NTP stands for Network Time Protocol. It’s used to synchronize the time between computers. The following article tells you how to configure NTP on Windows 2008 R2. Typically, you’re going to want to make your Windows 2008 R2 domain controller the NTP server and have all the clients use it to get their time. Be careful that if your servers are virtualized, they will be getting their time forced upon them by the hypervisor, so that will need to be stopped.
Stop Guests From Getting Time From The Hypervisor
There are two ways to do this, you can change the settings on the VM so that the guest doesn’t get the time from the hypervisor or you can do my preferred way which is to configure the hypervisor to use Windows 2008 R2 as the NTP server. I prefer to do this rather than updating the guests because:
- It provides an extra layer of protection if NTP settings are not working, which helps computers have the same time configuration.
- If new VM guests are added and the setting is not updated, there’s no chance of the hypervisor fighting the NTP server to apply it’s time to the guest.
How To Clear NTP Configuration
The next thing to do is to clear up any previous attempts to configure NTP using these commands on your soon-to-be Windows 2008 R2 NTP server:
net stop w32time
Once your NTP configuration has been cleared up, you can then configure your Windows 2008 R2 server to be an NTP server.
Configuring Windows 2008 R2 as an NTP Server
You’re probably going to want to configure your domain controller to be the NTP server. Why? Because Kerberos requires authenticating clients to have the same time as the authenticating domain controller, so it makes sense to have the domain controller as the NTP server so it is in control over what the correct time is. To configure Windows 2008 R2 as an NTP server, run these commands:
w32tm /config /manualpeerlist:pool.ntp.org,0×8 /syncfromflags:MANUAL
net stop w32time
net start w32time
The first command configures the server as an NTP client to pool.ntp.org, sending the request in client mode. If you don’t want to connect as client mode, here are the alternative settings:
0×01 – use special poll interval SpecialInterval
0×02 – UseAsFallbackOnly
0×04 – send request as SymmetricActive mode
0×08 – send request as Client mode
I usually like to set any redundant domain controllers up in the same way, but pointing to the primary domain controller as the NTP server instead of pool.ntp.org.
pool.ntp.org is a round-robin group of NTP servers, but if you want to set your own pool up you can do this either in DNS or preferably by putting the manualpeerlist in quotes and seperating muliple NTP server addresses with a space like this:
w32tm /config /manualpeerlist:”ntp1 ntp2″,0×8 /syncfromflags:MANUAL
Finally, ensure that NTP protocol is allowed on your firewall. NTP uses port 123.
You can confirm that NTP is working correctly by performing a manual sync with this command:
or determine the time of the last sync with this command:
w32tm /query /status
Finally, if you are still having trouble with NTP, you can enable debug logs with this command:
w32tm /debug /enable /file:C:\w32tmdebug.log /size:10485760 /entries:0-300
But don’t forget to disable logging when you’ve finished troubleshooting NTP. You can disable NTP logging with this command:
w32tm /debug /disable
Finally, if it’s still not working, you can start again and clear the NTP configuration with this command:
net stop w32time