The W32TM command is a time service for Windows. Features of adjusting the hour for virtual controllers in the domain
Utility command line w32tm.exe recognized for removal or installation of the Windows clock service W32Time that keruvannya it on the local or remote computer. Windows clock service ( W32Time) is recognized for synchronization of date and time on computers in local or global networks. If the clock service is not installed or disabled, clock synchronization is not possible.
Service W32Time ensure the functioning of both the client and server parts software system and the same computer can be simultaneously a client and a server NTP(NTP - Network Time Protocol). NTP protocol overrides port 123/UDP, which needs to be checked for the hour of setting up the system's firewall.
The algorithm for the functioning of the service is a little different depending on whether the computer is a member of the domain or not. Computers that do not enter the domain to win the syncronization of the yearbook zovnishnim dzherel, and the input - with an internal NTP server, which is a domain controller with the participation of a PDC emulator (primary domain controller emulator). At this point, the NTP server itself is synchronized at a reasonable hour. The scheme with a domain controller is implemented when the domain is expanded Active Directory And without any manual intervention, moreover, such an intervention threatens with non-transfer problems with the functioning of the infrastructure. For computers that do not enter the domain, you should change your settings to avoid being disturbed. Zocrema, all relevant Windows versions(Windows 7 and older), transferred by the scheduler to the standard synchronization schedule to the hour from the external clock SynchronizeTime, yak is laced with far from the most optimal rank. In addition, the service parameters set for the hour, installed behind the locks, do not ensure the automatic synchronization of the system calendar from the external server to the Internet.
Command line parameters for installing (removing) the hour service:
w32tm
? - Visnovok background information schodo vikoristannya command.
register- the installation of the Windows clock service and the addition of the standard configuration to the Registry.
unregister- remote service to the Windows clock and all parameters of the configuration from the registry.
Service parameters are saved at the registry key
HKLM\System\CurrentControlSet\Services\w32time
Obviously, the parameters of the service can be changed at the same time for an additional command w32tm, ale and editing the registry. Whenever you need to stop changing parameters, be sure to use the update configuration command.
w32tm /config /update
or restarting the W32Time service.
Command line parameters for monitoring the hour service:
w32tm /monitor]]
domain- Specify the domain to be guarded. If the name of the domain is not assigned, or it is not assigned to the domain or the computer, it is more accurate to name the domain for promotion. This parameter can be selected several times.
computers- Watch out for the overhaul of the list of computers. The names of computers are separated by lumps, without spaces. If the name can be prefixed with "*", it is considered the name of the primary domain controller in Active Directory (AD PDC). This parameter can be selected several times.
threads- the number of computers that are immediately guarded. The standard value for locking is 3. The allowable range is from 1 to 50.
ipprotocol- version of the IP protocol (4 or 6), which must be checked for caution. For promotions, the IP protocol will be announced, whether it is an available version.
nowarn- do not show warnings from the advances.
Command line parameters for timchasovym reshuffle:
w32tm /ntte hour_NT
Converting the NT system hour in intervals (10^-7) from 00 on Sep 1, 1601 to reasonable format.
w32tm /ntpte NTP hour - Converting the NTP hour in intervals (2^-32) from 00 on 01 September 1900 to reasonable format.
Parameters for the primus primus synchronization of the date and time from the outside clock:
w32tm/resync
Give the computer a command to clear the viconate and re-synchronize your yearbook with the latest statistics of pardons accumulated.
computer:computer- a computer that can re-synchronize. If the parameter is not specified, re-synchronization will be counted local computer.
nowait- do not check for the completion of the re-synchronization, reverse the rotation incorrectly. Otherwise, check to complete the re-sync before turning.
rediscover- re-assign the merger configuration and re-display the dzherel merezhni, and then re-synchronize.
soft- re-synchronize, vikoristovuyuchi statistic pardons. This parameter in modern operating systems is not victorious, and it is necessary for the security of consciousness.
w32tm /stripchart /computer:computer
View the diagram of powers between sim and other computer. computer:computer- computer
period: update- interval between counts (in seconds). The value for the lock is 2 s.
dataonly- show more data, without diagrams.
samples:number- pick up number show, then zupinitis. If not specified, select these three dots, dots are not pressed CTRL+C or CTRL+Break.
