[ntp:questions] windows 2003 server sp 1 & ntp

Ryan Malayter malayter at gmail.com
Tue Jan 8 03:21:07 UTC 2008

On Jan 7, 7:27 am, ma... at ntp.isc.org (Danny Mayer) wrote:

> This has been discussed here so many times It's rarely worth repeating.
> Windows (w32time) is a sntp client at best, steps the clock and does not
> discipline it. The version introduced with Windows 2003 SP1 we know a
> lot less about.

This is a statement based on outdated information. Yes, the 8-year-old
Windows 2000 implementation was a poor SNTP implementation, with
broken behavior.

However, Microsoft claims recent versions to be a real implementation
of NTPv3, and specifically references RFCv1305. Since there is no
NTPv4 RFC published, I think this is reasonable.

This documentation appeared about the same time as Windows 2003sp1:

It states "The Windows Time service integrates NTP version 3 with
algorithmic enhancements from NTP version 4".

There is quite a bit of Windows Time Service documentation on those
pages, so I am not sure how you can claim "we know less about it". If
anything, far more is known about recent versions of Windows Time
Service, as far less documentation was present then.

> However, we do know that the publicly available server
> that Microsoft makes available (something like
> time.windows.microsoft.com, I forget the exact address) is such a bad
> provider of NTP packets that Dave has found it useful as a source of
> poor-quality NTP packets to debug his algorithms.

When, exactly, was this? Five or more years ago? Dr. Mills, can you
shed some light? time.windows.com does seem to suck, but that seems to
be based on netwrok issues and/or misconfiguration. It has been wither
unavailable, or reporting unsynchronized time (according to NTP specs)
at various intervals over past year. My own Win2003 SP2 domain
controllers seem to keep very reasonable time if peerstats is any
indication. They show high jitter because of the limited clock
resolution, but are always very close to their advertised 2^-6
precision in terms of offset.

Danny, do you have any packet traces or anything that show more recent
versions of w32time misbehaving and violating NTPv3 specs? I haven't
seen it in my captures, but admittedly I haven't tested a lot of
failure scenarios. I only tested unreachable servers using my firewall


More information about the questions mailing list