A. \[Editor’s Note: Matthew Ellis submitted the registry entries that I list in the table in this FAQ.\]
Windows 2000 Kerberos authentication protocol relies heavily on domain controllers (DCs) having a common time. Therefore, Win2K ships with Windows Time Service (W32Time), which takes a hierarchical approach to assigning time, as the following bulleted items show:
- All client desktops and member servers use their authenticating DCs as the inbound time partner.
- All DCs in a domain use the PDC Flexible Single-Master Operation (FSMO) as the in-bound time partner.
- PDC FSMOs use the domain hierarchy to pick their in-bound time partner.
The PDC FSMO becomes the authoritative time source for the enterprise, and you should, therefore, configure the PDC FSMO to gather the time from an external source. Until you complete this task, Event Log events will state that W32Time isn’t configured.
To configure Win2K to use an external time server, use the command:
C:\> net time /setsntp:184.108.40.206
You can use several external time servers that are based at the US Naval Observatory, including the following examples:
- ntp2.usno.navy.mil - 220.127.116.11
- tick.usno.navy.mil - 18.104.22.168
- tock.usno.navy.mil - 22.214.171.124
However, don’t talk directly to the Navy Network Time Protocol (NTP) servers unless the domain administrator needs to operate a stratum-2 server (and will open it to a large community of users). Domain administrators shouldn’t hit directly on tick.usno.navy.mil, tock.usno.navy.mil, or ntp2.usno.navy.mil. Instead, they should use their ISP’s NTP server (they should have one), unless they have unusual requirements for precision.
Please read http://www.eecis.udel.edu/~ntp/ntpfaq/NTP-s-config.htm#Q-CLIENT-ETIQUETTE before you use the NTP service in Win2K.
When you perform the /setsntp command, it updates registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\ntpserver. Simple Network Time Protocol (SNTP) uses UDP port 123, so you need to ensure that proxy servers or firewalls don’t block this port.
For more information, see ftp://ftp.microsoft.com/ResKit/y2kfix/x86/w32time/w32time.doc to see the w32time.doc file. Although the developers wrote this file for Windows NT 4.0’s w32time program, not for Win2K’s W32Time, the file is still worth reading. You should also read the Microsoft article “Basic Operation of the Windows Time Service” ( http://support.microsoft.com/support/kb/articles/Q224/7/99.ASP).
I’ve listed some of the other registry parameters for W32Time below.
|LocalNTP (REG_DWORD)||According to w32time.doc, setting this value to 1 (W32Time uses an .ini file and sets the value to yes) sets up the local machine as an SNTP server.|
|Log (REG_DWORD)||Setting this value to 1 gets W32Time to write to the System Log when the time is synchronized. The default value is 0.|
|NTPServer (REG_SZ)||This registry parameter is the (S)NTP server to get the time from. You can use the command |
|Period (REG_SZ)||See w32time.doc and the Microsoft article that I noted above.|
|PrimarySource (REG_SZ)||This registry entry lists the NetBIOS names of all the network Master Time Servers. You must prefix each name with two backslashes (\\) and separate names by semicolons (;).|
|RandomPrimary (Unknown type, probably a REG_DWORD)||This registry entry selects a random primary server from the PrimarySource list.|
|ReliableTimeSource||This value is presumably REG_SZ, with the name of the RTS server.|
|SecondaryDomain (REG_SZ)||Setting this value tells a secondary machine which domain to broadcast its Time Request to. The w32time.doc file says that if you leave the entry blank, the secondary machine will query its domain for time information. This feature is very helpful in a master or multiple-master domain model in which network administrators don’t want to set up each domain with its own Primary Time Server.|
|TAsync||See w32time.doc for a detailed explanation.|
|Type (REG_SZ)||NTP/PRIMARY/SECONDARY. See w32time.doc|