packetinfo- override the NTP packet. ipprotocol- Specify the version of the IP protocol that you need to change. Behind the promotion, there will be an available protocol.
w32tm /config /syncfromflags:jerelo]
computer:computer- New configuration of the specified computer. If the parameter is not set, the local computer will be promoted.
update- keep the service to the hour, that the configuration has changed, to change the ranks.
manualpeerlist:woozley- manually specify a list of DNS-names and (or) IP-address, separated by spaces. When specifying a number of knots, this parameter may be laid at the foot.
syncfromflags:jerelo- It shows that the NTP client is responsible for synchronizing the NTP client. dzherelo may be a list of upcoming key words, divided by coma (without register adjustment):
  MANUAL- synchronization with nodes from a manually specified list.
  DOMHIER- synchronization with the controller of the Active Directory domain in the domain hierarchy.
  NO- Without synchronization.
  ALL- Synchronization both with nodes, set manually, and with nodes of the domain.
LocalClockDispersion: seconds- set up the accuracy of the internal calendar, for which w32time service will work, as it is not possible to take the hour from your own clocks.
reliable:(YES|NO)- It shows that the computer is over the hour. This parameter is less important for domain controllers.
  YES- Tsey computer is a superb service to the hour.
  NO- This computer is not a superb service to the hour.
largephaseoffset:misec- set the difference between local and metered hours, so that the w32time service is set to the maximum.
w32tm/tz- Displays current time zone parameters.
w32tm /dumpreg- Vіdobrazhaє znachennya, pov'yazanі z rasdіlom registry.
Razdіl for zamovchuvannyam: HKLM\System\CurrentControlSet\Services\W32Time(Root division of the service to the hour).
subkey:split- Vіdobrazhaє znachenya, pov'yazanі z pіdrozdіl divided divided for locks.
computer:computer- request the parameters of the registry for the computer computer.
w32tm /query (/source | /configuration | /peers | /status)- Display information about the Windows clock service on the computer computer.
If the parameter is not specified, the local computer will be promoted.
source- Look at the hour.
configuration- Display the configuration for the hour of the change and change of the parameter. The detailed protocol mode also has unset or unset parameters.
peers- Display the list of universities in those countries.
status- Display the Windows hour service.
verbose- set the mode of detailed protocol for viewing additional information.
w32tm /debug (/disable | (/enable /file:name /size:bytes /entries:values ))- Mickaє or vimikaє private log Windows service on the local computer.
disable- Wimknut private journal.
enable- Enable private log.
file:im'ya- Specify an absolute name for the file.
size:byte- Specify the maximum size of the cyclic log file.
entries: values- a list of ensigns, given by number and divisions, which indicate the type of statements that can be entered in the journal. Valid numbers: 0-300. Crim of single numbers, allowable range of numbers, for example, 0-100,103,106. Values 0–300 are selected to be included in the journal of all statements.
truncate- Use the file, as if you have a VIN.
Apply w32tm command variant
As a rule, the Windows clock service is installed with the startup type Manually and run as needed. As if the service to the hour is Zupinen, then she is cherished for help by the command w32tm impossible. To start, the teeth or the re-verification of the service, you can change the command sc
sc query w32time- Display the Windows hour service
sc \\192.168.0.8 query w32time- display the service hour on the computer with the address 192.168.0.8
sc start w32time
sc \\192.168.0.8 start w32time- start the Windows clock service on the computer with the address 192.168.0.8 .
sc stop w32time- start Windows service.
Krim utilities sc.exe it is possible to vikoristuvati equipment Services(services.msc) keypads or classic commands net stopі net start
net stop w32time
net start w32time
To manage the Windows clock service, you need administrator rights either locally or remotely.
w32tm/?- show a hint about how to win.
w32tm /query /configuration- Display the Windows clock service configuration on the local computer.
