service

Page 1 of 1

1

Topic Options

#174183 - 2007-02-23 02:07 AM Time Service
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	Since we seem to get so many questions about how to use SetTime, I would like to offer up the following link. http://technet2.microsoft.com/WindowsSer...3.mspx?mfr=true Maybe we should add it to the FAQ forum? Of course that is for 2K3, I have the white paper on 2K if anyone wants it. Edited by Gargoyle (2007-02-23 02:09 AM) _________________________ Today is the tomorrow you worried about yesterday.
Top

#174190 - 2007-02-23 09:21 AM Re: Time Service [Re: Gargoyle]
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	You got my two cents on creating a FAQ for time services. Settime is not an option on properly configured networks because the users do not have sufficient privileges to set the time. The native Windows time service or a third party solution if the Windows time service can not be used for some reason is the way to got imho. If for some reason someone can not run the native time service for example they are running old NT4 systems for some reason the stuff below is an option. I’ve had great experiences with Tardis in the past. Tardis time services Edited by Mart (2007-02-23 09:22 AM) _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#174199 - 2007-02-23 04:22 PM Re: Time Service [Re: Mart]
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	Here's (hopefully) all you need to know about time synchronization in an Active Directory domain with 2003 server(s): On 2003 server, you should use w32tm to configure time synchronization. Best Practices: By default, all DC's synchronizes with their PDC in the domain. The PDC synchronizes with the PDC in any parent domain. Only the PDC of the Forest Root Domain should be configured to sync with an external time source via SNTP. The PDC servers from any child domains will sync time with the Forest Root Domains PDC via the NT5DS. Domain Controllers will sync time with their respective PDCe server via the NT5DS. Client workstations will initially talk to their logon server and then any other server in the domain via NT5DS for time sync messages. Root PDC NTP setup example: Code: w32tm /config /manualpeerlist:"ntp1.chalmers.se ntp2.chalmers.se ntp.lth.se" /syncfromflags:manual /reliable:YES /update How to test your setup: Code: w32tm /monitor w32tm /resync /rediscover Links: Introduction to Administering the Windows Time Service http://www.microsoft.com/technet/prodtec...d42da1afab.mspx Synchronize the Time Server for the Domain Controller with an External Source http://www.microsoft.com/technet/prodtec...7e9f16d183.mspx Configuring a time source for the forest http://www.microsoft.com/technet/prodtec...9167b95e48.mspx Public NTP Pool Servers http://ntp.isc.org/bin/view/Servers/NTPPoolServers A good NTP source to use if you're in Europe is europe.pool.ntp.org. This is a list of all public time servers in europe, randomly selected upon DNS-query. Edited by masken (2007-02-23 04:26 PM) _________________________ The tart is out there
Top

#174200 - 2007-02-23 04:37 PM Re: Time Service [Re: masken]
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	The only issue that you can end up with is when you have DMZ's and you have to decide how you want to handle time. In my place of employment we do not allow NTP to flow around the network freely and have a very specific method for all network equipment to get their time. But then again we are paraniod.... _________________________ Today is the tomorrow you worried about yesterday.
Top

#174201 - 2007-02-23 04:46 PM Re: Time Service [Re: Gargoyle]
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	hehe... ok, don't think that is a normal case you got there $\:\)$ Feel free to split the topic and post my FAQ in the FAQ section if you want... _________________________ The tart is out there
Top

#174345 - 2007-02-28 06:48 PM Re: Time Service [Re: masken]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	This works great for Windows/AD, but may (is) insufficient for many applicaiton server environments. App servers often need tighter sync of time than what is provided by the native W32Time service. W32Time has an accuracy within a subnet of +/-2 seconds, compared to +/-0.002 seconds for (s)NTP. Many enterprise environments employ a master time server (NOT the PDCe)that syncs to a trusted source (.pool.ntp.org or GPS). This runs (s)ntp service, which the PDCe syncs to, along with at least two secondary NTP servers. BDCs sync with the PDCe, and workstations sync with DCs, all using W32Time. The app servers, however, (Windows, Unix, etc) utilize an NTP service and sync with the secondary NTP servers. The master time server is configured to "lie" about its sync condition - it always reports "in sync". In this fashion, all AD DCs and clients remain in sync with no additional configuration and app servers remain in sync via the NTP servers. With all secondary (PDCe and NTP) time servers getting time from an internal master, your entire environment will stay in sync. I worked at a place that did not employ the "always report synced" setting on their master server. When it lost connection to the external time source for a few hours, it reported "not synced", so the remaining systems chose not to trust it and switched to internal clocks. The resulting drift in 3 "real" hours caused a nearly 21 hour difference between two critical sysetms. What's worse, is that when the master server reconnected to the time source, it was only about 4 seconds out of sync. The massive time swings could have been avoided by using a single internal master time server that was configured to always be authoritative. Glenn _________________________ Actually* I am a Rocket Scientist! $\:D$
Top

#174347 - 2007-02-28 09:47 PM Re: Time Service [Re: Glenn Barnas]
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	Yeah, that's what the /reliable:YES switch is for. W32time uses SNTP as far as I know? $\:o$ _________________________ The tart is out there
Top

#174348 - 2007-02-28 09:58 PM Re: Time Service [Re: masken]
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Does anybody really know what time it is? (does anybody care?) _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#174352 - 2007-02-28 11:04 PM Re: Time Service [Re: masken]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	We had some senior MS engineers in about a year ago to discuss time sync. The bottom line is that, while w32time is "based on" and "compatible with" SNTP protocol, it has been adapted for MS/AD/Kerberos needs. Servers across multiple subnets can have as much as 20 seconds difference. This could be a serious issue in transactional database operations. The white paper that MS published clearly states that "certain applications may require more accurate time sync, and users are encouraged to implement 3rd-party (s)NTP Solutions". Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#174354 - 2007-02-28 11:49 PM Re: Time Service [Re: Glenn Barnas]
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Originally Posted By: Glenn Barnas ...and users are encouraged to implement 3rd-party (s)NTP Solutions Somehow, I doubt the KiX SetTime command falls into that category. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#174361 - 2007-03-01 12:21 PM Re: Time Service [Re: Glenn Barnas]
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	Originally Posted By: Glenn Barnas The white paper that MS published clearly states that "certain applications may require more accurate time sync, and users are encouraged to implement 3rd-party (s)NTP Solutions". I've got an Oracle RAC cluster. The machines have been congifured to sync time with AD, but it is not accurate or reliable enough. Because records may be added to the database by diffent database servers and different application servers it means that it is possible for records written by one node to have timestamps earlier than records which have already been written by another node. To a certain extent the failure is in the application which should use a more reasonable granularity for the time - there is no way to guarantee that the nodes will have identical times unless one of them is working as a "time master" and all the other nodes use it for all time related references. The servers are always going to be a slightly adrift, even if it is just a couple of 1000ths of a second. At the moment the servers are a couple of seconds out, which is enough to cause problems. I want to implement a dedicated solid state stratum 1 server in the UK, either syncing with GPS or MSF. Unfortunately because of office politics there will probably be resistance to using a time source other than AD. Do you have a link to the whitepaper or a title that I can search on? Documentation evidence from MS that recommends using alternative time sources when increased accuracy or synchronisation is required will smooth the process.
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 764 anonymous users online.

Newest Members

ManuvdWielNL, Sir_Barrington, batdk82, StuTheCoder, M_Moore
17887 Registered Users

Generated in 0.069 seconds in which 0.028 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking