Monday, December 19, 2005
Windows domain time server (W32Time)
I'm not going to get into the full details of configuring a time server for your Windows 2000 or Windows 2003 domains, but the basic idea is that your PDC (Primary Domain Controller) at the root of your Active Directory forest should be synchronized with an external time source. Microsoft includes a service to do this called "Windows Time" (a.k.a. W32Time). It's not as nice as the official NTPD service that you can get from ntp.org, but it generally works.
By default, Windows client computers that are members of a domain should get their time from the domain controllers within the domain. So once you get the domain controllers keeping time properly you won't have to deal with bad time on the desktops.
Microsoft Articles:
Registry entries for the W32Time service
Basic Operation of the Windows Time Service
An extremely good page that shows you whether W32Time is configured properly to sync against an external server. The basic idea is that you stop the "Windows Time" service and the execute the following command at the prompt.
The key line in the above output is "Error -45702ms" which shows us how much the Windows server's clock is going to be adjusted by. You should also look in your System Log (filter for W32Time events) for messages after using the above command (or after stopping/starting the time service). Those messages in the system log will help you determine why you may not be able to synchronize to an external time server (via 123/udp).
In my opinion, W32Time is "good enough" for most purposes. At least for small offices or home networks. If you're going to be dealing with more then a dozen servers or 50 workstations, then you should definitely look into setting up a real "ntpd" server. (In reality, you should have at least 4 ntpd servers in your infrastructure so that they can keep an eye on each other and alert you to ntpd servers that are not keeping time properly.)
Here's my previous posting dealing with time issues: NTP daemons for Gentoo
By default, Windows client computers that are members of a domain should get their time from the domain controllers within the domain. So once you get the domain controllers keeping time properly you won't have to deal with bad time on the desktops.
Microsoft Articles:
Registry entries for the W32Time service
Basic Operation of the Windows Time Service
An extremely good page that shows you whether W32Time is configured properly to sync against an external server. The basic idea is that you stop the "Windows Time" service and the execute the following command at the prompt.
w32tm -once
... (content snipped for brevity) ...
W32Time: BEGIN:TimeSync
W32Time: BEGIN:FGetType
W32Time: END Line 254
W32Time: BEGIN:FDoTimeNTPType
W32Time: BEGIN:ChooseNTPServer
W32Time: END Line 2178
W32Time: BEGIN:GetSocketForSynch
W32Time: NTP: ntpptrs[0] - US.POOL.NTP.ORG
W32Time: rgbNTPServer US.POOL.NTP.ORG
W32Time: BEGIN:TsUpTheThread
W32Time: END Line 1407
W32Time: NTP(S): waiting for datagram...
W32Time: Port Pinging to - 123
W32Time: Connecting to "US.POOL.NTP.ORG" (216.52.237.152)
W32Time: END:Line 1170
W32Time: BEGIN:GetDefaultRid
W32Time: END Line 2359
W32Time: BEGIN:ComputeDelay
W32Time: BEGIN:NTPTry -- init
W32Time: END Line 1683
W32Time: BEGIN:NTPTry -- try
W32Time: BEGIN:ComputeInterval
W32Time: END Line 2479
W32Time: Sending to server 48 bytes...
W32Time: Recv'ed from server 48 Bytes...
W32Time: END Line 1885
W32Time: BEGIN:NTPTry -- delay
W32Time: END Line 2012
W32Time: Round trip was 90ms
W32Time: BEGIN:NTPTry -- try
W32Time: BEGIN:ComputeInterval
W32Time: END Line 2479
W32Time: Sending to server 48 bytes...
W32Time: Recv'ed from server 48 Bytes...
W32Time: END Line 1885
W32Time: BEGIN:NTPTry -- delay
W32Time: END Line 2012
W32Time: Round trip was 90ms
W32Time: BEGIN:NTPTry -- gettime
W32Time: BEGIN:Fgmtimetonttime
W32Time: END Line 2563
W32Time: END Line 1998
W32Time: one-way delay is 45ms
W32Time: END Line 1645
W32Time: END Line 368
W32Time: BEGIN:TimeDiff
W32Time: ClockError --45702
W32Time: END Line 2542
W32Time: BEGIN:FCheckTimeSanity
W32Time: Adjusting time by 45702 ms. No eventlog messages since time diffe
rence is 0 <1 minute
W32Time: END Line 570
W32Time: BEGIN:SetTimeNow
W32Time: Time 12/20/2005 2:20:53:970
W32Time: *****SetSystemTime()*****
W32Time: END Line 1280
W32Time: Time was 20min 08.268s
W32Time: Time is 20min 53.970s
W32Time: Error -45702ms
W32Time: BEGIN:CheckLeapFlag
W32Time: END:Line 606
W32Time: BEGIN:ComputePostTimeData
W32Time: BEGIN:ComputeInterval
W32Time: END Line 2479
W32Time: BEGIN:ComputeSleepStuff
W32Time: Computed stagger is 0ms, bias is 0ms
W32Time: Time until next sync - 2699.960s
W32Time: END:Line 816
W32Time: END:Line 221
W32Time: END:Line 196
The key line in the above output is "Error -45702ms" which shows us how much the Windows server's clock is going to be adjusted by. You should also look in your System Log (filter for W32Time events) for messages after using the above command (or after stopping/starting the time service). Those messages in the system log will help you determine why you may not be able to synchronize to an external time server (via 123/udp).
In my opinion, W32Time is "good enough" for most purposes. At least for small offices or home networks. If you're going to be dealing with more then a dozen servers or 50 workstations, then you should definitely look into setting up a real "ntpd" server. (In reality, you should have at least 4 ntpd servers in your infrastructure so that they can keep an eye on each other and alert you to ntpd servers that are not keeping time properly.)