w32tm /query /configuration /computer:\\WIN10- Show the configuration of the service to the hour on the computer with the names WIN10
[Nakashtuvannya]
EventLogFlags: 2 (Local)
AnnounceFlags: 10 (local)
TimeJumpAuditOffset: 28800 (local)
MinPollInterval: 10 (local)
MaxPollInterval: 15 (Local)
MaxNegPhaseCorrection: 54000 (local)
MaxPosPhaseCorrection: 54000 (local)
MaxAllowedPhaseOffset: 1 (local)
FrequencyCorrectRate: 4 (local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 1 (Local
) UpdateInterval: 360000 (local)
FileLogName: C:\User1\w32tmlog.log (Local)
FileLogEntries: 0-300 (local)
FileLogSize: 100000 (local)
NtpClient (Local)
Enabled: 1 (Local)
InputProvider: 1 (local)
Available National Mode Combinations: 1 (local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 604800 (Local
) Type: NTP (Local)
NtpServer: time.windows.com,0x9 (Local)
VMICTimeProvider (Local)
DllName: C:\WINDOWS\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (local)
NtpServer (Local)
DllName: C:\WINDOWS\SYSTEM32\w32time.DLL (Local)
Enabled: 0 (Local)
InputProvider: 0 (Local)
Section Nalashtuvannya the streaming parameters of the Windows clock service have been set, in the distribution TimeProviders- Implementation of software security for both client and server parts.
The most important parameters of the hour service:
type- Set the type of synchronization. Vin can take the following values:
  NoSync- don't beat the syncronization with whatever the hell of an hour.
  NTP synchronization from external servers to the hour, as specified in the parameter NtpServer
  NT5DS- synchronization vykonuetsya zgidno z domain ієrarchієyu;
  AllSync- Synchronization for help, whether there are available dzherels.
For a computer that does not enter the domain, the synchronization type is selected NTP ta NTPServer with im'yam time.windows.com. If necessary, you can add more NTP servers by entering their DNS names or IP addresses through the prob. For example, you can add a 16th number for the skin name, or the ensign (for example - 0x1) which determines the synchronization mode from the server to the hour.
Possible values for the mode:
0x1 - SpecialInterval, selection of the interval of the experiment, which is to be set;
0x2 – UseAsFallbackOnly mode – sync only as needed;
0x4 - SymmetricActive, symmetrical active mode;
0x8 - Client, forcing the request from the client mode.
Possible combinations of modes:
NtpServer: time.windows.com,0x9- client request (0x8) from wikis specified interval(0x1) to synchronize the calendar with the time.windows.com server
SpecialPollInterval- value in seconds for update interval hour. For locking - 604800 seconds, which means 7 deb. Might change this interval, for example, for 1 year (3600) or if you want to get 1 harvest (86400).
More important values to change parameters MaxNegPhaseCorrectionі MaxPosPhaseCorrection how to set the most negative and positive impression of the year, in which case synchronization can be achieved. Significance for the lock - 54000 (In seconds) tobto. 15th year, what to bring to the point that the synchronization of the hour does not change when the reading of the yearbook differs by an amount that exceeds 15th year. When you try to resynchronize the hour with the command w32tm / resync the showing of the anniversary will not change and will be shown in advance:
Synchronization is not vikonan, the shards are powered by the change, which is great.
Therefore, for proper synchronization of the yearbook of the computer with the server, an hour on the Internet, independently from the current readings, it is necessary to increase the absolute value of the parameters MaxNegPhaseCorrectionі MaxPosPhaseCorrection, or instead set the maximum value of the DWORD type - 0xffffffff or 4294967295.
After changing the parameters MaxNegPhaseCorrectionі MaxPosPhaseCorrection at the registry of the system, the synchronization will be monitored independently from the streaming displays of the computer's yearbook.
w32tm /monitor/computers:ru.pool.ntp.org- Show the difference in hours this computer that time server en.pool.ntp.org.
w32tm /monitor /computers:ru.pool.ntp.org,time.windows.com,time.nist.gov- Show the difference in the hour of this computer and the number of servers per hour.
w32tm/resync– synchronize the year of the local computer with the server at the hour, which is the victor's record.
w32tm /stripchart /computer:pool.ntp.org /samples:3 /dataonly- match the display of the year of the local computer with the display of the server to the hour pool.ntp.org. If 3 requests are made, the results will be displayed in the text view.
An example of the provided information:
Reference pool.ntp.org.
Choice of views 3.
The current hour is 02/14/2017 17:04:02.
