Windows

How do I use the Windows Time Service?

This article will explain the details and show you how to configure and troubleshoot the Time Service.

If you manage Windows 2000 and Active Directory, you should know that the Win2K Time Service is key to ensuring that the Kerberos security protocol and other Windows 2000 services work correctly. All machines in a Windows 2000 forest need to have the correct time. This article will explain the details and show you how to configure and troubleshoot the Time Service. How does time synchronization work? The Windows 2000 Time Service (w32time.dll) is installed by default on all Windows 2000 computers. The Time Service starts automatically on computers that are part of a domain and can be started manually on other machines.When a computer joined to a domain is booted, the Time Service is enabled. As the Net Logon service looks for a domain controller (DC) and is authenticated, the computer sends a request to get the time and waits until the DC responds. Once it receives the time from the DC, the Time Service will perform the following:

  • If the local clock is behind the current DC time, the Time Service changes the local time immediately.
  • If the local clock is faster than three minutes, the Time Service changes the local time immediately.
  • If the local clock is less than three minutes fast, the Time Service slows the clock down to bring it into synchronization.
The Time Service then attempts synchronization every 45 minutes until all clocks are synchronized three times. Once properly synchronized, the Time Service will resynchronize time every eight hours. If you have Active Directory (AD) configured, all other machines in your forest will synchronize to your time server, as shown in Figure A.

Before configuring the Time Service, you need to become familiar with some of the command-line tools you’'ll use to

work with it. We’'ll start with the Net Time command. In order to properly configure Net Time, you need to know the syntax. If you open a command prompt and type net time /?, you’ll see the syntax shown in Figure B. Table A breaks down the list of options available for the Net Time command. You'’ll use this command to have one of your domain controllers synchronize to an external authority and then provide time information to the rest of the domain.

Table A

Net Time options Description

Net Time options

To display the time of a Windows 2000 machine, follow these steps:

  1. From the Start menu, select Programs | Accessories | Command Prompt.
  2. Type a command such as net time \\kiev, as we’'ve done in Figure C.

To set the external Simple Network Time Protocol (SNTP) time server:

  1. From the Start menu, select Programs | Accessories | Command Prompt.
  2. Type a command such as net time /setsntp:ntp2.usno.navy.mil, as shown in Figure D.

Here are the steps for querying the SNTP name:

  1. From the Start menu, select Programs | Accessories | Command Prompt.
  2. Type a command such as net time /querysntp, as shown in Figure E.

Troubleshooting the Windows 2000 Time Service

The w32tm tool is used to troubleshoot any problems that might occur during or after the configuration of the Time Service. When troubleshooting, make sure to stop the Time Service before using this tool. Not doing so will cause a port error in the Event Viewer.

Furthermore, in order for the Time Service to work properly, you will need to have port 123 opened on your firewall. Otherwise, you can’t synchronize to an external time source. To access the syntax of the troubleshooting tool, type w32tm /? from a command prompt.

Table B shows a detailed list of command options available for the W32tm command.

Table B

W32TM parameter

Description

W32tm command options

To test the synchronization of a computer:

From the Start menu, select Programs | Accessories | Command Prompt.

  1. Type net stop w32time.
  2. Type w32tm –once –test –v (Figure F).

You will have to stop and start the service every time you make a change to the Time Service. You must have Administrator rights to stop and start services.

To stop the W32 Time Service:

  1. From the Start menu, select Programs | Accessories | Command Prompt.
  2. Type net stop w32time.

To start the W32 Time Service:

  1. From the Start menu, select Programs | Accessories | Command Prompt.
  2. Type net start w32time.

To stop and start the service using the Windows 2000 graphical user interface (GUI):

  1. From the Start menu, select Programs | Administrative Tools | Computer Management.
  2. Select Services And Applications.
  3. Select Services and highlight Windows Time.
  4. Right-click to stop or start the service.

I have provided you with a brief look at the Windows Time Service. For more information, you can also reference the following resources:

7 comments
jordan1
jordan1

I know this is off the subject but I noticed you were discussing synchronization and this is something I am fighting with right now. I sent my laptop off to Gateway to fix when I got it back the clock was out of synch. I fixed the clock settings and synchronized with one of the server options in the list and I am still having problems. None of my Windows updates are loading and my virus updates aren't updating as well. My wireless DSL connection also keeps dropping although the signal shows strong strength. Since you are very experienced with sychronization may I please ask for your feedback? Thank you, Sorry I failed to mention I have Vista also the laptop is at home so if I may please have instructions to take home? Thanks again,

Chug
Chug

We have a test lab where we need to test time sensitive software so we have to set the dates ahead on the PC's up to a couple of months. When we do this we lose access to all network shares and network printers, and if the screen saver kicks in we can't unlock it. This requirement of having time in sync with AD only came about about 2 or 3 years ago and since then has been a thorn in our side for this test lab. We've gotten by because we were still mostly NetWare and NetWare didn't have any such issues. But we are in the process of eliminating all NetWare and converting entirely to Windows servers. Now we're completely stuck in this lab.

steven.taylor
steven.taylor

When I first came on board at a new company, I assumed the servers were all in sync. Not so, and it was important, not only for the Kerebos requirement, but also for the servers that ran our phone system, time clocks, etc. I spent serveral days attempting to get not only our PDC to sync with an outside NTP server, but to get our other servers to sync with the PDC. I finally discovered that if you are using Group Policies, and the Windows Time Service is disabled in GP, then no matter what you do at the machine level won't work. Once enabling group policy, make sure you put it appropriatly on the tree, or you will have all machines on the domain synching externally, which is not necessary. This small detail is not documented well, but important.

svasani
svasani

We have a Vista machine and the Net time set in our login script wasn't working on this Vista machine. We tried disabling the UAC and it worked. Is your UAC enabled? I don't know if its the best solution but even I would be interested in knowing if there's a way to make net time set work on Vista without disabling UAC.

jordan1
jordan1

Hello, thank you for your reply. I am not positive because I am at work and my laptop is at home but I have a feeling the UAC is enabled. Based on your feedback I did a search and found this resolution but I am not techy enough to figure out how to use this with time sychronization or if it will work at all in this situation. Would you mind reading the article and let me know what you think? Thanks, http://dailyapps.net/2008/01/hack-attack-disable-uac-for-certain-applications-in-vista/#comment-22944

Chug
Chug

Will that work? Can you have a DC in the tree that is off sync with the rest of the tree? Also, while it's a test lab, we have to access file shares and printers that are part of the production network. It's also not a consistent time frame that we have to set the dates ahead for. We'd have to be constantly changing the date on the DC. Even if having a separate DC would work, it probably won't happen. We are a large company and our AD infrastructure is managed by our "Corporate" folks and would never let us set up our own DC.

Editor's Picks