I have a single-server Server 2008 R2 domain on which I need to configure NTP time synchronization. I haven't ever needed to do this before, but a third-party database is shared between workstation computers and mobile devices and accurate time is
critical. I have munged about and found several helpful articles on using Group Policy to get everything setup. It seemed reasonably straight-forward, but I'm not sure of my configuration and can't seem to confirm that the server/domain controller
is properly getting its time from the NTP server. I have confirmed that the network client computers are getting time from the server, but need to confirm that the server itself is correctly using the external NTP server.
I used Group Policy per the related docs I found. I configured 4 settings in Computer Configuration\Policies\Adminstrative Templates\System\Windows Time Service.
1. I enabled Global Configuration accepting all default settings
2. Under "Time Providers" I enabled NTP Server
3. Under "Time Providers" I enabled Windows NTP client
4. Under "Time Providers" I enabled "Configured Windows NTP Client" accepting all of the defaults, including using the time.windows.com,0x9 setting
I ran gpupdate to confirm that the settings had been merged into the Default Domain Policy, restarted the Windows Time Service and played around a bit with the w32tm executable.
Here's what I got ...
C:\Windows\system32>w32tm /query /source
Local CMOS Clock
C:\Windows\system32>w32tm /query /configuration
[Configuration]
EventLogFlags: 2 (Policy)
AnnounceFlags: 10 (Policy)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Policy)
MaxPollInterval: 10 (Policy)
MaxNegPhaseCorrection: 172800 (Policy)
MaxPosPhaseCorrection: 172800 (Policy)
MaxAllowedPhaseOffset: 300 (Policy)
FrequencyCorrectRate: 4 (Policy)
PollAdjustFactor: 5 (Policy)
LargePhaseOffset: 50000000 (Policy)
SpikeWatchPeriod: 900 (Policy)
LocalClockDispersion: 10 (Policy)
HoldPeriod: 5 (Policy)
PhaseCorrectRate: 1 (Policy)
UpdateInterval: 100 (Policy)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Policy)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Policy)
ResolvePeerBackoffMaxTimes: 7 (Policy)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 0 (Policy)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Policy)
Type: NT5DS (Policy)
NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
It seems strange to me that the time source is the local CMOS clock and not the NTP server, but perhaps it's the clock that gets updated by the NTP server and this is to be expected?
I also munged about the various w32tm command line options but nothing is jumping out at me to use for confirming my configuration. Any ideas on how to check/confirm my configuation? Did I do something wrong or skip something?
I did check the firewall settings and did not see any inbound outbound exceptions for the UDP Port 123. Do these need to manually configured?
Am I anywhere near close? What command-line options for w32tm.exe might I use to test/confirm settings?