17:04:02 d:+00.0154105s o:+00.0201873s
17:04:04 d:+00.0154035s o:+00.0257523s
17:04:06 d:+00.0154118s o:+00.0147256s
d:- shutdown, time interval between the power supply and the withdrawal of the NTP server.
o:- Change of the local date according to the indication of the NTP server (for example, if the value is positive, the date is correct, if the value is negative, hurry up).
w32tm /stripchart /computer:pool.ntp.org- those that are in the front butt, but the re-verification will be fixed without interruption, the docks will not be pressed by the combination of keys CTRL+C or CTRL+Break
w32tm /config /syncfromflags:manual /manualpeerlist:ru.pool.ntp.org /update- change the configuration of the hour service for the NTP server variant en.pool.ntp.org and zastosuvat zroblenі change.
w32tm /query /configuration- Display the current configuration of the Windows clock service on the local computer.
w32tm /query /configuration /computer:win10- display the current configuration of the Windows clock service on the computer WIN10.
w32tm /query /source- Display information about the hour on the local computer.
w32tm /query /source /computer:win10- display information about the hour on the computer win10.
w32tm /unregister- remove the Windows service from the system. The service parameters must be removed from the registry. Before vikonannyam, the service is due for an hour, buti zupinena, otherwise the command will end with a pardon for access.
w32tm/register– install the Windows clock service on your computer. With this, all service parameters at the registry are created anew. To change the parameters of the tasks for locking, you can twist the import from the back of the prepared reg-file, for example:
Windows Registry Editor Version 5.00
"MaxNegPhaseCorrection"=dword:ffffffff
"MaxPosPhaseCorrection"=dword:ffffffff
Setting up an NTP server on Windows
Starting from Windows 2000, all operating Windows systems turn on the hour service W32Time. Tsya service is recognized for synchronization to the hour at the borders of the organization. W32Time works for both the client and server parts of the service for an hour, and the same computer can be an NTP (Network Time Protocol) client and server at the same time.
For the promotion, the hour service in Windows has been set up with the following rank:
When installed operating system Windows starts the NTP client and synchronizes at the correct time;
When adding a computer to the domain, the synchronization type is changed. mustache client computers and rows of servers in the domain have to be synchronized with the domain controller, which checks the correctness;
When a member server is promoted to a domain controller, an NTP server is launched on a new one, which is like a time-consuming controller for participation PDC-emulator;
PDC-emulator, distribution at the root domain lіsu, є the main server for the organization. At the same time, the wine itself is also synchronized with the old hour.
Such a scheme works for most people and does not require involvement. However, the structure of the service in Windows may not be recognized by the domain hierarchy, and it can be recognized as the original hour of the computer. As an example, I will describe setting up an NTP server in Windows Server 2008 R2, although the procedure has not changed in Windows 2000 hours.
Starting the NTP server
I’ll note that the Windows Server time service (starting in 2000 and ending 2012) can’t graphic interface and can be configured either from the command line, or by way of direct modification of the system registry. Especially less close another way, let's go to the register.
Otzhe, before us, we need to start the NTP server. Open the registry key
HKLM\System\CurrentControlSet\services\W32Time\TimeProviders\NtpServer.
Here for setting the NTP server parameter Enabled you need to insert a value 1
.
Let's restart the service with the command net stop w32time && net start w32time
After restarting the NTP service, the server is already active and can serve clients. You can switch at tsiomu for the help of the w32tm /query /configuration command. Qia command to display complete list service parameters. Yakshcho split NtpServer revenge row Enabled:1, then everything is garazd, the server works for an hour.
In order for the NTP server to instantly serve clients, do not forget to open the firewall UDP port 123 for inbound and outbound traffic.
Basic NTP server setup
The NTP server has been upgraded, now you need to tweak it. Open the registry key HKLM\System\CurrentControlSet\services\W32Time\Parameters. Here we are ahead of us to click the parameter type, which determines the type of synchronization. Vin can take the following values:
NoSync- The NTP server is not synchronizing with whatever good time it is. Victory anniversary, vbudovaniya at the CMOS chip of the server itself;
NTP- The NTP server is synchronized with the outgoing servers at the time specified in the registry parameters NtpServer;
NT5DS- NTP server to synchronize with the domain hierarchy;
AllSync- NTP server wins all available dzherel for synchronization.
