KEMBAR78
How The Windows Time Service Works | PDF | Windows Registry | Group Policy
0% found this document useful (0 votes)
2K views43 pages

How The Windows Time Service Works

This topic explains only how the Windows Time service works. For information about how to configure Windows Time service, see the list of topics. The rest of this topic refers to AD DS, but the information is also applicable to AD.

Uploaded by

odanir
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
2K views43 pages

How The Windows Time Service Works

This topic explains only how the Windows Time service works. For information about how to configure Windows Time service, see the list of topics. The rest of this topic refers to AD DS, but the information is also applicable to AD.

Uploaded by

odanir
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 43

How the Windows Time Service Works Updated: March 12, 2010 Applies To: Windows SBS 2003,

Windows SBS 2008, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 Foundation, Windows Server 2008 R2, Windows Server 2008 R2 Foundation, Windows Server 7

In this section
y y y y

Windows Time Service Architecture Windows Time Service Time Protocols Windows Time Service Processes and Interactions Network Ports Used by Windows Time Service

Note This topic explains only how the Windows Time service (W32Time) works. For information about how to configure Windows Time service, see the list of topics in the section Where to Find Windows Time Service Configuration Information. Note In Windows Server 2003 and Microsoft Windows 2000 Server, the directory service is named Active Directory directory service. In Windows Server 2008 R2 and Windows Server 2008, the directory service is named Active Directory Domain Services (AD DS). The rest of this topic refers to AD DS, but the information is also applicable to Active Directory. Although the Windows Time service is not an exact implementation of the Network Time Protocol (NTP), it uses the complex suite of algorithms that is defined in the NTP specifications to ensure that clocks on computers throughout a network are as accurate as possible. Ideally, all computer clocks in an AD DS domain are synchronized with the time of an authoritative computer. Many factors can affect time synchronization on a network. The following factors often affect the accuracy of synchronization in AD DS:
y y y

Network conditions The accuracy of the computers hardware clock The amount of CPU and network resources available to the Windows Time service

Important The W32Time service is not a full-featured NTP solution that meets time-sensitive application needs and is not supported by Microsoft as such. For more information, see Microsoft Knowledge Base article 939322, Support boundary to configure the Windows Time service for high-accuracy environments

(http://go.microsoft.com/fwlink/?LinkID=179459). Computers that synchronize their time less frequently, such as computers running Windows XP Home Edition, computers with intermittent network connections, or computers that are not joined to a domain, are configured by default to synchronize with time.windows.com. Because they do not synchronize their clock frequently and because the factors that affect time accuracy may not be known, it is impossible to guarantee time accuracy on computers that have intermittent or no network connections. An AD DS forest has a predetermined time synchronization hierarchy. The Windows Time service synchronizes time between computers within the hierarchy, with the most accurate reference clocks at the top. If more than one time source is configured on a computer, Windows Time uses NTP algorithms to select the best time source from the configured sources based on the computers ability to synchronize with that time source. The Windows Time service does not support network synchronization from broadcast or multicast peers. For more information about these NTP features, see RFC 1305 in the IETF RFC Database. Every computer that is running the Windows Time service uses the service to maintain the most accurate time. In most cases, it is not necessary to configure the Windows Time service. Computers that are members of a domain act as a time client by default. In addition, the Windows Time service can be configured to request time from a designated reference time source, and can also be configured to provide time to clients. The degree to which a computers time is accurate is called a stratum. The most accurate time source on a network (such as a hardware clock) occupies the lowest stratum level, or stratum one. This accurate time source is called a reference clock. An NTP server that acquires its time directly from a reference clock occupies a stratum that is one level higher than that of the reference clock. Resources that acquire time from the NTP server are two steps away from the reference clock, and therefore occupy a stratum that is two higher than the most accurate time source, and so on. As a computers stratum number increases, the time on its system clock may become less accurate. Therefore, the stratum level of any computer is an indicator of how closely that computer is synchronized with the most accurate time source. When the W32Time Manager receives time samples, it uses special algorithms in NTP to determine which of the time samples is the most appropriate for use. The time service also uses another set of algorithms to determine which of the configured time sources is the most accurate. When the time service has determined which time sample is best, based on the above criteria, it adjusts the local clock rate to allow it to converge toward the correct time. If the time difference between the local clock and the selected accurate time sample (also called the time skew) is too large to correct by adjusting the local clock rate, the time service sets the local clock to the correct time. This adjustment of clock rate or direct clock time change is known as clock discipline.

Windows Time Service Architecture


The Windows Time service consists of the following components:
y

Service Control Manager

y y y

Windows Time Service Manager Clock Discipline Time providers

The following figure shows the architecture of the Windows Time service. Windows Time Service Architecture

The Service Control Manager is responsible for starting and stopping the Windows Time service. The Windows Time Service Manager is responsible for initiating the action of the NTP time providers included with the operating system. The Windows Time Service Manager controls all functions of the Windows Time service and the coalescing of all time samples. In addition to providing information about the current system state, such as the current time source or the last time the system clock was updated, the Windows Time Service Manager is also responsible for creating events in the event log. The time synchronization process involves the following steps:
y y

Input providers request and receive time samples from configured NTP time sources. These time samples are then passed to the Windows Time Service Manager, which collects all the samples and passes them to the clock discipline subcomponent. The clock discipline subcomponent applies the NTP algorithms which results in the selection of the best time sample. The clock discipline subcomponent adjusts the time of the system clock to the most accurate time by either adjusting the clock rate or directly changing the time.

If a computer has been designated as a time server, it can send the time on to any computer requesting time synchronization at any point in this process.

Windows Time Service Time Protocols

Time protocols determine how closely two computers clocks are synchronized. A time protocol is responsible for determining the best available time information and converging the clocks to ensure that a consistent time is maintained on separate systems. The Windows Time service uses the Network Time Protocol (NTP) to help synchronize time across a network. NTP is an Internet time protocol that includes the discipline algorithms necessary for synchronizing clocks. NTP is a more accurate time protocol than the Simple Network Time Protocol (SNTP) that is used in some versions of Windows; however W32Time continues to support SNTP to enable backward compatibility with computers running SNTP-based time services, such as Windows 2000.

Network Time Protocol


Network Time Protocol (NTP) is the default time synchronization protocol used by the Windows Time service in the operating system. NTP is a fault-tolerant, highly scalable time protocol and is the protocol used most often for synchronizing computer clocks by using a designated time reference. The Windows Time service integrates NTP version 3 with algorithmic enhancements from NTP version 4, which provides these benefits:
y y y y

Increased accuracy of the time service. Better error management. A complex filtering system. Increased stability.

NTP time synchronization takes place over a period of time and involves the transfer of NTP packets over a network. NTP packets contain time stamps that include a time sample from both the client and the server participating in time synchronization. NTP relies on a reference clock to define the most accurate time to be used and synchronizes all clocks on a network to that reference clock. NTP uses Coordinated Universal Time (UTC) as the universal standard for current time. UTC is independent of time zones and enables NTP to be used anywhere in the world regardless of time zone settings. NTP Algorithms NTP includes two algorithms, a clock-filtering algorithm and a clock-selection algorithm, to assist the Windows Time service in determining the best time sample. The clock-filtering algorithm is designed to sift through time samples that are received from queried time sources and determine the best time samples from each source. The clock-selection algorithm then determines the most accurate time server on the network. This information is then passed to the clock discipline algorithm, which uses the information gathered to correct the local clock of the computer, while compensating for errors due to network latency and computer clock inaccuracy. The NTP algorithms are most accurate under conditions of light-to-moderate network and server loads. As with any algorithm that takes network transit time into account, NTP

algorithms might perform poorly under conditions of extreme network congestion. For more information about the NTP algorithms, see RFC 1305 in the IETF RFC Database. NTP Time Provider The Windows Time service is a complete time synchronization package that can support a variety of hardware devices and time protocols. To enable this support, the service uses pluggable time providers. A time provider is responsible for either obtaining accurate time stamps (from the network or from hardware) or for providing those time stamps to other computers over the network. The NTP provider is the standard time provider included with the operating system. The NTP provider follows the standards specified by NTP version 3 for a client and server, and can interact with SNTP clients and servers for backward compatibility with Windows 2000 and other SNTP clients. The NTP provider in the Windows Time service consists of the following two parts:
y

NtpServer output provider. This is a time server that responds to client time requests on the network. NtpClient input provider. This is a time client that obtains time information from another source, either a hardware device or an NTP server, and can return time samples that are useful for synchronizing the local clock.

Although the actual operations of these two providers are closely related, they appear independent to the time service. Starting with Windows 2000 Server, when a Windows computer is connected to a network, it is configured as an NTP client. Also, computers running the Windows Time service only attempt to synchronize time with a domain controller or a manually specified time source by default. These are the preferred time providers because they are automatically available, secure sources of time. NTP Security Within an AD DS forest, the Windows Time service relies on standard domain security features to enforce the authentication of time data. The security of NTP packets that are sent between a domain member computer and a local domain controller that is acting as a time server is based on shared key authentication. The Windows Time service uses the computers Kerberos session key to create authenticated signatures on NTP packets that are sent across the network. NTP packets are not transmitted inside the Net Logon secure channel. Instead, when a computer requests the time from a domain controller in the domain hierarchy, the Windows Time service requires that the time be authenticated. The domain controller then returns the required information in the form of a 64-bit value that has been authenticated with the session key from the Net Logon service. If the returned NTP packet is not signed with the computers session key or is signed incorrectly, the time is rejected. All such authentication failures are logged in the Event Log. In this way, the Windows Time service provides security for NTP data in an AD DS forest. Generally, Windows time clients automatically obtain accurate time for synchronization from domain controllers in the same domain. In a forest, the domain controllers of a child domain synchronize time with domain controllers in their parent domains. When a time server returns

an authenticated NTP packet to a client that requests the time, the packet is signed by means of a Kerberos session key defined by an interdomain trust account. The interdomain trust account is created when a new AD DS domain joins a forest, and the Net Logon service manages the session key. In this way, the domain controller that is configured as reliable in the forest root domain becomes the authenticated time source for all of the domain controllers in both the parent and child domains, and indirectly for all computers located in the domain tree. The Windows Time service can be configured to work between forests, but it is important to note that this configuration is not secure. For example, an NTP server might be available in a different forest. However, because that computer is in a different forest, there is no Kerberos session key with which to sign and authenticate NTP packets. To obtain accurate time synchronization from a computer in a different forest, the client needs network access to that computer and the time service must be configured to use a specific time source located in the other forest. If a client is manually configured to access time from an NTP server outside of its own domain hierarchy, the NTP packets sent between the client and the time server are not authenticated, and therefore are not secure. Even with the implementation of forest trusts, the Windows Time service is not secure across forests. Although the Net Logon secure channel is the authentication mechanism for the Windows Time service, authentication across forests is not supported. Hardware Devices That Are Supported by the Windows Time Service Hardware-based clocks such as GPS or radio clocks are often used as highly accurate reference clock devices. By default, the Windows Time service NTP time provider does not support the direct connection of a hardware device to a computer, although it is possible to create a software-based independent time provider that supports this type of connection. This type of provider, in conjunction with the Windows Time service, can provide a reliable, stable time reference. Hardware devices, such as a cesium clock or a Global Positioning System (GPS) receiver, provide accurate current time by following a standard to obtain an accurate definition of time. Cesium clocks are extremely stable and are unaffected by factors such as temperature, pressure, or humidity, but are also very expensive. A GPS receiver is much less expensive to operate and is also an accurate reference clock. GPS receivers obtain their time from satellites that obtain their time from a cesium clock. Without the use of an independent time provider, Windows time servers can acquire their time by connecting to an external NTP server, which is connected to a hardware device by means of a telephone or the Internet. Organizations such as the United States Naval Observatory provide NTP servers that are connected to extremely reliable reference clocks. Many GPS receivers and other time devices can function as NTP servers on a network. You can configure your AD DS forest to synchronize time from these external hardware devices only if they are also acting as NTP servers on your network. To do so, configure the domain controller functioning as the primary domain controller (PDC) emulator in your forest root to synchronize with the NTP server provided by the GPS device. To do so, see Configure the Windows Time service on the PDC emulator in the Forest Root Domain (http://go.microsoft.com/fwlink/?LinkId=91969).

Simple Network Time Protocol

The Simple Network Time Protocol (SNTP) is a simplified time protocol that is intended for servers and clients that do not require the degree of accuracy that NTP provides. SNTP, a more rudimentary version of NTP, is the primary time protocol that is used in Windows 2000. Because the network packet formats of SNTP and NTP are identical, the two protocols are interoperable. The primary difference between the two is that SNTP does not have the error management and complex filtering systems that NTP provides. For more information about the Simple Network Time Protocol, see RFC 1769 in the IETF RFC Database.

