Network time synchronization is an important part of network design and implementation. You need a time-synchronized network for healthy operation of network operating systems and applications; synchronization is critical for businesses that depend on a computer network. For example, many network directory services systems exchange information and synchronize changes in the directory services database according to time stamps. Groupware applications require accurate time for scheduling and collaboration. Without a time-synchronized network, time-sensitive systems and applications will not work correctly. In a Windows NT network, all NT servers and client workstations need to synchronize with a single, accurate, and standard time source.
Although Microsoft doesn't supply a built-in time service in NT, the Microsoft Windows NT Resource Kit CD-ROMs for NT 3.51 and 4.0 provide a TimeServ utility. TimeServ is an NT service that can synchronize the system time with a time source either on the network or from outside. Microsoft also provides a network command, NET TIME, that synchronizes a computer on a Microsoft network with network time. This article introduces the two Microsoft time synchronization utilities, outlines how to design a time-synchronized NT network, and guides you in configuring and implementing time synchronization.
Windows NT Time Service
TimeServ works with NT Server and NT Workstation 3.5, 3.51, and 4.0. Because TimeServ is an NT service, it runs in the background even when no one is logged on the system. TimeServ keeps an NT computer synchronized with standard time from a remote site or on the network. Components of time synchronization are standard time sources, master time servers, primary time servers, and secondary time servers.
A remote time service provider is a standard time source. Generally, it is a standard Greenwich Mean Time service provider, such as the National Institute of Standards and Technology (NIST) in Boulder, Colorado, or the US Naval Observatory (USNO) in Washington, D.C. You can obtain the standard time using a modem or the Internet.
An NT server or workstation is called a master time server if it obtains standard time from a remote standard time source or from a network time server that supports Network Time Protocol (NTP) on IP. The master time server then provides this standard time to the rest of the network. At least one master time server must be on a time-synchronized network. For redundancy, two or more master time servers can be on the same network. However, Microsoft recommends that all master time servers use the same standard time source.
An NT server or workstation is a primary time server if it obtains network time from a specific NT time server on the network. This server is generally a master time server or an NT time server that provides good time on the network. A server provides good time if its time drifts less than 0.5 second from system time. The time service records time drift in the Application log of the Events Viewer when the time service sets the system time to network time. If the time drifts more than 0.5 second, the server may need to obtain time more frequently. Any number of primary time servers can be on the network.
An NT server or workstation is a secondary time server if it obtains network time from a specific NT domain. This domain can be the same domain in which the secondary time server resides, or a different domain, if no time server is in the same domain. Typically, you configure at least one primary time server to be the time source that answers time requests from the secondary time server. In some cases, you can use a master time server or even a secondary time server as a time source, too, although a secondary time server is usually a client of a time source.
Multitiered Time Synchronization System
You can envision NT network time synchronization as a multitiered time synchronization system. A master time server at the top of the system obtains standard time from a remote standard time source and then provides this time to the entire network. Primary time servers in the middle of the system obtain network time from a master time server and then give this time to secondary time servers and client workstations. Secondary time servers and client workstations reside at the bottom of the system and get network time from a primary time server. Secondary time servers and client workstations are network time clients. Figure 1 shows this multitiered time synchronization system.
Microsoft Network Time Command
Another way to synchronize time on a network is with Microsoft's NET TIME network command. NET TIME is a DOS command for computers running NT, Windows 95, Windows for Workgroups, or DOS/Windows with Microsoft network client software. When you execute the NET TIME command, the workstation sets its system to network time by searching for a time source in the domain. If a time source is not present, the workstation will obtain time from a domain controller. For an NT computer, you can issue the command
NET TIME /DOMAIN:<domain_name> /SET /Y
to set the time to network time. For a non-NT computer, you can enter the command
NET TIME /WORKGROUP:<domain_name> /SET /Y
A computer can also synchronize its time with a specific computer if you enter the command
NET TIME \\<computer_name> /SET /Y
You must assign Change the system time to the user on the workstation so that NET TIME can work.
NET TIME works well for workstations when you add it to an NT domain logon script. When a workstation logs on to a domain, the workstation system time is set to the network time. TimeServ is a better utility for NT servers, because it runs in the background.
