You are here
How to Configure Windows 2008 as NTP Server for Cisco Device
Submitted by admin on Thu, 09/18/2014 - 22:27
We have been asked by one of our members on how we configured our Windows 2008 server to serve as a NTP server. The followings are the steps we took in our lab. Please note that the server is Windows 2008 domain controller with an IP of 172.16.32.40.
On a Catalyst 3750 switch prior to configuration, note the NTP status is not synced
|
SW1#sh ntp ass
address ref clock st when poll reach delay offset disp
~172.16.32.40 0.0.0.0 16 - 64 0 0.0 0.00 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
|
Steps:
1. Disable Windows firewall or allow inbound UDP/123
2. Enable NTP server in the registry
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]"
"Enabled"=dword:00000001
3. Open cmd window and review command w32tm
|
C:\Users\Administrator>w32tm
!<output omitted>
!
w32tm /config [/computer:<target>] [/update]
[/manualpeerlist:<peers>] [/syncfromflags:<source>]
[/LocalClockDispersion:<seconds>]
[/reliable:(YES|NO)]
[/largephaseoffset:<milliseconds>]
computer:<target> - adjusts the configuration of <target>. If not
specified, the default is the local computer.
update - notifies the time service that the configuration has
changed, causing the changes to take effect.
manualpeerlist:<peers> - sets the manual peer list to <peers>,
which is a space-delimited list of DNS and/or IP addresses.
When specifying multiple peers, this switch must be enclosed in
quotes.
syncfromflags:<source> - sets what sources the NTP client should
sync from. <source> should be a comma separated list of
these keywords (not case sensitive):
MANUAL - sync from peers in the manual peer list
DOMHIER - sync from an AD DC in the domain hierarchy
NO - sync from none
ALL - sync from both manual and domain peers
LocalClockDispersion:<seconds> - configures the accuracy of the
internal clock that w32time will assume when it can't acquire
time from its configured sources.
reliable:(YES|NO) - set whether this machine is a reliable time source.
This setting is only meaningful on domain controllers.
YES - this machine is a reliable time service
NO - this machine is not a reliable time service
largephaseoffset:<milliseconds> - sets the time difference between
local and network time which w32time will consider a spike.
|
4. Stop w32time service
|
C:\Users\Administrator>net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.
|
5. Configure NTP settings. Here we obtain our time from 0.us.pool.ntp.org
|
C:\Users\Administrator>w32tm /config /syncfromflags:manual /manualpeerlist:0.us.pool.ntp.org /reliable:yes
The command completed successfully.
|
6. Start w32time service
|
C:\Users\Administrator>net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.
|
7. Give it a few minutes and check sync status to the configured NTP server
|
C:\Users\Administrator>w32tm /query /peers
#Peers: 1
Peer: 0.us.pool.ntp.org <-- Configured NTP server
State: Active <-- Make sure this is active
Time Remaining: 19.0596202s
Mode: 1 (Symmetric Active)
Stratum: 2 (secondary reference - syncd by (S)NTP)
PeerPoll Interval: 7 (128s)
HostPoll Interval: 7 (128s)
|
8. Check NTP status
|
C:\Users\Administrator>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 3 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0937762s
Root Dispersion: 0.0596883s
ReferenceId: 0x4C490004 (source IP: 76.73.0.4)
Last Successful Sync Time: 9/18/2014 10:00:01 PM
Source: 0.us.pool.ntp.org
Poll Interval: 8 (256s)
|
9. Check back on the switch, the NTP status should now be in sync. We also tested on ASA FW which also worked.
|
SW1#sh ntp ass
address ref clock st when poll reach delay offset disp
*~172.16.32.40 76.73.0.4 3 24 64 377 2.0 0.97 6.8
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
FW1#sh ntp ass
address ref clock st when poll reach delay offset disp
*~172.16.32.40 76.73.0.4 3 15 64 77 1.2 14.84 392.5
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
|
Notes:
If you find the NTP does not sync immediately after you have configured the Windows server, try;
1. Remove and re-add the NTP server on the device
2. Give it more time to sync. We found that the first time may take longer than 10 minutes.
3. If available, change the NTP version to 1 or 2 in the command
SW1(config)#ntp server 172.16.32.40 version ?
<1-3> NTP version number
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
1 comments
After following this article ...