Time Protocol Interoperability


The Windows Time service can operate in a mixed environment of computers running Windows 2000, Windows XP, and Windows Server 2003, because the SNTP protocol used in Windows 2000 is interoperable with the NTP protocol in Windows XP and Windows Server 2003. The time service in Windows NT Server 4.0, called TimeServ, synchronizes time across a Windows NT 4.0 network. TimeServ is an add-on feature available as part of the Microsoft Windows NT 4.0 Resource Kit and does not provide the degree of reliability of time synchronization that is required by Windows Server 2003. The Windows Time service can interoperate with computers running Windows NT 4.0 because they can synchronize time with computers running Windows 2000 or Windows Server 2003; however, a computer running Windows 2000 or Windows Server 2003 does not automatically discover Windows NT 4.0 time servers. For example, if your domain is configured to synchronize time by using the domain hierarchybased method of synchronization and you want computers in the domain hierarchy to synchronize time with a Windows NT 4.0 domain controller, you have to configure those computers manually to synchronize with the Windows NT 4.0 domain controllers. Windows NT 4.0 uses a simpler mechanism for time synchronization than the Windows Time service uses. Therefore, to ensure accurate time synchronization across your network, it is recommended that you upgrade any Windows NT 4.0 domain controllers to Windows 2000 or Windows Server 2003.

Windows Time Service Processes and Interactions


The Windows Time service is designed to synchronize the clocks of computers on a network. The network time synchronization process, also called time convergence, occurs throughout a network as each computer accesses time from a more accurate time server. Time convergence involves a process by which an authoritative server provides the current time to client computers in the form of NTP packets. The information provided within a packet indicates whether an adjustment needs to be made to the computers current clock time so that it is synchronized with the more accurate server. As part of the time convergence process, domain members attempt to synchronize time with any domain controller located in the same domain. If the computer is a domain controller, it attempts to synchronize with a more authoritative domain controller.

Computers running Windows XP Home Edition or computers that are not joined to a domain do not attempt to synchronize with the domain hierarchy, but are configured by default to obtain time from time.windows.com. To establish a computer running Windows Server 2003 as authoritative, the computer must be configured to be a reliable time source. By default, the first domain controller that is installed on a Windows Server 2003 domain is automatically configured to be a reliable time source. Because it is the authoritative computer for the domain, it must be configured to synchronize with an external time source rather than with the domain hierarchy. Also by default, all other Windows Server 2003 domain members are configured to synchronize with the domain hierarchy. After you have established a Windows Server 2003 network, you can configure the Windows Time service to use one of the following options for synchronization:
y y y y

Domain hierarchy-based synchronization A manually-specified synchronization source All available synchronization mechanisms No synchronization.

Each of these synchronization types is discussed in the following section.

Domain HierarchyBased Synchronization


Synchronization that is based on a domain hierarchy uses the AD DS domain hierarchy to find a reliable source with which to synchronize time. Based on domain hierarchy, the Windows Time service determines the accuracy of each time server. In a Windows Server 2003 forest, the computer that holds the primary domain controller (PDC) emulator operations master role, located in the forest root domain, holds the position of best time source, unless another reliable time source has been configured. The following figure illustrates a path of time synchronization between computers in a domain hierarchy. Time Synchronization in an AD DS Hierarchy

Reliable Time Source Configuration A computer that is configured to be a reliable time source is identified as the root of the time service. The root of the time service is the authoritative server for the domain and typically is configured to retrieve time from an external NTP server or hardware device. A time server can be configured as a reliable time source to optimize how time is transferred throughout the domain hierarchy. If a domain controller is configured to be a reliable time source, Net Logon service announces that domain controller as a reliable time source when it logs on to the network. When other domain controllers look for a time source to synchronize with, they choose a reliable source first if one is available. Time Source Selection The time source selection process can create two problems on a network:
y

Additional synchronization cycles.

Increased volume in network traffic.

A cycle in the synchronization network occurs when time remains consistent between a group of domain controllers and the same time is shared between them continuously without a resynchronization with another reliable time source. The Windows Time services time source selection algorithm is designed to protect against these types of problems. A computer uses one of the following methods to identify a time source to synchronize with:
y

If the computer is not a member of a domain, it must be configured to synchronize with a specified time source. If the computer is a member server or workstation within a domain, by default, it follows the AD DS hierarchy and synchronizes its time with a domain controller in its local domain that is currently running the Windows Time service.

If the computer is a domain controller, it makes up to six queries to locate another domain controller to synchronize with. Each query is designed to identify a time source with certain attributes, such as a type of domain controller, a particular location, and whether or not it is a reliable time source. The time source must also adhere to the following constraints:
y

A reliable time source can only synchronize with a domain controller in the parent domain. A PDC emulator can synchronize with a reliable time source in its own domain or any domain controller in the parent domain.

If the domain controller is not able to synchronize with the type of domain controller that it is querying, the query is not made. The domain controller knows which type of computer it can obtain time from before it makes the query. For example, a local PDC emulator does not attempt to query numbers three or six because a domain controller does not attempt to synchronize with itself. The following table lists the queries that a domain controller makes to find a time source and the order in which the queries are made. Domain Controller Time Source Queries

Query Number 1 2 3

Domain Controller Parent domain controller Local domain controller Local PDC emulator

Location In-site In-site In-site

Reliability of Time Source Prefers a reliable time source but it can synchronize with a non-reliable time source if that is all that is available. Only synchronizes with a reliable time source. Does not apply.

4 5

Parent domain controller Local domain controller Local PDC emulator

Out-ofsite Out-ofsite Out-ofsite

A domain controller does not attempt to synchronize with itself. Prefers a reliable time source but it can synchronize with a non-reliable time source if that is all that is available. Only synchronizes with a reliable time source. Does not apply.

A domain controller does not attempt to synchronize with itself.

Note
y

A computer never synchronizes with itself. If the computer attempting synchronization is the local PDC emulator, it does not attempt Queries 3 or 6.

Each query returns a list of domain controllers that can be used as a time source. Windows Time assigns each domain controller that is queried a score based on the reliability and location of the domain controller. The following table lists the scores assigned by Windows Time to each type of domain controller. Score Determination

Domain Controller Status Score Domain controller located in same site 8 Domain controller marked as a reliable time source 4 Domain controller located in the parent domain 2 Domain controller that is a PDC emulator 1 When the Windows Time service determines that it has identified the domain controller with the best possible score, no more queries are made. The scores assigned by the time service are cumulative, which means that a PDC emulator located in the same site receives a score of nine. If the root of the time service is not configured to synchronize with an external source, the internal hardware clock of the computer governs the time.

