Skip to main content

NTP Server Setup

So some time back I was asked to set up an NTP (Network Time Protocol) server for a client. The particular environment only has a few servers that can access the internet, which were used primarily for WSUS, and the rest of the environment has internet access blocked. So, in this process I'll walk you through installing Meinberg NTP Software (check them out here) and then configuring the PDC's (Primary Domain Controller) registry to obtain time from the newly installed service. I know, I could just set a GPO to order all of the servers in the network to get time from the NTP server, but my goal in this was to limit traffic to the internet connected servers. What I found out is that by default all Windows systems get their time from the PDC by default and update at the time of login. By changing the PDC's registry this default configuration stays in place, and I don't have to wait for the GPO to update throughout the network...

Setup and Instillation

  • Create NTP service account in AD and take note of userID and password
  • On the chosen NTP server create a folder on the C:\ drive named "NTP Files" <this will be our instillation path
  • Download two files from http://www.minbergglobal.com/english/sw/ntp.htm
    • ntp-4.2.6@london-o-lpv-232-setup.exe
    • ntp-time-server-monitor-1.04.exe
  • Instill both files on the chosen NTP server but make sure to direct the instillation path to place the files in the "C:\NTP Files" folder
  • Specify NPT service account
  • Specify NTP Servers as follows:
    • server 0.us.pool.ntp.org
    • server 1.us.pool.ntp.org
    • server 2.us.pool.ntp.org
    • server 3.us.pool.ntp.org
Configuring the PDC

The first think you'll need to do is verify which server is the PDC. This is done by opening a command prompt on one of the DCs and issuing:
  • netdom /query fismo
Once you have verified the PDC, open an Administrative command prompt and issue the following commands:
  • net stop w32time
  • w32tm /config /syncfromflags:manual /manualpeerlist:<hostnameOfServer>
  • w32tm /config /reliable:yes
  • net start w32time
To check the NTP configuration issue command:
  • w32tm /query /configuration
To force the PDC to sync with the time server issue command:
  • w32tm /resync
Check the Event Viewer for any errors, and if this didn't work than you may need to manually edit the registry to point the PDC to the time server. Here's how to do that:
  1. Click Start, click Run, type regedit, then click OK
  2. Locate and select the following registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
  3. Select the NtpServer  key and in the Value data section add the host name of the server followed by 0x1
    1. EX: server.domain.local,0x1
  4. Open an Administrative command prompt and issue
    1. net stop w32time && net start w32time
Repeat these steps to configure the backup DC to obtain it's time manually from the PDC or the Time Server.

Be sure to get your Googleing experience on if you run into any issues. There is a lot of documentation out there for setting up time servers in Windows. This is just a quick and dirty compressed guide of what worked for me.
Labels:

Comments

Post a Comment

Popular posts from this blog

Using Python for GPG/PGP File Encryption - Part 1

So, this will be the start of a series that will build a python script for GPG/PGP file encryption. In this post, we'll look at installing gnupg for python and using python to setup the keystore, create a private key, exporting the associated public key, and importing a public key. Now everything done here can be done with simple gnupg commands, but learning how to do this with python will help in understanding the script we'll be building to complete file encryption. I will be covering non-python gnupg commands in a future post. Additionally, the folks at the python-gnupg site over at pythonhosted.org have done a really great job at documenting everything (link to their site at the bottom). The stuff I'll be going over will be more of a start-to-finish for anyone that may get lost in the muck of doing stuff with python. Full Disclosure #1: Any key identifier throughout the series of posts is FICTITIOUS and DOES NOT represent any real key, either associated with myself or...
1 comment
Read more

Windows Server 2008: Log on as batch job

From time to time, I have to set up some scheduled tasks that required a dedicated account to run. And when doing so, I'll usually forget that the dedicated account usually isn't given any more permissions than what it needs to complete the task at hand. So, after setting up the task, Windows will usually yell at me and say "The account needs batch job rights". So here's how to grant batch job permissions on your server. Go to your start menu, and start searching for Local Security Policy In the left pane of the MMC that opens up, expand Local Policies, and highlight User Rights Assignment. Now, in the left right pane, locate "Log on as a batch job" and double click it. In the properties window that opens up, add the user or group that needs this permission. I find that if you have multiple service accounts running different tasks on the same server, it's easier to just add a group verses the individual a...
Post a Comment
Read more

Using Python for GPG/PGP File Encryption - Part 2

Previously we looked at creating keys, importing public and private keys and the overall setup of gnupg with python. This time around, we're going to take a look at file encryption. Overall the file encryption process is fairly general/easy. But it lacks in the area of scaleablilty, ie to start, you'll only be encrypting one file at a time, which can be done outside of Python with ease. The idea of going over everything in Python, is that you can setup a script to encrypt multiple files in a folder (look for that in Part 3). Assumptions; you have python, and python-gnupg installed, and a public key from someone you want to encrypt and send files to imported to your keystore home (see Part 1 for more information here. Let's get started with Python file encryption. Start off by getting into your python shell, and enter the following: >>> import os >>> import gnupg >>> gpg_home = "/path/to/keyfile/.gnupg" >>> gpg = gnupg....
Post a Comment
Read more