Windows sync ntp time

The default value for domain members is 30, The default value for stand-alone clients and servers is , Note Zero is not a valid value for the UpdateInterval registry entry. The default value on stand-alone clients and servers is 1. The default value on stand-alone clients and servers is 0x1. The NtpServer is a time server that responds to client time requests on the network by returning time samples that are useful for synchronizing the local clock.

LargeSampleSkew All versions Specifies the large sample skew for logging, in seconds. Events will be logged for this setting only when EventLogFlags is explicitly configured for 0x2 large sample skew. The default value on domain members is 3. The default value on stand-alone clients and servers is 3.

ResolvePeerBackOffMaxTimes All versions Specifies the maximum number of times to double the wait interval when repeated attempts to locate a peer to synchronize with fail. A value of zero means that the wait interval is always the minimum.

The default value on domain members is 7. ResolvePeerBackoffMinutes All versions Specifies the initial interval to wait, in minutes, before attempting to locate a peer to synchronize with. SpecialPollInterval All versions Specifies the special poll interval, in seconds, for manual peers. When the SpecialInterval 0x1 flag is enabled, W32Time uses this poll interval instead of a poll interval determined by the operating system.

The default value on domain members is 3, The default value on stand-alone clients and servers is , It contains reserved data that is used by the Windows operating system. It specifies the time, in seconds, before W32Time will resynchronize after the computer has restarted.

Any changes to this setting can cause unpredictable results. The default value on both domain members and on stand-alone clients and servers is left blank. The following registry entries are not a part of the W32Time default configuration but can be added to the registry to obtain enhanced logging capabilities. By default, the Windows Time service logs an event every time that it switches to a new time source.

These are the global Group Policy settings and default values for the Windows Time service. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info.

Contents Exit focus mode. Is this page helpful? Please rate your experience Yes No. Any additional feedback? Caution Don't use the Net time command to configure or set a computer's clock time when the Windows Time service is running. Note If you have a computer with multiple network adapters is multi-homed , you cannot enable the Windows Time service based on a network adapter. Important Windows Server has improved the time synchronization algorithms to align with RFC specifications.

Note In this case, if you want to set the clock back slowly, you would also have to adjust the values of PhaseCorrectRate or UpdateInterval in the registry to make sure that the equation result is TRUE. Note When you remove a Group Policy setting, Windows removes the corresponding entry from the policy area of the registry. Warning This information is provided as a reference for use in troubleshooting and validation. Note Some of the parameters in the registry are measured in clock ticks and some are measured in seconds.

Ticks Property. Submit and view feedback for This product This page. View all page feedback. In this article. Registers the Windows Time service to run as a service and adds its default configuration information to the registry. Unregisters the Windows Time service and removes all of its configuration information from the registry.

Monitors the Windows Time service. Converts a Windows NT system time measured in 10 -7 -second intervals starting from 0h 1-Jan into a readable format. Converts an NTP time measured in 2 -second intervals starting from 0h 1-Jan into a readable format.

Tells a computer that it should resynchronize its clock as soon as possible, throwing out all accumulated error statistics. Displays a strip chart of the offset between this computer and another computer. Displays the values associated with a given registry key. Displays the computer's Windows Time service information. Enables or disables the local computer Windows Time service private log.

Controls whether this computer is marked as a reliable time server. A computer is not marked as reliable unless it is also marked as a time server.

Not a time server 0x Always time server 0x Automatic time server 0x Always-reliable time server 0x Automatic reliable time server The default value for domain members is Controls whether or not the chaining mechanism is disabled.

If chaining is disabled set to 0 , a read-only domain controller RODC can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. Specifies the maximum amount of time that an entry can remain in the chaining table before the entry is considered to be expired.

Expired entries may be removed when the next request or response is processed. The default value is 16 seconds. Controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. The default is 30 minutes. Controls the maximum number of entries that are allowed in the chaining table.

If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. The default value is entries. Controls the maximum number of entries that are allowed in the chaining table for a particular host. The default value is 4 entries. Specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target computer. The default value is parts per million - PPM. Indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source.

If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7, seconds. Controls which events that the time service logs. Time jump 0x2. Source change The default value on domain members is 2.

The default value on stand-alone clients and servers is 2. Controls the rate at which the clock is corrected. If this value is too small, the clock is unstable and overcorrects. If the value is too large, the clock takes a long time to synchronize. These are the preferred time providers because they are automatically available, secure sources of time. Within an AD DS forest, the Windows Time service relies on standard domain security features to enforce the authentication of time data.

The security of NTP packets that are sent between a domain member computer and a local domain controller that is acting as a time server is based on shared key authentication. The Windows Time service uses the computer's Kerberos session key to create authenticated signatures on NTP packets that are sent across the network.

NTP packets are not transmitted inside the Net Logon secure channel. Instead, when a computer requests the time from a domain controller in the domain hierarchy, the Windows Time service requires that the time be authenticated.

The domain controller then returns the required information in the form of a bit value that has been authenticated with the session key from the Net Logon service. If the returned NTP packet is not signed with the computer's session key or is signed incorrectly, the time is rejected. All such authentication failures are logged in the Event Log.

Generally, Windows time clients automatically obtain accurate time for synchronization from domain controllers in the same domain. In a forest, the domain controllers of a child domain synchronize time with domain controllers in their parent domains.

When a time server returns an authenticated NTP packet to a client that requests the time, the packet is signed by means of a Kerberos session key defined by an interdomain trust account. The interdomain trust account is created when a new AD DS domain joins a forest, and the Net Logon service manages the session key. In this way, the domain controller that is configured as reliable in the forest root domain becomes the authenticated time source for all of the domain controllers in both the parent and child domains, and indirectly for all computers located in the domain tree.