Manually-Specified Synchronization
Manually-specified synchronization enables you to designate a single peer or list of peers from which a computer obtains time. If the computer is not a member of a domain, it must be manually configured to synchronize with a specified time source. A computer that is a member of a domain is configured by default to synchronize from the domain hierarchy, manually-specified synchronization is most useful for the forest root of the domain or for computers that are not joined to a domain. Manually specifying an external NTP server to

synchronize with the authoritative computer for your domain provides reliable time. However, configuring the authoritative computer for your domain to synchronize with a hardware clock is actually a better solution for providing the most accurate, secure time to your domain. Manually-specified time sources are not authenticated unless a specific time provider is written for them, and they are therefore vulnerable to attackers. Also, if a computer synchronizes with a manually-specified source rather than its authenticating domain controller, the two computers might be out of synchronization, causing Kerberos authentication to fail. This might cause other actions requiring network authentication to fail, such as printing or file sharing. If only the forest root is configured to synchronize with an external source, all other computers within the forest remain synchronized with each other, making replay attacks difficult.

All Available Synchronization Mechanisms


The all available synchronization mechanisms option is the most valuable synchronization method for users on a network. This method allows synchronization with the domain hierarchy and may also provide an alternate time source if the domain hierarchy becomes unavailable, depending on the configuration. If the client is unable to synchronize time with the domain hierarchy, the time source automatically falls back to the time source specified by the NtpServer setting. This method of synchronization is most likely to provide accurate time to clients.

Stopping Time Synchronization


There are certain situations in which you will want to stop a computer from synchronizing its time. For example, if a computer attempts to synchronize from a time source on the Internet or from another site over a WAN by means of a dial-up connection, it can incur costly telephone charges. When you disable synchronization on that computer, you prevent the computer from attempting to access a time source over a dial-up connection. You can also disable synchronization to prevent the generation of errors in the event log. Each time a computer attempts to synchronize with a time source that is unavailable, it generates an error in the Event Log. If a time source is taken off of the network for scheduled maintenance and you do not intend to reconfigure the client to synchronize from another source, you can disable synchronization on the client to prevent it from attempting synchronization while the time server is unavailable. It is useful to disable synchronization on the computer that is designated as the root of the synchronization network. This indicates that the root computer trusts its local clock. If the root of the synchronization hierarchy is not set to NoSync and if it is unable to synchronize with another time source, clients do not accept the packet that this computer sends out because its time cannot be trusted. The only time servers that are trusted by clients even if they have not synchronized with another time source are those that have been identified by the client as reliable time servers.

Disabling the Windows Time Service

The Windows Time service (W32Time) can be completely disabled. If you choose to implement a third-party time synchronization product that uses NTP, you must disable the Windows Time service. This is because all NTP servers need access to User Datagram Protocol (UDP) port 123, and as long as the Windows Time service is running on the Windows Server 2003 operating system, port 123 remains reserved by Windows Time.

Network Ports Used by Windows Time Service


The Windows Time service communicates on a network to identify reliable time sources, obtain time information, and provide time information to other computers. It performs this communication as defined by the NTP and SNTP RFCs. Port Assignments for the Windows Time Service

Service name UDP TCP NTP 123 N/A SNTP 123 N/A

Windows Time Service Tools and Settings

Updated: December 15, 2010 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 Foundation, Windows Server 2008 R2, Windows Server 2008 R2 Foundation

In this section
y y y y y

Windows Time Service Tools Windows Time Service Registry Entries Windows Time Service Group Policy Settings Network Ports Used by the Windows Time Service Related Information

Note This topic contains information only about tools and settings for Windows Time service (W32Time). For more information about how to configure Windows Time service, see the list of topics in the section Where to Find Windows Time Service Configuration Information. Caution You should not use the Net time command to configure or set time when the Windows Time service is running.

Also, running the command Net time /querysntp displays the name of a Network Time Protocol (NTP) server with which a computer is configured to synchronize, but that NTP server is used only when the computers time client is configured as NTP or AllSync. Most domain member computers have a time client type of NT5DS, which means that they synchronize time from the domain hierarchy. The only typical exception to this is the domain controller that functions as the primary domain controller (PDC) emulator operations master of the forest root domain, which is usually configured to synchronize time with an external time source. To view the time client configuration of a computer, run the W32tm /query /configuration command from an elevated Command Prompt in starting in Windows Server 2008, and Windows Vista, and read the Type line in the command output. For more information, see How Windows Time Service Works (http://go.microsoft.com/fwlink/?LinkId=117753). In previous versions of the Windows Time client, you can run the command reg query HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters and read the value of NtpServer in the command output.

Important The W32Time service is not a full-featured NTP solution that meets time-sensitive application needs and is not supported by Microsoft as such. For more information, see Microsoft Knowledge Base article 939322, Support boundary to configure the Windows Time service for high-accuracy environments (http://go.microsoft.com/fwlink/?LinkID=179459).

Windows Time Service Tools


The following tools are associated with the Windows Time service. W32tm.exe: Windows Time Category This tool is installed as part of Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 default installations. Version compatibility This tool works on Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 default installations. W32tm.exe is used to configure Windows Time service settings. It can also be used to diagnose problems with the time service. W32tm.exe is the preferred command line tool for configuring, monitoring, or troubleshooting the Windows Time service. The following tables describe the parameters that are used with W32tm.exe. W32tm.exe Primary Parameters

Parameter

Description

W32tm /?

W32tm command line help Registers the time service to run as a service and W32tm /register adds default configuration to the registry. Unregisters the time service and removes all W32tm /unregister configuration information from the registry. w32tm /monitor domain specifies which domain to monitor. If no domain name is given, or neither the domain nor computers option is specified, the default domain [/domain:<domain name>] [/computers:<name>[,<name>[,<name>.. is used. This option might be used more than once. .]]] [/threads:<num>]

computers monitors the given list of computers. Computer names are separated by commas, with no spaces. If a name is prefixed with a *, it is treated as a PDC. This option might be used more than once. threads specifies the number of computers to analyze simultaneously. The default value is 3. Allowed range is 1-50. Convert an NT system time, in (10^-7)s intervals from 0h 1-Jan 1601, into a readable format. Convert an NTP time, in (2^-32)s intervals from 0h 1-Jan 1900, into a readable format. Tells a computer that it should resynchronize its clock as soon as possible, throwing out all accumulated error statistics. computer:<computer> Specifies the computer that should resynchronize. If not specified, the local computer will resynchronize. nowait do not wait for the resynchronize to occur; return immediately. Otherwise, wait for the resynchronize to complete before returning. rediscover Redetect the network configuration and rediscover network sources, then resynchronize. soft resynchronize using existing error statistics. Not useful, provided for compatibility. Display a strip chart of the offset between this computer and another computer. w32tm /stripchart /computer:<target> [/period:<refresh>] [/dataonly] [/samples:<count>] computer:<target> the computer to measure the offset against. period:<refresh> the time between samples, in seconds. The default is 2s. dataonly display only the data without graphics. samples:<count> collect <count> samples, then stop. If not specified, samples will be collected until Ctrl+C is pressed. computer:<target> adjusts the configuration of <target>. If not specified, the default is the local computer.

