Windows

Configure a standalone NTP server in Windows Server

Active Directory domains for Windows Servers can make time management easier. If Active Directory isn't in place, here's how to configure a standalone Windows Server to function as an NTP server.

The use case is rare, but what do you do for a time server when Active Directory isn't available and a number of computers (which may or may not be Windows) have a single authoritative time source? The answer is Network Time Protocol (NTP), but configuring it outside of Active Directory is slightly different. (Read my tip on configuring a time server within Active Directory domain controllers.)

When a Windows Server makes the transition to being a domain controller, the capability of functioning as an NTP server comes online. Within the Windows Registry, the HKLM | System | CurrentControlSet | Services | W32Time | TimeProviders | NtpServer section has the configuration for the local NTP server. A default installation of Windows Server 2008 R2 shows this in Figure A. (Note: Editing the registry is risky, so be sure you have a verified backup before saving any changes.) Figure A

Click the image to enlarge.
In Figure A, the "Enabled" registry value is off at a value of 0, indicating that the NTP server is not running on the computer. If you change the value to 1 and enter w32tm /config /update, it will change the running configuration of W32TM, the Windows Time engine. In addition, if you run w32tm /query /configuration, it will display the change that changed the enabled value from 0 to 1 for the local NTP server (Figure B). Figure B

Click the image to enlarge.

Now you can configure other devices to use the NTP server configuration on this computer, and no Active Directory permissions are required. This is different than using the net time command, which does not use NTP.

Read this MSDN blog post for more information on the configuration process.

Have you had to turn on NTP for standalone servers? If so, what additional steps did you take? Share your comments in the discussion.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

10 comments
joemite
joemite

I just went through all of this.

I can't see very many use cases why you would want to install a 3rd party NTP server when you have fully supported NTP server built into the OS that is subject to patching etc.  If you are having troubles syncing to Cisco gear be sure to append the upstream server address with 0x8. For example, if the upstream NTP server is a Cisco device at 10.0.0.1 then you would use 10.0.0.1,0x8 for NtpServer under W32Time->Parameters.


If it's a Domain controller syncing to a Cisco device, the following will work for you:

Domain Controller PDC:

w32tm /config /manualpeerlist:10.0.0.1,0x8 /syncfromflags:manual /reliable:yes /update

Member Domain Controller:

w32tm /config /syncfromflags:domhier /reliable:no /update

Be sure to restart the w32time service after the change.

Verify

w32tm /query /peers /verbose

SimonWilcox
SimonWilcox

This worked well for me on Windows Server 2012 R2 today. I just had to take one extra step to create an inbound firewall rule accepting traffic for UDP port 123.


Thanks for the article.

gorniy-roman
gorniy-roman

You can use special software for synchronization, for example ClockSynchro. Network may be not connected ro internet. Contains ClockSynchroServer and CkockSynchroClient. This program is easy to install and use.
http://clocksynchro.com
On Windows 7 you must run ClockSynchroClient with adminisrtrator permitions ("Run as Administrator")

nicholas.glassock
nicholas.glassock

Please be aware that windows implements a cut down version of NTP called Simple Network Time Protocol (SNTP). Most networking kit (e.g. Cisco) require a full NTP server to syncronise time with and therefore you would need to install an NTP server application.

sknnyy2005
sknnyy2005

hello, I need help about the ntp server not been able to synchronise with the remote server but synchronises with the local host. Below is the code: #--# localclock section #--# server 127.127.1.1 fudge 127.127.1.1 stratum 12 #--# end of localclock section #--# #--# server/peer section #--# server 192.168.3.188 iburst fudge 192.168.3.188 stratum 9 #--# end of server/peer section #--# #--# miscellaneous section driftfile "C:\Program Files\NTP\etc\ntp.drift" server 192.168.3.188 burst iburst #slewalways yes #slewthreshold 0.128 #trap 192.168.3.188 l#ogconfig =clockall +syncall +sysall broadcastdelay 0.008 calldelay 4 #--# end of miscellaneous section #--# #--# broadcast client section #--# broadcastclient multicastclient #--# end of broadcast client section #--# #--# broadcast server section #--# broadcast 255.255.255.255 TTL 1 #--# end of broadcast server section #--# #--# access control section #--# restrict address 192.168.3.101 netmask 255.255.255.0 nomodify notrap restrict address 192.168.3.100 netmask 255.255.255.0 nomodify notrap #--# end of access control section #--# server 0.fi.pool.ntp.org iburst server 1.fi.pool.ntp.org iburst server 2.fi.pool.ntp.org iburst server 1.se.pool.ntp.org iburst server 0.de.pool.ntp.org iburst #--# statistic section #--# enable stats statistics loopstats peerstats clockstats #--# end of statistic section #--# Below also is the output: State Remote Refid Stratum Type When Poll Reach Delay Offset Jitter * LOCAL(1) LOCL 12 Local clock 39 64 377 0.000 0.000 0.004 192.168.3.188 RMOT 16 Unicast server 1014d 64 000 0.000 0.000 0.000 Thanks for the help

paulrw
paulrw

To help set-up and monitor use http://www.meinberg.de/english/sw/time-server-monitor.htm This is quite useful and allows you to set-up NTP from a Primary Server in your network which may also synchronise control room workstations. In a process plant comprising of separate buildings or areas a secondary localised Server can be synchronised to the primary server, you may also synchronise the local PLCs such as Telemechanics, Schneider, Modicom, ABB , Siemens directly to their own local GUI server. Particularly useful if there are needs to have accurate log records etc. and maintain time sync in a group of PLCs when there is any possibility of loss of network connectivity to the primary server, Domain Controller or workstation on a separate building or site. Upon IP Network reconnection to the primary then full network synchronisation is re-established Complimentary with the use of Software such as GE-Fanuc Proficy HMI etc

Dafix
Dafix

Intresting article. We are planing to put an ntp server on a xp or 2k machine acting as a server for a cashier system. It??s 50 to 60 POS-client conected to 15 local "servers" that administrate a system with 15 regional restaurants. And they all have to have the same time (and not public connected to internet.) Any suggestions? magnuss

reggaethecat
reggaethecat

http://www.meinberg.de/english/sw/ntp.htm You can install this on a PC or server, and it will update itself from a list of NTP servers on the internet. Make sure you have UDP port 123 allowed through your firewall so this machine can update. Once it's up and running just point your systems to the IP address of the machine where you have the NTP software installed.