Here's my previous posting dealing with time issues: NTP daemons for Gentoo
Labels: NTP
Wednesday, November 23, 2005
NTP daemons for Gentoo
Looks like there are two basic choices (according to "emerge -s ntp"), ntp and openntpd.
I decided to go with OpenNTPD because it seemed to be smaller and less troublesome then the official NTP daemon. (As one of the lines on the OpenNTPD page says... I'm not after microsecond accuracy.)
If you want to use OpenNTPD, you should dig through the presentations / papers for a brief overview of the project (such as matching time against random servers).
Note that if you're in North America, you'll probably want to change the "servers" line in /etc/ntpd.conf. NTP.org has a list of server pools that you can pick from, divided by geography. I chose to use "north-america.pool.ntp.org" as my servers pool.
(I am still evaluating OpenNTPD... and I may switch over to the official NTP server instead.)
Useful links:
Gentoo Linux Localization Guide
Jeff McCoy | Time
Useful commands:
These commands should show you a hardware clock that matches either GMT (if you have things set to UTC) or your local timezone. I had a misconfigured hardware clock that was set to localtime, while my system was thinking it was UTC/GMT time.
Note that when you look at /var/log/messages, the OpenNTPD messages can be a bit confusing. You will see lines like:
What this actually means is that your clock is currently off by approximately 12 seconds. Eventually, OpenNTPD will adjust your clock to be as close as possible to the official time, but it won't make that adjustment suddenly (all at once). Instead, it will slowly reduce the error amount to the minimum possible for your system.
If you want your server to synchronize at a faster rate, you should manually set the time using the 'date' command to as close to proper time as you can. Otherwise, it may take a few days for OpenNTPD to finish synchronizing your machine's local clock.
You should also look up the "hwclock" command, especially the --hctosys and --systohc options. Also look at "nano -w /etc/conf.d/clock", you should probably set the CLOCK_SYSTOHC flag to "yes" so that your system time gets written to the hardware clock during shutdown.
* net-misc/ntp
Latest version available: 4.2.0.20040617-r3
Latest version installed: [ Not Installed ]
Size of downloaded files: 2,403 kB
Homepage: http://www.ntp.org/
Description: Network Time Protocol suite/programs
License: as-is
* net-misc/openntpd
Latest version available: 3.7_p1
Latest version installed: 3.7_p1
Size of downloaded files: 133 kB
Homepage: http://www.openntpd.org/
Description: Lightweight NTP server ported from OpenBSD
License: BSD
I decided to go with OpenNTPD because it seemed to be smaller and less troublesome then the official NTP daemon. (As one of the lines on the OpenNTPD page says... I'm not after microsecond accuracy.)
If you want to use OpenNTPD, you should dig through the presentations / papers for a brief overview of the project (such as matching time against random servers).
Note that if you're in North America, you'll probably want to change the "servers" line in /etc/ntpd.conf. NTP.org has a list of server pools that you can pick from, divided by geography. I chose to use "north-america.pool.ntp.org" as my servers pool.
(I am still evaluating OpenNTPD... and I may switch over to the official NTP server instead.)
Useful links:
Gentoo Linux Localization Guide
Jeff McCoy | Time
Useful commands:
# hwclock --show
# zdump GMT
# zdump EST5EDT
# dateThese commands should show you a hardware clock that matches either GMT (if you have things set to UTC) or your local timezone. I had a misconfigured hardware clock that was set to localtime, while my system was thinking it was UTC/GMT time.
Note that when you look at /var/log/messages, the OpenNTPD messages can be a bit confusing. You will see lines like:
Dec 19 21:33:10 localhost ntpd[5673]: adjusting local clock by -11.800044s
Dec 19 21:36:23 localhost ntpd[5673]: adjusting local clock by -11.691234s
Dec 19 21:39:36 localhost ntpd[5673]: adjusting local clock by -11.621488sWhat this actually means is that your clock is currently off by approximately 12 seconds. Eventually, OpenNTPD will adjust your clock to be as close as possible to the official time, but it won't make that adjustment suddenly (all at once). Instead, it will slowly reduce the error amount to the minimum possible for your system.
If you want your server to synchronize at a faster rate, you should manually set the time using the 'date' command to as close to proper time as you can. Otherwise, it may take a few days for OpenNTPD to finish synchronizing your machine's local clock.
You should also look up the "hwclock" command, especially the --hctosys and --systohc options. Also look at "nano -w /etc/conf.d/clock", you should probably set the CLOCK_SYSTOHC flag to "yes" so that your system time gets written to the hardware clock during shutdown.
Labels: NTP
Sections:
Recent posts:
Samba3: Upgrading to v3.2 on CentOS 5
LVM Maximum number of Physical Extents
Xen - Issues with Windows DomU client clocks
Update #1 to Current frustrations with Thunderbird...
Current frustrations with Thunderbird
Annual Index:
Monthly archives:
2003/04
2003/05
2003/06
2003/07
2003/08
2003/09
2003/10
2003/11
2003/12
2004/01
2004/02
2004/03
2004/04
2004/05
2004/06
2004/07
2004/08
2004/09
2004/10
2004/11
2004/12
2005/01
2005/02
2005/03
2005/04
2005/05
2005/06
2005/07
2005/08
2005/09
2005/10
2005/11
2005/12
2006/01
2006/02
2006/03
2006/04
2006/05
2006/06
2006/07
2006/08
2006/09
2006/10
2006/11
2006/12
2007/01
2007/02
2007/03
2007/04
2007/05
2007/06
2007/07
2007/08
2007/12
2008/01
2008/03
2008/04
2008/05
2008/06
2008/07
2008/08
2008/09
2008/10
2008/11
2008/12
2009/01
Copyright 2003-2006, Thomas G. Harold, All Rights Reserved