w32tm /ntte <NT time epoch> w32tm /ntpte <NTP time epoch>

w32tm /resync [/computer:<computer>] [/nowait] [/rediscover] [/soft]

w32tm /config [/computer:<target>]

[/update] [/manualpeerlist:<peers>] [/syncfromflags:<source>] [/LocalClockDispersion:<seconds>] [/reliable:(YES|NO)] [/largephaseoffset:<milliseconds>]

update notifies the time service that the configuration has changed, causing the changes to take effect. manualpeerlist:<peers> sets the manual peer list to <peers>, which is a space-delimited list of DNS and/or IP addresses. When specifying multiple peers, this option must be enclosed in quotes. syncfromflags:<source> sets what sources the NTP client should synchronize from. <source> should be a comma separated list of these keywords (not case sensitive): MANUAL include peers from the manual peer list. DOMHIER synchronize from a domain controller (DC) in the domain hierarchy. LocalClockDispersion:<seconds> configures the accuracy of the internal clock that W32Time will assume when it cant acquire time from its configured sources. reliable:(YES|NO) set whether this computer is a reliable time source. This setting is only meaningful on domain controllers. YES this computer is a reliable time service. NO this computer is not a reliable time service. largephaseoffset:<milliseconds> sets the time difference between local and network time which W32Time will consider a spike. Display the current time zone settings. Display the values associated with a given registry key. The default key is HKLM\System\CurrentControlSet\Services\W32T ime (the root key for the time service). subkey:<key> displays the values associated

w32tm /tz

w32tm /dumpreg [/subkey:<key>] [/computer:<target>]

with subkey <key> of the default key. computer:<target> queries registry settings for computer <target> This parameter was first made available in the Windows Time client versions of Windows Vista, and Windows Server 2008. Display a computer's Windows Time service information. computer:<target> Query the information of <target>. If not specified, the default value is the local computer. w32tm /query [/computer:<target>] {/source | /configuration | /peers | /status} Source Display the time source. [/verbose] Configuration Display the configuration of run time and where the setting comes from. In verbose mode, display the undefined or unused setting too. peers Display a list of peers and their status. status Display Windows Time service status. verbose Set the verbose mode to display more information. This parameter was first made available in the Windows Time client versions of Windows Vista, and Windows Server 2008. Enable or disable the local computer Windows Time service private log. disable Disable the private log. w32tm /debug {/disable | {/enable /file:<name> /size:<bytes> /entries:<value> [/truncate]}} enable Enable the private log.
y y

file:<name> Specify the absolute file name. size:<bytes> Specify the maximum size for circular logging. entries:<value> Contains a list of flags, specified by number and separated by commas, that specify the types of information that should be logged. Valid numbers are 0 to 300. A range of numbers is valid, in addition to single numbers, such as 0-100,103,106. Value

0-300 is for logging all information.

truncate Truncate the file if it exists. For more information about W32tm.exe, see Help and Support Center in Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2.

Windows Time Service Registry Entries


The following registry entries are associated with the Windows Time service. This information is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.
Warning Some of the preset values that are configured in the System Administrative template file (System.adm) for the Group Policy object (GPO) settings are different from the corresponding default registry entries. If you plan to use a GPO to configure any Windows Time setting, be sure that you review Preset values for the Windows Time service Group Policy settings are different from the corresponding Windows Time service registry entries in Windows Server 2003 (http://go.microsoft.com/fwlink/?LinkId=186066). This issue applies to Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, and Windows Server 2003.

Many registry entries for the Windows Time service are the same as the Group Policy setting of the same name. The Group Policy settings correspond to the registry entries of the same name located in: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\. There are several registry keys at this registry location. The Windows Time settings are stored in values across all of these keys.
Note Many of the values in the W32Time section of the registry are used internally by W32Time to store information. These values should not be manually changed at any time. Do not modify any of the settings in this section unless you are familiar with the setting and are certain that the new value will

work as expected. The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\

AllowNonstandardModeCombinations
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpServer
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry indicates that non-standard mode combinations are allowed in synchronization between peers. The default value for domain members is 1. The default value for stand-alone clients and servers is 1. AllowNonstandardModeCombinations
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry indicates that non-standard mode combinations are allowed in synchronization between clients and servers. The default value for domain members is 1. The default value for stand-alone clients and servers is 1. AnnounceFlags
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2

This entry controls whether this computer is marked as a reliable time server. A computer is not marked as reliable unless it is also marked as a time server.
y y y y y

0x00 Not a time server 0x01 Always time server 0x02 Automatic time server 0x04 Always reliable time server 0x08 Automatic reliable time server

The default value for domain members is 10. The default value for stand-alone clients and servers is 10. CompatibilityFlags
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry specifies the following compatibility flags and values:
y y y y

DispersionInvalid: 0x00000001 IgnoreFutureRefTimeStamp: 0x00000002 AutodetectWin2K: 0x80000000 AutodetectWin2KStage2: 0x40000000

The default value for domain members is 0x80000000. The default value for stand-alone clients and servers is 0x80000000. CrossSiteSyncFlags
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient

Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry determines whether the service chooses synchronization partners outside the domain of the computer. The options and values are:
y y y

None: 0 PdcOnly: 1 All: 2

This value is ignored if the NT5DS value is not set. The default value for domain members is 2. The default value for stand-alone clients and servers is 2. DllName
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry specifies the location of the DLL for the time provider. The default location for this DLL on both domain members and stand-alone clients and servers is %windir%\System32\W32Time.dll. DllName Registry path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpServer Version Windows Server 2003 Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry specifies the location of the DLL for the time provider. The default location for this DLL on both domain members and stand-alone clients and servers is %windir%\System32\W32Time.dll.

