[ntp:questions] can i use w32time to syncronise in a non domain scenario - windows2003

Ryan Malayter malayter at gmail.com
Wed Apr 1 16:54:20 UTC 2009

On Wed, Apr 1, 2009 at 5:17 AM, Dave Hart <davehart at gmail.com> wrote:
> On Apr 1, 9:54 am, Rob <nom... at example.com> wrote:
>> Not true.  It depends on HOW you configure it.  When the mode is
>> set to NT5DS (default) it behaves as you describe.

If you set w32time to "allsync", it will use both the domain heirarchy
and any manually configured servers.

I actually have one of our 2003sp2 domain controllers set up as a peer
(that's right, a symmetric-active association) with each machine in
our cluster of "real" ntpd servers. It seems to behave just fine with
regards to poll intervals, etc. I have tested the node failure
scenarios as well by firewalling off various time sources from each
machine in the cluster.

Of course, w32time doesn't respond to mode 6 packets (ntpq) so you can
only really monitor its behavior through the event log, its own log
files, and remotely by sending regular NTP packets.

The 16 ms precision causes higher jitter so the "real" ntpd servers
never select the w32time server, but it does function properly, and
the w32time system is never rejected. Peerstats shows that the
reported offset is generally within 16 ms. Here's an ntpq -p -n banner
from one of our real servers... the system "windc0" is a Win2003 Sp2
server running w32tm in domain controller mode:

     remote           refid      st t when poll reach   delay   offset  jitter
+ntp1       2 u  575 1024  376    1.584    0.715   0.999
+ntp2       2 u  791 1024  377    0.008   -1.265   0.780
*ntp.your.org    .CDMA.           1 u  482 1024  377    3.563   -1.457   0.348
-windc0      2 u  579 1024  376    0.008   15.094   5.171

Here's how the w32time is configured (w32tm /dumpreg
/subkey:parameters). The 0x8 is a client association, and the 0x4 is a
symmetric-active association:
NtpServer       ntpsource3,0x8 ntp0,0x4 ntp1,0x4 ntp2,0x4
Type            AllSync

Another possible issue is the fact that w32time can be configured four (!) ways:
  - using NET TIME /setsntp (deprecated, modifies the registry)
  - using w32tm /configure (which modifies the registry), or editing
the registry directly
  - using Local Computer polcies
  - using Windows Group Policies inhereted from Active Directory

Which configuration takes precendence depends on how the server's
security policies are configured and how Active Directory is
configured. In general, I believe the default precedence in a domain
environment is:
  1) Local computer policy
  2) Group policies through Active Directory
  3) local registry settings


More information about the questions mailing list