Promotion value for a computer that can enter a domain. NT5DS, for okremo computer, what to cost — NTP.
І parameter NtpServer, in which NTP servers are specified, with which to synchronize the hour Danish server. At the request of some settings, the Microsoft NTP server (time.windows.com, 0x1), for the consumer, can add more NTP servers, entering their DNS names or IP addresses through a space. You can look through the list of available servers in an hour, for example, .
For example, a skin name can be added with an ensign (eg. ,0x1) which is the mode for synchronization with the server hour. The following values are allowed:
0x1- SpecialInterval, selection of a special interval for training;
0x2– UseAsFallbackOnly mode;
0x4- SymmetricActive, symmetric active mode;
0x8– Client, overpowering the request from the client mode.
If the ensign SpecialInterval is chosen, it is necessary to set the value of the interval in the key SpecialPollInterval. If the UseAsFallbackOnly flag is set, the service will be informed for an hour that this server will be victorious as a backup and before synchronization it will be victorious to the other servers in the list. The symmetrical active mode is overridden by NTP servers for locking, and the client mode can be overridden in case of synchronization problems. You can marvel at the report about synchronization modes, but don’t fool around and just put it down ,0x1(as for the sake of Microsoft).
Another important parameter Announce Flags be located in the registry HKLM\System\CurrentControlSet\services\W32Time\Config. Vіdpovidaє for those, as the NTP server declares and can accept the following values:
0x0( Not a time server) - the server will not tell itself through NetLogon like it's too late. Wine can be confirmed to NTP for a drink, but judges cannot recognize it as early as the hour;
0x1(Always time server) - the server is always deafened to itself independently of the status;
0x2(Automatic time server) - the server is less likely to be stunned, because it takes the last hour from another country (NTP or NT5DS);
0x4(Always reliable time server) - the server is always declared to itself, as if it were too late for the hour;
0x8(Automatic reliable time server) - the domain controller is automatically stunned by the name, which is the PDC emulator of the root domain of the fox. This entitlement allows the head PDC to declare itself as if it was authorized for an hour for the entire forest to make a connection with the greater NTP servers for the day. Another controller or a private server (for ensign) 0x2) you can’t declare about yourself, as if it were too late for the hour, as if you couldn’t know the hour for yourself.
Value Announce Flags warehousing the sum of warehouse yogis, for example:
10=2+8 — the NTP server declares to itself as a nadіynoy dzherelі hour for the mind, scho vіn otrimuє і from nadіynyj dzherelі chi є PDC of the root domain. Flag 10 is assigned for locking both for domain members, and for servers, which can stand.
5=1+4 - NTP-server always declares to itself as if it were too late. For example, to say a regular server (not a domain controller) like it’s too early, ensign 5 is needed.
Well, adjust the interval between updates. For a new one, it’s already a clue SpecialPollInterval, what is in the registry HKLM\System\CurrentControlSet\services\W32Time\TimeProviders\NtpClient. Vin is set in seconds and for locking, its value is 604 800, which becomes 1 day. For this reason, change the value of SpecialPollInterval to a reasonable value, say, up to 1 year (3600).
After installation, it is necessary to update the configuration of the service. You can do this with the w32tm/config/update command. І more commands for setting up, monitoring and diagnostics of the service:
w32tm /monitor – for additional options, you can find out if the system hour of a given computer is checked by the hour on the domain controller or on other computers. For example: w32tm /monitor/computers:time.nist.gov
w32tm / resync - for additional help of the command, you can set the computer to synchronize with the server at the hour that it is victorious.
w32tm /stripchart – show time difference remote computer, moreover, you can display the result in a graphical way. For example, the team w32tm /stripchart /computer:time.nist.gov /samples:5 /dataonly split 5 pairs from the assigned dzherel and display the result in the text view.
w32tm /config is the main command used to configure the NTP service. For help, you can set a list of servers per hour, the type of synchronization, and much more. For example, you can recalculate the value for the promotion and set the synchronization time with the current clock, you can use the command w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov /update
w32tm /query - Shows threaded service settings. For example, the command w32tm /query /source will show more timely, and w32tm /query /configuration will show all the parameters of the service.
Well, on the extreme slope 🙁
w32tm /unregister - unregister the hour service from the computer.
w32tm /register - registers the hour service on the computer. With this, all the parameters in the registry are created anew.
It is necessary to set up an hour at the domain just like we fired up a new forest, or else we transferred the PDC role to a different domain controller in the current forest.
The standard synchronization scheme for an hour in a domain is simple:
Є domain controller, which is the role of FSMO - PDC (Primary Domain Controller). It is necessary to set it up for synchronization with an hour with a well-known NTP server. Other domain controllers, as in the standard scheme, are synchronized with the domain controller in the Active Directory hierarchy.
The controllers of the highest level are synchronized with the PDC emulator. Row AD servers and client computers synchronize the hour with their site's domain controller.
Set up a domain controller for PDC participation
PS C:\> w32tm /config /manualpeerlist:192.168.5.10 /syncfromflags:manual /reliable:yes /update
PS C:\> Restart-Service w32time
P.S. C:\>w32tm/resync
The team has been successful.
de 192.168.5.10 is the original or corporate NTP server. Also, here you can indicate and kіlka benketіv, dividing by probіly and put everything in paws. You can specify either for an additional IP address, or for an additional DNS-name.
I want to indicate that this procedure is necessary to carry out in that case, as if the hour on the domain flow computer was adjusted before it was changed to non-standard ones. In this rank, we will turn everything into a default setting.
PS C:\> w32tm /config /update /syncfromflags:DOMHIER
The team has been successful.
P.S. C:\>w32tm/resync
Sending resync command to local computer
The team has been successful.
Adjusting the synchronization time in the Active Directory domain
A lot of theory and a little bit of practice about:
- Synchronization topology hour among Active Directory members
- optimal from my point of view of the server configuration time of the root PDC emulator
- blue commands for adjusting and diagnosing synchronization to the hour
- features that are necessary to secure for virtual domain controllers
Synchronization topology by hour among Active Directory members
Among the computers that take part in the Active Directory, the time synchronization scheme is coming.
The controller of the root domain in lisi AD, which should have the FSMO role of the PDC emulator (called the root PDC), is the time to decide the controller of this domain. The controllers of the child domains synchronize the hour from the controllers of the domain that are upstream according to the AD topology. Cross domain members (servers and workstations) synchronize their time with the nearest accessible domain controller, accessing the AD topology.
Rooted PDC can synchronize its own hour as if it were the original clock, and also with itself, the rest is set by the standard configuration and є absurdity, about which pardons are periodically pulled in the system log.
Synchronization of clients of the root PDC can be performed both from the 1st internal year and from the 1st root server. At first glance, the server of the root PDC will announce itself as "reliable".
Further, I will bring the server configuration optimally from my point of view to the hour of the root PDC, if the root PDC itself periodically synchronizes its hour with a trusted server on the Internet, and the hour of the clients, who turn back to new, synchronizes with their own year.
NTP server configuration on the root PDC
The server configuration (NTP server) can be configured as an additional w32tm command line utility, and through the registry. De mozhlivo, I will bring offensive options.
Enable synchronization of the internal yearbook with the old server "Type"="NTP" w32tm /config /syncfromflags:manual
Humiliation of the NTP server as if it were not necessary
"AnnounceFlags"=dword:0000000a w32tm /config /reliable:yes See TechNet library for details.
Notification of the NTP server
The NTP server is locked on all domain controllers, but it can be enabled on member servers.
"Enabled"=dword:00000001 Specifying the list of external servers for synchronization "NtpServer"="time.nist.gov,0x8 ntp1.imvp.ru,0x8 ntp2.imvp.ru,0x8 time.windows.com,0x8 ru.pool. ntp.org,0x8" w32tm /config /manualpeerlist:"time.nist.gov,0x8 ntp1.imvp.ru,0x8 ntp2.imvp.ru,0x8 time.windows.com,0x8 ru.pool.ntp.org,0x8 "
The flag 0x8 on the end means that synchronization is due in NTP client mode through the time interval requested by the server. In order to set your own synchronization interval, you need to set the flag 0x1. Reshta paraporіv is described in the TechNet library.
Setting the sync interval from the outer clock Hour in seconds between the sync clock waits for locking 900s = 15hv. Pratsyuє only for dzherel, znachenih ensign 0x1.
"SpecialPollInterval"=dword:00000384
The minimum positive and negative corrections have been established. The maximum positive and negative corrections for the hour (difference between the internal year and the synchronization time) are in seconds, if the synchronization is overturned, it is not detected. I recommend the value 0xFFFFFFFF, for which the correction can be changed forever.
"MaxPosPhaseCorrection"=dword:FFFFFFFF "MaxNegPhaseCorrection"=dword:FFFFFFFF
Everything you need in one row
w32tm.exe /config /manualpeerlist:"time.nist.gov,0x8 ntp1.imvp.ru,0x8 ntp2.imvp.ru,0x8 time.windows.com,0x8 pool.ntp.org,0x8" /syncfromflags:manual / reliable:yes /update
Colored commands
Stopping changes made before the service configuration
w32tm /config /update
Primus Synchronization from Dzherel
w32tm /resync /rediscover
I will become a synchronization of domain controllers in the domain
Inspection of streaming sync clocks and their status
w32tm/query/peers
Features of virtualized domain controllers
Domain controllers that work with a virtualized medium should have a special setting for themselves.
The timing of the virtual machine and the host OS can be disabled. All adequate virtualization systems (Microsoft, vmWare, etc.) have components of integration of the guest OS with the host OS, which significantly increase the productivity of the guest system. Among the components of the host is the synchronization time of the guest OS with the host OS, which is more expensive for ordinary machines, as well as contraindications for domain controllers. That's why in every case there is an easy cycle, when the domain controller of that host OS is synchronized one by one. The sums of money.
For the root PDC, synchronization from the original root can be set to factory. AT virtual environment the year is not exactly the same as for the physical, for that virtual machine working with a virtual processor and alterations, for which it is more characteristic as an increase, so it is possible to speed up the “magnificent” frequency. If you do not set up synchronization of the virtualized root PDC with the external server, the hour on all computers of the enterprise can be in / out for a year on the harvest. It doesn't matter if you show inaccuracy, if you can bring such a behavior.
First proceed before synchronizing the time with the current server, do not forget to log in to your front-end Intermediate screen standard NTP port – UDP 123
(It is necessary to allow it both at the entrance and at the exit of the day).
AT controller domain this one is already called "Active Directory Domain Controller - W32Time (NTP-UDP-In)" (in Inbound Rules)
Synchronization topology by hour among Active Directory members
Among the computers that take part in the Active Directory, the synchronization scheme is coming to the hour:
- Root domain controller in lisi AD, Who should play the FSMO role of the PDC emulator, є zherelom hour to decide the controllers of this domain.
- The controllers of the child domains, synchronize the hour from the controllers of the domain that are upstream according to the AD topology.
- Ordinary members of the domain (servers and workstations) synchronize their hour get closer to them by an accessible domain controller, accessing the AD topology.
The PDC can synchronize its hour like with the original clock, and with itself, the rest is set by the standard configuration and є absurdity, about which pardons are periodically pulled in the system log.
Synchronization of PDC clients can be performed both from the 2nd internal year and from the 1st date. At first glance, the server of the root PDC will announce itself as "reliable".
NTP server configuration on the root PDC
The server configuration (NTP server) can be configured as an additional w32tm command line utility, and through the registry.
De mozhlivo, I will bring offensive options.
Awareness of the synchronization of the internal yearbook with the external dzherel
- "Type"="NTP"
- w32tm /config /syncfromflags:manual
Switzerland- ch.pool.ntp.org
Israel- il.pool.ntp.org
LINKS:
False: Windows Server 2008 R2, Windows Server 2012 R2
for Windows Server 2003 R2 - є command difference for w32tm(The value of the register is y)
Operating systems of the Windows family replace the W32Time hour service. Tsya service is recognized for synchronization to the hour at the borders of the organization. W32Time works for both the client and server parts of the service for an hour, and the same computer can be an NTP client and server at the same time (NTP - Network Time Protocol).
