Which service do you use for SNTP ?

  • Thread starter Thread starter Marlon Brown
  • Start date Start date
M

Marlon Brown

Do you have your own internal SNTP server ? If so, which server (hardware
and OS) do you reocmmend or use ? Is that setup for redundancy ?
 
In
Marlon Brown said:
Do you have your own internal SNTP server ? If so, which
server (hardware and OS) do you reocmmend or use ? Is
that setup for redundancy ?
Click to expand...

SNTP is native to Windows 2000, 2003 and NT4 and later Server operating
systems. It is called the Windows Time service (W32time) it uses UDP port
123.
 
With a Windows domain, you configure the PDCe of the forest root to
synchronise with an external time source. All other DCs and domain members
will then synchronise in an hierarchical manner.

The actual accuracy of the time source is unimportant. What's important is
that all machines are synchronised. A more than five minute skew and
Kerberos won't work.

Using Google, search for the terms: Windows Time" | w32time
site:microsoft.com

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/
 
When you say "external time source" do you mean a servince out on the
internet, or box running WIndows 2003 in your organization ?
 
I meant a public NTP server on the internet. However, if you have an atomic
clock that you can connect a box to then that is fine.

Or, if you don't want any of this, then that's fine. Like I said, what
matters is that the machines are all synchronised; if your time were out (on
the root PDCe) it wouldn't matter if all machines synchronised with this
inaccurate time.

Most people will use an external NTP server. Here's a KB listing a load by
country:
-- http://support.microsoft.com/?id=262680


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/
 
Marlon Brown said:
When you say "external time source" do you mean a servince out on the
internet, or box running WIndows 2003 in your organization ?
Click to expand...

Pt might have implied "on the Internet", but he merely
meant EXTERNAL to the operating system and it could
be ANY trusted time source:

1) the Internet

2) Hardware clock device (radio, factory clock, etc.)

3) Even manually maintained by you (although
this is not my favorite)

4) Another machine (which is setup to get the time
from these or another source)

The advantage of the Internet is that it is so easy but
it requires SOME machine to visit the Internet which
may violate your software policy for DCs and so you
might even choose to use some hardware device or
havfe an intermediate machine (#4) do the actual time
sync, which is then sync'ed by the (root) PDC emulator.

There is also nothing wrong with having separate sites
sync individually (e.g., from the Internet or hardware)
IF that makes more sense in your AND IF you can
guarantee they will get the same time.

It is just that if you do it this way it takes a bit more
effort and more things can go wrong -- since the DCs
should all sync automatically based on the (root)
PDC emulator unless you (or your firewalls) interfer.

Key: Get the right time (if possible) but make sure
they are ALL alike -- DCs and client machines.

It's easy to get right since Microsoft was aware of the
many problems that Novell admins had with this
issue -- they built it in so that NORMALLY it "just
works."
 
You guys are rocking. I like the justification of not using the DC because
that would require certain exposure to the Internet. I will explore an
appliance with Win2003 and that should do it.
 
Marlon Brown said:
You guys are rocking. I like the justification of not using the DC because
that would require certain exposure to the Internet. I will explore an
appliance with Win2003 and that should do it.
Click to expand...

Yes, I use either the "appliance" type NAT/firewalls
(empty) DNS as a caching only DNS or I use a real
router (RRAS etc) with the capability to run a DNS
server.

These are CACHING only in that they don't have
any zones configured.
 
Back
Top