Enabled
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry indicates if the NtpClient provider is enabled in the current Time Service.
y y

Yes 1 No 0

The default value on domain members is 1. The default value on stand-alone clients and servers is 1. Enabled
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpServer
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry indicates if the NtpServer provider is enabled in the current Time Service.
y y

Yes 1 No 0

The default value on domain members is 1. The default value on stand-alone clients and servers is 1. EventLogFlags
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry controls the events that the time service logs.
y y

Time Jump: 0x1 Source Change: 0x2

The default value on domain members is 2. The default value on stand-alone clients and servers is 2. EventLogFlags
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry specifies the events logged by the Windows Time service.
y y

0x1 reachability changes 0x2 large sample skew (This is applicable to Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 only)

The default value on domain members is 0x1. The default value on stand-alone clients and servers is 0x1. FrequencyCorrectRate
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry controls the rate at which the clock is corrected. If this value is too small, the clock is unstable and overcorrects. If the value is too large, the clock takes a long time to

synchronize. The default value on domain members is 4. The default value on stand-alone clients and servers is 4.
Note 0 is an invalid value for the FrequencyCorrectRate registry entry. On Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2computers, if the value is set to 0 the Windows Time service will automatically change it to 1.

HoldPeriod
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry controls the period of time for which spike detection is disabled in order to bring the local clock into synchronization quickly. A spike is a time sample indicating that time is off a number of seconds, and is usually received after good time samples have been returned consistently. The default value on domain members is 5. The default value on stand-alone clients and servers is 5. InputProvider
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry indicates if the NtpClient provider is enabled.
y y

Yes 1 No 0

The default value on domain members is 1. The default value on stand-alone clients and servers is 1. InputProvider

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpServer
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry indicates if the NtpServer provider is enabled.
y y

Yes 1 No 0

The default value on domain members is 1. The default value on stand-alone clients and servers is 1. LargePhaseOffset
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry specifies that a time offset greater than or equal to this value in 10-7 seconds is considered a spike. A network disruption such as a large amount of traffic might cause a spike. A spike will be ignored unless it persists for a long period of time. The default value on domain members is 50000000. The default value on stand-alone clients and servers is 50000000. LargeSampleSkew
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
Version

Windows Server 2003 and Windows Server 2008 This entry specifies the large sample skew for logging in seconds. To comply with Security and Exchange Commission (SEC) specifications, this should be set to three seconds. Events will be logged for this setting only when EventLogFlags is explicitly configured for 0x2 large

sample skew. The default value on domain members is 3. The default value on stand-alone clients and servers is 3. LastClockRate
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry is maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default value on domain members is 156250. The default value on stand-alone clients and servers is 156250. LocalClockDispersion
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry controls the dispersion (in seconds) that you must assume when the only time source is the built-in CMOS clock. The default value on domain members is 10. The default value on stand-alone clients and servers is 10. MaxAllowedPhaseOffset
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry specifies the maximum offset (in seconds) for which W32Time attempts to adjust the computer clock by using the clock rate. When the offset exceeds this rate, W32Time sets the computer clock directly. The default value for domain members is 300. The default value for stand-alone clients and servers is 1.

In order for W32Time to set the computer clock gradually, the offset must be less than the MaxAllowedPhaseOffset value and satisfy the following equation at the same time: |CurrentTimeOffset| / (PhaseCorrectRate*UpdateInterval) < SystemClockRate / 2 MaxClockRate
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry is maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default value for domain members is 155860. The default value for stand-alone clients and servers is 155860. MaxNegPhaseCorrection
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry specifies the largest negative time correction in seconds that the service makes. If the service determines that a change larger than this is required, it logs an event instead. Special case: 0xFFFFFFFF means always make time correction. The default value for domain members is 0xFFFFFFFF. The default value for stand-alone clients and servers is 54,000 (15 hrs). MaxPollInterval
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2

This entry specifies the largest interval, in log2 seconds, allowed for the system polling interval. Note that while a system must poll according to the scheduled interval, a provider can refuse to produce samples when requested to do so. The default value for domain controllers is 10. The default value for domain members is 15. The default value for standalone clients and servers is 15. MaxPosPhaseCorrection
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2. This entry specifies the largest positive time correction in seconds that the service makes. If the service determines that a change larger than this is required, it logs an event instead. Special case: 0xFFFFFFFF means always make time correction. The default value for domain members is 0xFFFFFFFF. The default value for stand-alone clients and servers is 54,000 (15 hrs). MinClockRate
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry is maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default value for domain members is 155860. The default value for stand-alone clients and servers is 155860. MinPollInterval
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2

This entry specifies the smallest interval, in log2 seconds, allowed for the system polling interval. Note that while a system does not request samples more frequently than this, a provider can produce samples at times other than the scheduled interval. The default value for domain controllers is 6. The default value for domain members is 10. The default value for stand-alone clients and servers is 10. NtpServer
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Paramet ers
Version

Windows Server 2003 and Windows Server 2008 This entry specifies a space-delimited list of peers from which a computer obtains time stamps, consisting of one or more DNS names or IP addresses per line. Each DNS name or IP address listed must be unique. Computers connected to a domain must synchronize with a more reliable time source, such as the official U.S. time clock.
y y y

0x01 SpecialInterval 0x02 UseAsFallbackOnly 0x04 SymmetricActive For more information about this mode, see Windows Time Server: 3.3 Modes of Operation (http://go.microsoft.com/fwlink/?LinkId=208012).

0x08 Client

There is no default value for this registry entry on domain members. The default value on stand-alone clients and servers is time.windows.com,0x1.
Note For more information on available NTP Servers, see Microsoft Knowledge Base article 262680 (http://go.microsoft.com/fwlink/?LinkId=186067)

PhaseCorrectRate
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry controls the rate at which the phase error is corrected. Specifying a small value corrects the phase error quickly, but might cause the clock to become unstable. If the value is too large, it takes a longer time to correct the phase error. The default value on domain members is 1. The default value on stand-alone clients and servers is 7.
Note 0 is an invalid value for the PhaseCorrectRate registry entry. On Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2computers, if the value is set to 0, the Windows Time service automatically changes it to 1.

