Skip to main content

NTP Server Setup

So some time back I was asked to set up an NTP (Network Time Protocol) server for a client. The particular environment only has a few servers that can access the internet, which were used primarily for WSUS, and the rest of the environment has internet access blocked. So, in this process I'll walk you through installing Meinberg NTP Software (check them out here) and then configuring the PDC's (Primary Domain Controller) registry to obtain time from the newly installed service. I know, I could just set a GPO to order all of the servers in the network to get time from the NTP server, but my goal in this was to limit traffic to the internet connected servers. What I found out is that by default all Windows systems get their time from the PDC by default and update at the time of login. By changing the PDC's registry this default configuration stays in place, and I don't have to wait for the GPO to update throughout the network...

Setup and Instillation

  • Create NTP service account in AD and take note of userID and password
  • On the chosen NTP server create a folder on the C:\ drive named "NTP Files" <this will be our instillation path
  • Download two files from http://www.minbergglobal.com/english/sw/ntp.htm
    • ntp-4.2.6@london-o-lpv-232-setup.exe
    • ntp-time-server-monitor-1.04.exe
  • Instill both files on the chosen NTP server but make sure to direct the instillation path to place the files in the "C:\NTP Files" folder
  • Specify NPT service account
  • Specify NTP Servers as follows:
    • server 0.us.pool.ntp.org
    • server 1.us.pool.ntp.org
    • server 2.us.pool.ntp.org
    • server 3.us.pool.ntp.org
Configuring the PDC

The first think you'll need to do is verify which server is the PDC. This is done by opening a command prompt on one of the DCs and issuing:
  • netdom /query fismo
Once you have verified the PDC, open an Administrative command prompt and issue the following commands:
  • net stop w32time
  • w32tm /config /syncfromflags:manual /manualpeerlist:<hostnameOfServer>
  • w32tm /config /reliable:yes
  • net start w32time
To check the NTP configuration issue command:
  • w32tm /query /configuration
To force the PDC to sync with the time server issue command:
  • w32tm /resync
Check the Event Viewer for any errors, and if this didn't work than you may need to manually edit the registry to point the PDC to the time server. Here's how to do that:
  1. Click Start, click Run, type regedit, then click OK
  2. Locate and select the following registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
  3. Select the NtpServer  key and in the Value data section add the host name of the server followed by 0x1
    1. EX: server.domain.local,0x1
  4. Open an Administrative command prompt and issue
    1. net stop w32time && net start w32time
Repeat these steps to configure the backup DC to obtain it's time manually from the PDC or the Time Server.

Be sure to get your Googleing experience on if you run into any issues. There is a lot of documentation out there for setting up time servers in Windows. This is just a quick and dirty compressed guide of what worked for me.
Labels:

Comments

Post a Comment

Popular posts from this blog

Visio Stencils Pack for Azure and Microsoft Integration (v5.0.0)

First off, I'd like to send a big shout out to Sandro Pereira who's been managing the vision stencils pack. Essentially, I'm re-posting his information here, because I had a really hard time finding the latest Visio pack for Azure, that wasn't a bunch of SVG's. My thought is that if more people re-post, maybe the search engines of the internet will have an easier time propagating the information... Sandero's Blog (the original post around the new stencils): https://blog.sandro-pereira.com/2019/10/18/microsoft-integration-and-azure-stencils-pack-for-visio-new-major-version-available-v5-0-0/ Sandero's GitHub: https://github.com/sandroasp/Microsoft-Integration-and-Azure-Stencils-Pack-for-Visio Microsoft TechNet Download: https://gallery.technet.microsoft.com/Collection-of-Integration-e6a3f4d0 I will say, and maybe it's just because I'm using Visio 2013, each icon has a boarder that needs to be removed when putting it on the page... Likely it...
Post a Comment
Read more

Keto Kickin' Choffle

Alight, first recipe on the blog... If you've had a chance to reach the "About" section, you will have seen that, rather than spinning up multiple blogs, I'm just going to combine my passions for tech, food, health, and music into this one space. If you're not a fan, then too bad. I really just don't want to manage more than one blog.... With that, here goes nothing... So I recently came across the choffle. This is a really great, and fast to make replacement for buns. I'm also a huge fan of spicy foods. Well, I got the great idea to combine the heat with the choffle. And let me tell you, it turned out really good. I like to use this for a bun replacement when I'm in the mood for that extra kick, but not the extra toppings. Why? Because the extra toppings are now combined in the choffle. Thus removing the need for the additional toppings on my burgers. Enjoy. Kickin' choffle The choffle mix with a kick! Author: Larry L. Preparation Time: 3...
Post a Comment
Read more

Replacing rsyslog with syslog-ng on RHEL 6.5

So...I had a piece of monitoring software that didn't play nice with the RHEL default rsyslog for log collection. The software was developed to only work with syslog-ng. I'll be going over the steps that I took, that worked for me, in replacing rsyslog with syslog-ng. I would imagine that these same steps should work for any Linux system similar to RHEL (Fedora, CentOS, etc.). For others (like Debein based distributions), I would need to look into that (coming in a future update to this post). First, remove rsyslog. You will need to keep the dependencies as they will be needed for syslog-ng: sudo rpm -e --nodeps rsyslog Next we will need to add the EPEL repository (more info can be found HERE ): wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm sudo rpm -ivh epel-release-6-8.rpm sudo yum repolist That last command will list all the installed repositories. You are simply verifying that the EPEL package has been installed. Now that we fi...
1 comment
Read more