The Windows Time service can be configured to work between forests, but it is important to note that this configuration is not secure. For example, an NTP server might be available in a different forest. However, because that computer is in a different forest, there is no Kerberos session key with which to sign and authenticate NTP packets.

To obtain accurate time synchronization from a computer in a different forest, the client needs network access to that computer and the time service must be configured to use a specific time source located in the other forest. If a client is manually configured to access time from an NTP server outside of its own domain hierarchy, the NTP packets sent between the client and the time server are not authenticated, and therefore are not secure.

Even with the implementation of forest trusts, the Windows Time service is not secure across forests. Although the Net Logon secure channel is the authentication mechanism for the Windows Time service, authentication across forests is not supported.

Hardware-based clocks such as GPS or radio clocks are often used as highly accurate reference clock devices. By default, the Windows Time service NTP time provider does not support the direct connection of a hardware device to a computer, although it is possible to create a software-based independent time provider that supports this type of connection.

This type of provider, in conjunction with the Windows Time service, can provide a reliable, stable time reference. Hardware devices, such as a cesium clock or a Global Positioning System GPS receiver, provide accurate current time by following a standard to obtain an accurate definition of time. Cesium clocks are extremely stable and are unaffected by factors such as temperature, pressure, or humidity, but are also very expensive.

A GPS receiver is much less expensive to operate and is also an accurate reference clock. GPS receivers obtain their time from satellites that obtain their time from a cesium clock. Without the use of an independent time provider, Windows time servers can acquire their time by connecting to an external NTP server, which is connected to a hardware device by means of a telephone or the Internet. Organizations such as the United States Naval Observatory provide NTP servers that are connected to extremely reliable reference clocks.

You can configure your AD DS forest to synchronize time from these external hardware devices only if they are also acting as NTP servers on your network.

To do so, configure the domain controller functioning as the primary domain controller PDC emulator in your forest root to synchronize with the NTP server provided by the GPS device.

The primary difference between the two is that SNTP does not have the error management and complex filtering systems that NTP provides. The time service in Windows NT Server 4. For example, if your domain is configured to synchronize time by using the domain hierarchy-based method of synchronization and you want computers in the domain hierarchy to synchronize time with a Windows NT 4.

Windows NT 4. Therefore, to ensure accurate time synchronization across your network, it is recommended that you upgrade any Windows NT 4. The Windows Time service is designed to synchronize the clocks of computers on a network. The network time synchronization process, also called time convergence, occurs throughout a network as each computer accesses time from a more accurate time server.

Time convergence involves a process by which an authoritative server provides the current time to client computers in the form of NTP packets. The information provided within a packet indicates whether an adjustment needs to be made to the computer's current clock time so that it is synchronized with the more accurate server. As part of the time convergence process, domain members attempt to synchronize time with any domain controller located in the same domain.

If the computer is a domain controller, it attempts to synchronize with a more authoritative domain controller. Computers running Windows XP Home Edition or computers that are not joined to a domain do not attempt to synchronize with the domain hierarchy, but are configured by default to obtain time from time. To establish a computer running Windows Server as authoritative, the computer must be configured to be a reliable time source. By default, the first domain controller that is installed on a Windows Server domain is automatically configured to be a reliable time source.

Because it is the authoritative computer for the domain, it must be configured to synchronize with an external time source rather than with the domain hierarchy.

Also by default, all other Windows Server domain members are configured to synchronize with the domain hierarchy. After you have established a Windows Server network, you can configure the Windows Time service to use one of the following options for synchronization:. Synchronization that is based on a domain hierarchy uses the AD DS domain hierarchy to find a reliable source with which to synchronize time.

Based on domain hierarchy, the Windows Time service determines the accuracy of each time server. In a Windows Server forest, the computer that holds the primary domain controller PDC emulator operations master role, located in the forest root domain, holds the position of best time source, unless another reliable time source has been configured.

The following figure illustrates a path of time synchronization between computers in a domain hierarchy. A computer that is configured to be a reliable time source is identified as the root of the time service. The root of the time service is the authoritative server for the domain and typically is configured to retrieve time from an external NTP server or hardware device. A time server can be configured as a reliable time source to optimize how time is transferred throughout the domain hierarchy.

If a domain controller is configured to be a reliable time source, Net Logon service announces that domain controller as a reliable time source when it logs on to the network.

When other domain controllers look for a time source to synchronize with, they choose a reliable source first if one is available. A cycle in the synchronization network occurs when time remains consistent between a group of domain controllers and the same time is shared between them continuously without a resynchronization with another reliable time source.

The Windows Time service's time source selection algorithm is designed to protect against these types of problems. An example of this technology is GPS receiver, which obtains time from satellites. Specific NTP servers are synchronized to a given reference clock. They are manually configurable and they will send time to harmonized devices using broadcast addresses. It comes as free NTP server software that is efficient both in small and large organizations.

You will install this app with corresponding executable programs. Network time system operates with SNTP server software products. It features server architecture allowing you to create diverse servers that can host thousands of clients.

It prides in administrative control, network-wide deployment, a powerful license manager, and multi-protocol support. It also offers test services to these servers. Thus, after completion of tasks, it sends a report of its findings. Note that you can customize it to send a given number of requests within specified time schedules.

This tool comes with full technical support, cheat sheets and manuals to guide you on how to use it. Note that this driver is essential in plug-in radio timers.

This is because of their serial interface that favors NTP server software products.