PollAdjustFactor
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry controls the decision to increase or decrease the poll interval for the system. The larger the value, the smaller the amount of error that causes the poll interval to be decreased. The default value on domain members is 5. The default value on stand-alone clients and servers is 5. ResolvePeerBackOffMaxTimes
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry specifies the maximum number of times to double the wait interval when repeated attempts to locate a peer to synchronize with fail. A value of zero means that the wait interval

is always the minimum. The default value on domain members is 7. The default value on stand-alone clients and servers is 7. ResolvePeerBackOffMinutes
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry specifies the initial interval to wait, in minutes, before attempting to locate a peer to synchronize with. The default value on domain members is 15. The default value on standalone clients and servers is 15. ServiceDll
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Paramet ers
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry is maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default location for this DLL on both domain members and stand-alone clients and servers is %windir%\System32\W32Time.dll. ServiceMain
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Paramet ers
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2

This entry is maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default value on domain members is SvchostEntry_W32Time. The default value on stand-alone clients and servers is SvchostEntry_W32Time. SpecialPollInterval
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry specifies the special poll interval in seconds for manual peers. When the SpecialInterval 0x1 flag is enabled, W32Time uses this poll interval instead of a poll interval determine by the operating system. The default value on domain members is 3,600. The default value on stand-alone clients and servers is 604,800. SpecialPollTimeRemaining
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimePr oviders\NtpClient
Version

Windows Server 2003 and Windows Server 2008 This entry is maintained by W32Time. It contains reserved data that is used by the Windows operating system. It specifies the time in seconds before W32Time will resynchronize after the computer has restarted. Any changes to this setting can cause unpredictable results. The default value on both domain members and on stand-alone clients and servers is left blank. SpikeWatchPeriod
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2

This entry specifies the amount of time that a suspicious offset must persist before it is accepted as correct (in seconds). The default value on domain members is 900. The default value on stand-alone clients and workstations is 900. Type
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Paramet ers
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry Indicates which peers to accept synchronization from:
y y

NoSync. The time service does not synchronize with other sources. NTP. The time service synchronizes from the servers specified in the NtpServer. registry entry. NT5DS. The time service synchronizes from the domain hierarchy. AllSync. The time service uses all the available synchronization mechanisms.

y y

The default value on domain members is NT5DS. The default value on stand-alone clients and servers is NTP. UpdateInterval
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2. This entry specifies the number of clock ticks between phase correction adjustments. The default value for domain controllers is 100. The default value for domain members is 30,000. The default value for stand-alone clients and servers is 360,000.
Note 0 is an invalid value for the UpdateInterval registry entry. On computers running Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows

Server 2008 R2, if the value is set to 0 the Windows Time service automatically changes it to 1.

The following three registry entries are not a part of the W32Time default configuration but can be added to the registry to obtain increased logging capabilities. The information logged to the System Event log can be modified by changing value for the EventLogFlags setting in the Group Policy Object Editor. By default, the time service creates a log in Event Viewer every time that it switches to a new time source.
Warning Some of the preset values that are configured in the System Administrative template file (System.adm) for the Group Policy object (GPO) settings are different from the corresponding default registry entries. If you plan to use a GPO to configure any Windows Time setting, be sure that you review Preset values for the Windows Time service Group Policy settings are different from the corresponding Windows Time service registry entries in Windows Server 2003 (http://go.microsoft.com/fwlink/?LinkId=186066). This issue applies to Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, and Windows Server 2003.

The following registry entries must be added in order to enable W32Time logging: FileLogEntries
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry controls the amount of entries created in the Windows Time log file. The default value is none, which does not log any Windows Time activity. Valid values are 0 to 300. This value does not affect the event log entries normally created by Windows Time. FileLogName
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2

This entry controls the location and file name of the Windows Time log. The default value is blank, and should not be changed unless FileLogEntries is changed. A valid value is a full path and file name that Windows Time will use to create the log file. This value does not affect the event log entries normally created by Windows Time. FileLogSize
Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Version

Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 This entry controls the circular logging behavior of Windows Time log files. When FileLogEntries and FileLogName are defined, this entry defines the size, in bytes, to allow the log file to reach before overwriting the oldest log entries with new entries. Any positive number is valid, and 3000000 is recommended. This value does not affect the event log entries normally created by Windows Time.

Windows Time Service Group Policy Settings


You can configure most W32Time parameters by using the Group Policy Object Editor. This includes configuring a computer to be an NTPServer or NTPClient, configuring the time synchronization mechanism, and configuring a computer to be a reliable time source.
Note Group Policy settings for the Windows Time service can be configured on Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 domain controllers and can be applied only to computers running Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2.

You can find the Group Policy settings used to configure W32Time in the Group Policy Object Editor snap-in in the following locations:
y

Computer Configuration\Administrative Templates\System\Windows Time Service Configure Global Configuration Settings here.

Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers Configure Windows NTP Client settings here. Enable Windows NTP Client here.

Enable Windows NTP Server here. Warning Some of the preset values that are configured in the System Administrative template file (System.adm) for the Group Policy object (GPO) settings are different from the corresponding default registry entries. If you plan to use a GPO to configure any Windows Time setting, be sure that you review Preset values for the Windows Time service Group Policy settings are different from the corresponding Windows Time service registry entries in Windows Server 2003 (http://go.microsoft.com/fwlink/?LinkId=186066). This issue applies to Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, and Windows Server 2003.

The following table lists the global Group Policy settings that are associated with the Windows Time service and the pre-set value associated with each setting. For more information about each setting, see the corresponding registry entries in Windows Time Service Registry Entries earlier in this subject. The following settings are contained in a single GPO called Global Configuration Settings. Global Group Policy Settings Associated with Windows Time

Group Policy Setting

Pre-Set Value

AnnounceFlags 10 EventLogFlags 2 FrequencyCorrectRate 4 HoldPeriod 5 LargePhaseOffset 1280000 LocalClockDispersion 10 MaxAllowedPhaseOffset 300 MaxNegPhaseCorrection 54,000 (15 hours) MaxPollInterval 15 MaxPosPhaseCorrection 54,000 (15 hours) MinPollInterval 10 PhaseCorrectRate 7 PollAdjustFactor 5 SpikeWatchPeriod 90 UpdateInterval 100 The following table lists the available settings for the Configure Windows NTP Client GPO and the pre-set values that are associated with the Windows Time service. For more information about each setting, see the corresponding registry entries in Windows Time Service Registry Entries earlier in this subject.

NTP Client Group Policy Settings Associated with Windows Time

Group Policy Setting

Default Value

NtpServer

time.windows.com,0x1 Default options:


y y

Type

NTP. Use on computers that are not joined to a domain. NT5DS. Use on computers that are joined to a domain.

CrossSiteSyncFlags 2 ResolvePeerBackoffMinutes 15 ResolvePeerBackoffMaxTimes 7 SpecialPollInterval 3600 EventLogFlags 0

Network Ports Used by the Windows Time Service


Windows Time follows the NTP specification, which requires the use of UDP port 123 for all time synchronization communication. This port is reserved by Windows Time and remains reserved at all times. Whenever the computer synchronizes its clock or provides time to another computer, that communication is performed on UDP port 123.
Note If you have a computer with multiple network adapters (also called a multihomed computer), you cannot selectively enable the Windows Time service based on the network adapter.