For the promotion, the hour service in Windows has been set up with the following rank:
Once the Windows operating system is installed, it starts the NTP client, which is synchronized at the appropriate time;
When adding a computer to the domain, the synchronization type is changed. All client computers and rows of servers in the domain have to be synchronized with the domain controller, which checks the correctness;
When a member server is promoted to a domain controller, an NTP server is launched on a new one, which is like a time-consuming controller for participation PDC-emulator;
PDC-emulator, distribution at the root domain lіsu, є the main server for the organization. At the same time, the wine itself is also synchronized with the old hour.
Such a scheme works for most people and does not require involvement. However, the structure of the service in Windows may not be recognized by the domain hierarchy and may be recognized as the most recent time of the computer.
As an example, we can set up an NTP server in Windows Server 2008 R2, by analogy, you can set up an NTP server in Windows 7.
Starting the NTP server
Clock service on Windows Server does not have a graphical interface and can be configured either from the command line, or by way of direct modification of the system registry. Let's look at another way:
It is necessary to start the NTP server. Open the registry key:
HKLM\System\CurrentControlSet\services\W32Time\TimeProviders\NtpServer.
To enable the NTP server, the Enabled parameter needs to be set to 1. Then we restart the service with the command net stop w32time && net start w32time.
After restarting the NTP service, the server is already active and can serve clients. You can switch to cioma with the help of the w32tm/query/configuration command. This command displays the full list of service parameters. As soon as NtpServer has set up the Enabled:1 row, then everything is safe, the server works for an hour.
In order for an NTP server to be able to serve clients, the firewall needs to open UDP port 123 for incoming and outgoing traffic.
Basic NTP server setup
Open the registry key:
HKLM\System\CurrentControlSet\services\W32Time\Parameters.
NoSync - NTP server is not synchronized at any time. The system calendar is written, inserted into the CMOS chip of the server itself (for example, this calendar can be synchronized with the NMEA device via RS-232);
NTP - the NTP server is synchronized with the outgoing servers for the hour, as specified in the NtpServer registry parameter;
NT5DS - NTP server zdіysnyuє zgіznіzіyu zgіdnou ієєєєrіhієyu;
AllSync - NTP server wins for synchronization of all available devices.
The value for the lock for the computer to enter to the domain is NT5DS, for the hosted computer - NTP.
The NtpServer parameter specifies NTP servers, from which to synchronize the clock data of the server. At the request of some settings, the Microsoft NTP server (time.windows.com, 0×1), for the consumer, can add more NTP servers, entering their DNS names or IP addresses through a space. For example, you can add a flag (for example, 0×1) which determines the synchronization mode with the server to the hour.
The following values are allowed for the mode:
SpecialPollInterval, which is in the registry:
HKLM\System\CurrentControlSet\services\W32Time\TimeProviders\NtpClient.
Vin is set in seconds and for locking, its value is 604 800, which becomes 1 day. Tse already rich, that Varto change the value of SpecialPollInterval to a reasonable value - 1 year (3600).
After installation, it is necessary to update the configuration of the service. You can do this with the w32tm/config/update command.
І more commands for setting up, monitoring and diagnostics of the service:
w32tm /monitor – for additional options, you can find out if the system hour of a given computer is checked by the hour on the domain controller or on other computers. For example: w32tm /monitor/computers:time.nist.gov
w32tm / resync - for additional help of the command, you can set the computer to synchronize with the server at the hour that it is victorious.
w32tm /stripchart – shows the difference between the hour and the exact date on the remote computer. Team w32tm /stripchart /computer:time.nist.gov /samples:5 /dataonly split 5 pairs from the designated dzherel and see the result in the text view.
w32tm /config - This is the main command that is used to set up the NTP service. For help, you can set a list of servers per hour, the type of synchronization, and much more. For example, you can recalculate the value for the promotion and set the synchronization time with the current clock, you can use the command w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov /update
w32tm /query - Show service settings inline. For example, the command w32tm /query /source will show more timely, and w32tm /query /configuration will show all the parameters of the service.
net stop w32time - Starts the service for the hour as it is running.
w32tm /unregister - unregister the hour service from the computer.
w32tm /register - registers the hour service on the computer. With this, all the parameters in the registry are created anew.
net start w32time - starts the service.
Features marked Windows 7 - the service does not start automatically for an hour when Windows starts. Fixed in SP1 for Windows 7.