Designing a Time-Synchronized Network
Using these concepts, you can design your time-synchronized NT network. First, study the existing domain structure and physical layout of your network with these questions in mind: Where are the domains? Are they across a WAN link? How many servers are in a domain, and where are they? Which domains do workstations belong to? Then choose a standard time source and define a master time server, primary time servers, and secondary time servers on the network.
|TABLE 1: Standard Time Sources in TIMESERV.INI|
|Standard Time Source||Link|
|NISTACTS in Colorado (303-494- 4774)||Modem, Internet|
|USNO in Washington, D.C. (202- 653-0351)||Modem, Internet|
|NRC in Ottawa (613-745-3900)||Modem|
|BBC in UK (0891 516880)||Modem|
|Computime in Australia (61-03-9600-1641)||Modem|
|New Zealand (0900-45222)||Modem|
Knowing your NT network structure is important when you design an optimal time-synchronized network, because you want to balance the workload on existing and future servers and minimize the impact of time synchronization on network traffic, especially in a WAN environment. A good rule is to keep time acquisition as local as possible, both physically and logically. Physically local means the time source or server is geographically near; logically local means the time source or server is in the same domain or in one that is close.
You can choose a standard time source based on your location or preference. Table 1 lists the standard time sources. In the US, TimeServ supports only NIST and USNO, even though they are not the only time sources. You can contact a time source by modem, or if you have a stable Internet link, you can use it to save telephone charges to a remote time source. If you have a good NTP server on the network, your master time server can obtain network time from the NTP server if you specify NTP as the selected time source and give the NTP server name or IP address in the TimeServ initialization file.
For a small LAN without many servers and workstations in one NT domain, you might not need a primary time server. All secondary time servers and client workstations can obtain network time from one master time source. Figure 2 shows time synchronization in a single-domain network.
For an NT network with multiple domains, the model is the multitiered time synchronization system described earlier. A master time server can reside in corporate headquarters or the corporate MIS department for centralized administration. You can put one or more primary time servers in every domain. Adding this second layer of time servers reduces the workload of the master time server and reduces network traffic because only a limited number of primary time servers talk to the centralized master time server, which might not be in their local network. All remaining servers in every domain are secondary time servers that obtain network time locally from a primary time server in the same domain. Figure 3 shows time synchronization in a multidomain network.
For a very large multidomain network, you can further reduce network traffic if a primary time server in a domain requests the time from another primary time server in a nearby domain. For example, a network has master domains in Chicago, New York, and London. Each master domain has regional resource domains. A master time server is located in the corporate headquarters in Chicago. A primary time server is in each domain. To reduce traffic to the master time server in the headquarters, you can design the primary time server in a resource domain in Chicago, New York, and London to obtain time from the primary time server in its regional master domain. Figure 4 illustrates this process.
Configuring a Time Server
After you design the optimal time synchronization system for your network, you must configure each of your time servers by setting the configuration parameters in a TimeServ initialization file, timeserv.ini. Running the time service execution file, timeserv.exe, saves the settings to the system's Registry.
Listings 1, 2, and 3 show example configuration settings in timeserv.ini for a master time server using a modem, for a primary time server, and for a secondary time server, respectively. The settings answer the following questions:
1. What type is the time server?
The time server can be a master, primary, or secondary time server, as shown in the Type= statement in listings 1, 2, and 3. If a standard time source name, Internet, or NTP appears in the Type=statement, the server is a master time server.
2. With what time source is the time server synchronized?
If the time server to be configured is a master time server, you must select in timeserv.ini a standard time source such as NIST or USNO. If you use an Internet link to access NIST or USNO, you must check whether the source is blocked by a firewall. Try to PING tick.usno.navy.mil or Telnet 18.104.22.168.13. One or both should respond if you have proper Internet access via TCP/IP. If you use a modem to dial the source, you must choose the COM port of the modem, the modem speed, the modem command string, and the source's telephone number. Callout A in Listing 1 shows the steps for calling a time source using a modem. If you use an NTP time server, you need to know its host name or its IP address.