Configure the Windows Time service on the PDC emulator in the Forest Root Domain

Updated: March 17, 2010 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 Configure the Windows Time service (W32time) on the primary domain controller (PDC) emulator operations master (also known as flexible single master operations or FSMO) in the forest root domain when you deploy a new forest root domain or when you move the role of the PDC emulator in the forest root domain to a new domain controller. If you move the role of the PDC emulator to a new domain controller, you must also change the configuration of the Windows Time service on the previous PDC emulator. For more information, see Change the Windows Time service configuration on the previous PDC emulator.
Important If the PDC emulator for your forest root domain is not configured or if it is unable to synchronize time from an external source, the PDC emulator for the forest logs W32time Event ID 12 in the System log of Event Viewer. For additional troubleshooting information, see Microsoft Knowledge Base article 816042 (http://go.microsoft.com/fwlink/?LinkID=60402)

Before you configure the Windows Time service on the PDC emulator, you can determine the time difference between it and the source as a means to test basic Network Time Protocol (NTP) communication. After completing the configuration on the PDC emulator, be sure to monitor the System log in Event Viewer for W32time errors.
Note For more information about the w32tm command, type w32tm /? at a command prompt or see Windows Time Service Tools and Settings on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=42984).

Administrative Credentials To perform this procedure locally on the PDC emulator, you must be a member of the Administrators group. To perform this procedure from a remote computer, you must be a member of the Domain Admins group. To configure the Windows Time service on the PDC emulator 1. Open a Command Prompt. 2. Type the following command to display the time difference between the local computer and a target computer, and then press ENTER: w32tm /stripchart /computer: target /samples: n /dataonly

Value

Definition

Specifies the Domain Name System (DNS) name or IP address of the NTP target server that you are comparing the local computer's time against, for example, time.windows.com. Specifies the number of time samples that will be returned from the target n computer to test basic NTP communication. 3. Open User Datagram Protocol (UDP) port 123 for outgoing traffic if needed. 4. Open UDP port 123 (or a different port that you have selected) for incoming NTP traffic. 5. Type the following command to configure the PDC emulator, and then press ENTER: w32tm /config /manualpeerlist: peers /syncfromflags:manual /reliable:yes /update where peers specifies the list of DNS names or IP addresses of the NTP time source that the PDC emulator synchronizes from. For example, you can specify time.windows.com. When specifying multiple peers, use a space as the delimiter and enclose them in quotation marks. For more information about the NTP servers that you can use, see Microsoft Knowledge Base article 262680 (http://go.microsoft.com/fwlink/?LinkID=60401). For example, to configure your PDC emulator to use the following list of fictional time servers:
1. ntp1.fabrikam.com 2. ntp.contoso.com 3. time.fineartschool.net

Run the following command:


w32tm /config /manualpeerlist:ntp1.fabrikam.com ntp.contoso.com time.fineartschool.net /reliable:yes /update

Configure the Windows Time service on the PDC emulator in the Forest Root Domain

Updated: March 17, 2010 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 Configure the Windows Time service (W32time) on the primary domain controller (PDC) emulator operations master (also known as flexible single master operations or FSMO) in the forest root domain when you deploy a new forest root domain or when you move the role of the PDC emulator in the forest root domain to a new domain controller. If you move the role of the PDC emulator to a new domain controller, you must also change the configuration of the Windows Time service on the previous PDC emulator. For more information, see Change the Windows Time service configuration on the previous PDC emulator.
Important If the PDC emulator for your forest root domain is not configured or if it is unable to synchronize time from an external source, the PDC emulator for the forest logs W32time Event ID 12 in the System log of Event Viewer. For additional troubleshooting information, see Microsoft Knowledge Base article 816042 (http://go.microsoft.com/fwlink/?LinkID=60402)

Before you configure the Windows Time service on the PDC emulator, you can determine the time difference between it and the source as a means to test basic Network Time Protocol (NTP) communication. After completing the configuration on the PDC emulator, be sure to monitor the System log in Event Viewer for W32time errors.
Note For more information about the w32tm command, type w32tm /? at a command prompt or see Windows Time Service Tools and Settings on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=42984).

Administrative Credentials To perform this procedure locally on the PDC emulator, you must be a member of the Administrators group. To perform this procedure from a remote computer, you must be a member of the Domain Admins group. To configure the Windows Time service on the PDC emulator 1. Open a Command Prompt. 2. Type the following command to display the time difference between the local computer and a target computer, and then press ENTER: w32tm /stripchart /computer: target /samples: n /dataonly

Value

Definition

Specifies the Domain Name System (DNS) name or IP address of the NTP target server that you are comparing the local computer's time against, for example, time.windows.com. Specifies the number of time samples that will be returned from the target n computer to test basic NTP communication. 3. Open User Datagram Protocol (UDP) port 123 for outgoing traffic if needed. 4. Open UDP port 123 (or a different port that you have selected) for incoming NTP traffic. 5. Type the following command to configure the PDC emulator, and then press ENTER: w32tm /config /manualpeerlist: peers /syncfromflags:manual /reliable:yes /update where peers specifies the list of DNS names or IP addresses of the NTP time source that the PDC emulator synchronizes from. For example, you can specify time.windows.com. When specifying multiple peers, use a space as the delimiter and enclose them in quotation marks. For more information about the NTP servers that you can use, see Microsoft Knowledge Base article 262680 (http://go.microsoft.com/fwlink/?LinkID=60401). For example, to configure your PDC emulator to use the following list of fictional time servers:
1. ntp1.fabrikam.com 2. ntp.contoso.com 3. time.fineartschool.net

Run the following command:


w32tm /config /manualpeerlist:ntp1.fabrikam.com ntp.contoso.com time.fineartschool.net /reliable:yes /update

Configure a client computer for automatic domain time synchronization

Updated: September 28, 2009 Applies To: Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Vista Some computers that are joined to a domain are configured to synchronize from a manual time source. Use the following procedure to configure a client computer that is currently

synchronizing with a manually specified computer, to automatically synchronize time with the domain hierarchy.
Note For more information about the w32tm command, type w32tm /? at a command prompt or see Windows Time Service Tools and Settings on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=42984).

Administrative Credentials To perform this procedure, you must be a member of the Administrators group on the local computer. To perform this procedure from a remote computer, you must be a member of the Domain Admins group. To configure a client computer for automatic domain time synchronization 1. Open a Command Prompt. 2. Type the following command and then press ENTER: w32tm /config /syncfromflags:domhier /update 3. Type the following command and then press ENTER: net stop w32time 4. Type the following command and then press ENTER: net start w32time

You might also like