{"id":1663,"date":"2016-01-20T12:28:20","date_gmt":"2016-01-20T17:28:20","guid":{"rendered":"http:\/\/swildow.darktech.org\/wp\/?p=1663"},"modified":"2016-01-20T12:28:20","modified_gmt":"2016-01-20T17:28:20","slug":"configuring-ntp-server-2012","status":"publish","type":"post","link":"https:\/\/www.wildow.com\/blog\/?p=1663","title":{"rendered":"Configuring NTP Server 2012"},"content":{"rendered":"

http:\/\/www.sysadminlab.net\/windows\/configuring-ntp-on-windows-server-2012<\/a><\/p>\n

This article explains how to configure NTP on Windows Server 2012. If you’re looking for Windows Server 2008 R2, see my article here<\/a>. Remember, that in a domain environment, time synchronization is taken care of but you should configure the PDC Emulator of a domain to sync externally since that is the server which decides what time it is!<\/p>\n

Are you looking how to configure NTP using GPO, please read my article on it here<\/a>.<\/p>\n

This is all you need if you want to keep it simple. Run using PowerShell as admin:<\/p>\n

w32tm \/config \/manualpeerlist:pool.ntp.org \/syncfromflags:MANUAL
\nStop-Service w32time
\nStart-Service w32time<\/p><\/blockquote>\n

If the machine is a VM inside Hyper-V, you have to\u00a0disable time sync<\/a>. Open VM settings -> Management -> Integration Services and uncheck Time Synchronization.<\/p>\n

That should be it!\u00a0<\/strong>Want to know more? Doesn’t work? Have you screwed up the config and want to start from the beginning? Keep on reading…<\/p>\n

W32tm<\/a>\u00a0is the command to use. Sure, there are articles out there mentioning “net time”, but you should not use that. Some other also mentions editing the registry directly, but as Microsoft mentions in the article:\u00a0It is recommended that you do not directly edit the registry unless there is no other alternative<\/em>. But if you really want to check the registry, it’s here:\u00a0HKLM\\System\\CurrentControlSet\\Services\\W32Time<\/strong>.<\/p>\n

Which NTP-server to use? Or several?<\/h3>\n

The pool.ntp.org is a round-robin<\/a>\u00a0of random selected NTP servers. As they say “This is usually good enough for end-users<\/em>“. But you might want to add several NTP-servers yourself for redundancy?<\/p>\n

w32tm \/config \/manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org” \/syncfromflags:MANUAL<\/p><\/blockquote>\n

Just keep adding them with a space in between them. Yes, I know some sites say you should separate them using comma but that doesn’t work. Also, I’ve experienced issues that it configures correctly, but still after restarting the service, it doesn’t work. I just needed to do the configuration again, and try once more. Also, remember that cut’n’paste from the web can sometimes screw up the ” character so write it manually instead of cut’n’paste to be sure.<\/p>\n

Don’t forget your firewall<\/h3>\n

If you got a firewall between your host and the Internet, it might drop udp\/123 which is the NTP protocol. This is how it looked in my Cisco ASA FW:<\/p>\n

\"\"<\/a><\/p>\n

So I created a rule to allow it and after that it worked.<\/p>\n

\"\"<\/a><\/p>\n

More info and debug logging<\/h3>\n

The following commands are quite useful which lists the current source, when it last sync’ed etc.<\/p>\n

w32tm \/query \/status<\/p><\/blockquote>\n

Eventually, when the server\u00a0can’t\u00a0get time from the NTP server it will add an event to the event log:<\/p>\n

Log Name: System
\nSource: Microsoft-Windows-Time-Service
\nEvent ID: 47
\nLevel: Warning
\nDescription: Time Provider NtpClient: No valid response has been received from manually configured peer pool.ntp.org after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.<\/em><\/p>\n

Otherwise, when it’s working, you will get:<\/p>\n

Log Name: System
\nSource: Microsoft-Windows-Time-Service
\nEvent ID: 35
\nLevel: Information
\nDescription: The time service is now synchronizing the system time with the time source pool.ntp.org (ntp.m|0x0|0.0.0.0:123->85.10.240.253:123).
\n<\/em><\/p>\n