If the time server is a primary time server, you need to know the NT computer name of the master time server and of any other time servers. You enter these names in a source list in timeserv.ini. You can randomly choose the time server that the primary time server synchronizes with, or you can choose by top-down order from the source list. The PrimarySource= statement at A in Listing 2 illustrates the setting for a primary server to obtain the time from a master time server. This primary server can get the time from a master server or from another primary server. The RandomPrimary= statement at C in Listing 2 shows the setting for choosing a time source randomly from a source list of servers.
If the time server is a secondary time server, you need to know whether it obtains time from the same domain or a different, secondary domain. The SecondaryDomain= statement at A in Listing 3 shows a time source in a secondary domain.
3. How often do you want the time server to request the time?
By default, a master time server using a modem requests time once a day between 6:00 am and 6:30 am (to get a low phone rate). A time server using a network link checks every 8 to 12 hours. You can easily change this setting to many times daily by increasing the synchronization frequency in timeserv.ini.
For instance, if you want your time server to obtain time every hour, you can set the configuration Period=24 in timeserv.ini. The Period= statement in listings 1, 2, and 3 show example settings for synchronization frequency.
4. Is the time server a time source?
As defined earlier, a time source is a time server in a domain that responds to time requests from a secondary time server or a client workstation searching for network time from the domain. Configure a primary time server as a time source, as shown in the Timesource= statement at B in Listing 2. The servers in listings 1 and 3 are not time sources.
5. Do you want to track time service events in the application log?
Even though the default is Off, turning the log on is a good idea, at least on the master time server and the primary time servers. An On setting lets you track time service events in the application log of Events Viewer. With the log turned on, as it is in the Log= statement in all three listings, you can monitor whether the time service is working as you want it to. Also, you can add this event to a monitoring system to automatically notify you of problems that arise.
6. Do you want the TimeAdjustment API to disable CMOS synchronization?
By default, NT regularly synchronizes the OS time to the CMOS Request to Send (RTS) when the OS time differs from the CMOS time by more than one minute. The result can be a maximum 0.45 second time drift daily if you use the default period (Period=0) in timeserv.ini. Usually, the clock in a time server will be more precise and stable when you disable the OS synchronization feature by using Tasync=no in timeserv.ini, because the NT time service obtains accurate network time for the server. Leave the default as Tasync=no unless you find time drifting more with timeserv than before. The last line in each listing shows the OS synchronization feature disabled. For more detailed information, read the Microsoft document timeserv.wri on the Microsoft Windows NT Resource Kit CD-ROM.
Installing TimeServ is straightforward. Before you take the following steps to install it on an NT machine, check timeserv.exe, timeserv.dll, and timeserv.ini from the Microsoft Windows NT Resource Kit CD-ROM and verify that you have administrative privileges on the time server.
Copy files timeserv.exe and timeserv.dll to %systemroot%\system32 in the winnt directory, and copy file timeserv.ini to %systemroot%. Edit timeserv.ini for the time server as discussed in "Configuring a Time Server."
Run timeserv -automatic or timeserv -manual, depending on whether you want to start the time service automatically or manually the next time the server starts. If the time server is a time source (i.e., Timesource=yes in timeserv.ini), reboot the server so that the time source takes effect. Otherwise, use the command NET START TIMESERV to start the time service, or start it in the Services utility in the Control Panel.
You sometimes need to modify timeserv.ini after the time service has started. You must stop the time service, edit the file, execute timeserv -update, and restart the time service.
For a large network, Systems Management Server (SMS) lets you install the time service for each time server using Microsoft SMS. If you do not have SMS, you can use NT Scheduler to install the time service on a remote time server from your NT workstation. The Microsoft Windows NT Resource Kit CD-ROM provides a Windows-based scheduler, WINAT.EXE. You will find using WINAT.EXE much easier than the command-line version AT.EXE. For workstations, you can simply add your NET TIME commands to the domain logon script and synchronize your workstation to a domain or a computer, as described in "Microsoft Network Time Command."
In Sync with Success
Microsoft's time service, TimeServ, and network time command, NET TIME, are very useful for time synchronization in an NT network. Applying these two time utilities to your NT network will keep your servers and workstations synchronized to the standard time to enhance your success in systems management and mission-critical business applications. Microsoft time utilities can scale from a small LAN with a single domain to a large WAN with multiple domains across time zones.