User login
Navigation
Who's online
Shoutbox
Recent comments
- donie
38 weeks 6 days ago - Suhosin problem
42 weeks 3 days ago - Hey, it works! Thank you.
50 weeks 6 days ago
Recent Popular Post
- Installing, Configuring, and Securing Litespeed + PHP5 + Suhosin on FreeBSD 6.2 (6)
- How To Configure Apache2 VirtualHost in Ubuntu (6)
- How To Export .Cer To .PFX Certificate From Apache To IIS (5)
- How To Configure Logrotate Nginx Log in Freebsd and Linux (3)
- How To Create a Container/VPS Machine With OpenVZ Server (3)
Syndicate
How To Configure or Sync To Windows External Time Service
The Windows Time service (W32Time) is designed to maintain date and time synchronization for computers running Windows 2000XP/2003. The primary use for such time synchronization is to ensure the security of Kerberos authentication within an Active Directory environment. To prevent replay attacks, Kerberos tickets presented to domain controllers by clients are time-stamped. The authenticating domain controller checks to make sure the timestamp is unique and falls within an allowable skew before accepting the ticket and authenticating the client. To ensure this system works properly, both the client and the domain controller clocks must be loosely synchronized within the allowable skew, and W32Time ensures this is the case.
Start to modify windows registry.
Login into your windows server.
Click "Run"
Type "Regedit" without quote.
Click "HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type"
This registry entry determines which peers W32Time will accept synchronization from. Change this REG_SZ value from NT5DS to NTP so the PDC Emulator synchronizes from the list of reliable time servers specified in the NtpServer registry entry described below.
Click "HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags"
This registry entry controls whether the local computer is marked
as a reliable time server (which is only possible if the previous
registry entry is set to NTP as described above). Change this REG_DWORD value from 10 to 5 here.
Click"HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer"
This registry entry specifies a space-delimited list of stratum 1 time
servers from which the local computer can obtain reliable time stamps.
The list may consist of one or more DNS names or IP addresses (if DNS
names are used then you must append ,0x1 to the end of each DNS name).
For example, to synchronize the PDC Emulator in your forest root domain
with tock.usno.navy.mil, an open-access SNTP time server run by the United States Naval Observatory, change the value of the NtpServer registry entry from time.windows.com,0x1 to tock.usno.navy.mil,0x1 here. Alternatively, you can specify the IP address of this time server, which is 192.5.41.209 instead.
Now stop and restart the Windows Time service using the following commands:
C:\>net stop w32time
C:\>net start w32time
It may take an hour or so for the PDC Emulator to fully synchronize with the external time server because of the nature of the polling method W32Time uses. Depending on the latency of your Internet connection, the accuracy of the CMOS clock on your forest root PDC Emulator may be within a second or two of UTC. If you need more accurate time however, you can purchase a hardware time source like an atomic clock and connect it to your PDC emulator.
Alternatively, if you don’t want to wait for time convergence to occur between your stratum 2 time server (your forest root PDC Emulator) and the external stratum 1 time server, you can run the following command on your PDC Emulator:
c:\>w32tm /resync /rediscover
Delicious
Digg
StumbleUpon
Propeller
Reddit
Magnoliacom
Newsvine
Furl
Facebook
Google
Yahoo
Technorati
Icerocket
Post new comment