Jun 3, 2014

How to change net time servers in Windows

Accurate time settings in Windows is crucial, especially if one is using Kerberos for authentication. This is because Kerberos relies on time stamps as a part of its security token mechanism. As long as all of your clients and servers are synching time, then Kerberos will work pretty well. But what if you also want your clocks to maintain accuracy? Like, atomic clock accuracy?

I had a user in one of our remote offices complain that her workstation clock was three minutes off of her digital atomic clock that she always uses. I looked at the time on my workstation and noticed the same thing. I decided to see what time servers our Domain Controllers were syncing to. Can you take a guess? That's right, they were set to sync with time.microsoft.com. I wanted to change the time servers to a more accurate group, so I decided on using the time servers at ntp.org. According to many websites I have visited, the NTP.org servers are more accurate, and more reliable that the Microsoft time server (Can anyone substantiate that for me?).

synchronize watchesWant to know what I did to set the ntp servers as the default time servers? Simple, from the command line I ran the following command:

net time /setsntp:"0.us.pool.ntp.org 1.us.pool.ntp.org 2.uspool.ntp.org"
NOTE: For Windows 2008 R2 you have to run the following command:
w32tm /config /syncfromflags:manual /manualpeerlist:0.us.pool.ntp.org,1.us.pool.ntp.org,2.us.pool.ntp.org

This set the server to use the following time servers in a round robin format:
After that I restarted my w32time services to make the changes active right away:
net stop w32time
net start w32time
After the services came back up, the last thing I wanted to do was to force synchronization with the new time servers, so I ran the following command:
w32tm /resync /rediscover
BAM! Time was correct again! Now by default in a Windows 2003 domain environment all clients and member servers are supposed to automatically sync with the primary domain controller. That is good news for you, because you only have to make this change on your primary DC.

If you don't want to use the NTP.org servers, here is a list of other time servers provided by NIST.gov: (List of time servers)

Do you have anything else to add to the NTP discussion? Please make your voice heard in the comments!

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam