dc'de 5156 olay kaydı içinde 123 portundan gelen istekleri sorgula
http://theessentialexchange.com/blogs/michael/archive/2010/01/29/a-brief-history-of-time-ok-ok-let-s-go-with-quot-an-introduction-to-the-windows-time-service-quot.aspx
Etki alanında saat, grup policy objeleri ve şifre güncellemelerini yapan servis PDC emülatörüdür. Her istemci etki alanında oturum açarken PDC'den saat senkronunu kontrol eder ve "Maximum tolerance for computer clock synchronization" 'da
belirtilen süreden fazla bir fark yok ise oturum başarılı bir şekilde açılır. Tek DC kullanılan etki alanlarında PDC emülatörü DC'nin kendisidir. Ortamda birden fazla DC var ise PDC emülatörünü görmek için komut satırında "dsquery server -hasfsmo pdc" komutunu çalıştırabilirsiniz.
Ayrıca PDC emülatörünü "Active Directory Users and Computers" ekranında iken etki alanı adı üzerinde fare ile sağ tıklanıp "Operations Masters..." seçeneği seçilerek te görülebilir.
NET TIME /SETSNTP:time.windows.com
NET STOP W32TIME
NET START W32TIME
W32TM /config /reliable:YES
W32TM /resync /rediscover
Fark var ise zaman saat güncellemeleri için
Name IP Address Location
time-a.nist.gov 129.6.15.28 NIST, Gaithersburg, Maryland
time-b.nist.gov 129.6.15.29 NIST, Gaithersburg, Maryland
time-a.timefreq.bldrdoc.gov 132.163.4.101 NIST, Boulder, Colorado
time-b.timefreq.bldrdoc.gov 132.163.4.102 NIST, Boulder, Colorado
time-c.timefreq.bldrdoc.gov 132.163.4.103 NIST, Boulder, Colorado
utcnist.colorado.edu 128.138.140.44 University of Colorado, Boulder
time.nist.gov 192.43.244.18 NCAR, Boulder, Colorado
time-nw.nist.gov 131.107.1.10 Microsoft, Redmond, Washington
nist1.datum.com 209.0.72.7 Datum, San Jose, California
nist1.dc.certifiedtime.com 216.200.93.8 Abovnet, Virginia
nist1.nyc.certifiedtime.com 208.184.49.9 Abovnet, New York City
nist1.sjc.certifiedtime.com 208.185.146.41 Abovnet, San Jose, California
NET TIME /SETSNTP:time.windows.com
NET STOP W32TIME
NET START W32TIME
W32TM /config /reliable:YES
W32TM /resync /rediscover
w32tm /config /manualpeerlist:"ntp1.sp.se ntp2.sp.se",0x8 /syncfromflags:MANUAL
FORCE A RESYNC
If you want to force the client to resync, run:
C:Windowssystem32>w32tm /resync
Sending resync command to local computer
The command completed successfully.
If you get the following error, the computer can't reach the NTP-server(s).
The computer did not resync because no time data was available.
0x8 say what?
You might have noticed the 0x8 flag above. What does it mean? KB875424 mention:
0x01 - use special poll interval SpecialInterval
0x02 - UseAsFallbackOnly
0x04 - send request as SymmetricActive mode
0x08 - send request as Client mode
NOT:
Name IP Address Location
time-a.nist.gov 129.6.15.28 NIST, Gaithersburg, Maryland
time-b.nist.gov 129.6.15.29 NIST, Gaithersburg, Maryland
time-a.timefreq.bldrdoc.gov 132.163.4.101 NIST, Boulder, Colorado
time-b.timefreq.bldrdoc.gov 132.163.4.102 NIST, Boulder, Colorado
time-c.timefreq.bldrdoc.gov 132.163.4.103 NIST, Boulder, Colorado
utcnist.colorado.edu 128.138.140.44 University of Colorado, Boulder
time.nist.gov 192.43.244.18 NCAR, Boulder, Colorado
time-nw.nist.gov 131.107.1.10 Microsoft, Redmond, Washington
nist1.datum.com 209.0.72.7 Datum, San Jose, California
nist1.dc.certifiedtime.com 216.200.93.8 Abovnet, Virginia
nist1.nyc.certifiedtime.com 208.184.49.9 Abovnet, New York City
nist1.sjc.certifiedtime.com 208.185.146.41 Abovnet, San Jose, California
NET TIME /SETSNTP:time.windows.com
NET STOP W32TIME
NET START W32TIME
W32TM /config /reliable:YES
W32TM /resync /rediscover
w32tm /config /manualpeerlist:"ntp1.sp.se ntp2.sp.se",0x8 /syncfromflags:MANUAL
FORCE A RESYNC
If you want to force the client to resync, run:
C:Windowssystem32>w32tm /resync
Sending resync command to local computer
The command completed successfully.
If you get the following error, the computer can't reach the NTP-server(s).
The computer did not resync because no time data was available.
0x8 say what?
You might have noticed the 0x8 flag above. What does it mean? KB875424 mention:
0x01 - use special poll interval SpecialInterval
0x02 - UseAsFallbackOnly
0x04 - send request as SymmetricActive mode
0x08 - send request as Client mode
NOT: Bilgisayarınız bir etki alanı üyesiyse "Internet Saati" kullanılamaz. Gerekli güncellemeler etki alanında bulunan PDC emülatörü üzerinden yapılır.
Referans: http://bchavez.bitarmory.com/archive/2009/12/21/how-to-setup-a-windows-2008-r2-sntp-ntp-server.aspx
VMWare : http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1189
Mastering the Windows Time Service
September 26, 2006, 6:47 PM PDT
Directory, you should know that the Win2K Time Service is key to
ensuring that the Kerberos security protocol and other Windows 2000
services work correctly. All machines in a Windows 2000 forest need to
have the correct time. This article will explain the details and show
you how to configure and troubleshoot the Time Service.How does time synchronization work?The
Windows 2000 Time Service (w32time.dll) is installed by default on all
Windows 2000 computers. The Time Service starts automatically on
computers that are part of a domain and can be started manually on
other machines.When a computer joined to a domain is booted,
the Time Service is enabled. As the Net Logon service looks for a
domain controller (DC) and is authenticated, the computer sends a
request to get the time and waits until the DC responds. Once it
receives the time from the DC, the Time Service will perform the
following:
- If the local clock is behind the current DC time, the Time Service changes the local time immediately.
- If the local clock is faster than three minutes, the Time Service changes the local time immediately.
- If the local clock is less than three minutes fast, the Time Service slows the clock down to bring it into synchronization.
The
Time Service then attempts synchronization every 45 minutes until all
clocks are synchronized three times. Once properly synchronized, the
Time Service will resynchronize time every eight hours. If you have
Active Directory (AD) configured, all other machines in your forest
will synchronize to your time server, as shown in Figure A.
Before configuring the Time Service, you need
to become familiar with some of the command-line tools you’ll use to
work with it. We’ll start with the Net Time command.Configuring Net TimeIn order to properly configure Net Time, you need to know the syntax. If you open a command prompt and type net time /?, you’ll see the syntax shown in Figure B.
Table A breaks down the list of
options available for the Net Time command. You’ll use this command to
have one of your domain controllers synchronize to an external
authority and then provide time information to the rest of the domain.
Table A
Net Time options |
Description |
Net Time |
Displays the time of your time server |
Net Time \\computername |
Displays the computer name time |
Net Time /DOMAIN:domainname |
Displays the time on a DC domain name |
Net Time /domain/set |
Sets computer time to match time on Domain Controller |
Net Time /RTSDOMAIN:domainname |
Displays the time on a time server in the domain name |
Net Time /querysntp |
Displays the SNTP source for the time server |
Net Time /setsntp:ntpserver |
Sets the SNTP source for the time server |
Net Time /setsntp |
Clears the SNTP source for the time server |
|
Net Time options
To display the time of a Windows 2000 machine, follow these steps:
- From the Start menu, select Programs | Accessories | Command Prompt.
- Type a command such as net time \\kiev, as we’ve done in Figure C.
To set the external Simple Network Time Protocol (SNTP) time server:
- From the Start menu, select Programs | Accessories | Command Prompt.
- Type a command such as net time /setsntp:ntp2.usno.navy.mil, as shown in Figure D.
Here are the steps for querying the SNTP name:
- From the Start menu, select Programs | Accessories | Command Prompt.
- Type a command such as net time /querysntp, as shown in Figure E.
Troubleshooting the Windows 2000 Time Service
The
w32tm tool is used to troubleshoot any problems that might occur during
or after the configuration of the Time Service. When troubleshooting,
make sure to stop the Time Service before using this tool. Not doing so
will cause a port error in the Event Viewer.
Furthermore, in
order for the Time Service to work properly, you will need to have port
123 opened on your firewall. Otherwise, you can’t synchronize to an
external time source. To access the syntax of the troubleshooting tool,
type w32tm /? from a command prompt.
Table B shows a detailed list of command options available for the W32tm command.
Table B
W32TM parameter
|
Description
|
-tz |
Print the local time zone information and exit |
-s computer |
Force the given computer (or local computer if none is given) to resynchronize, then exit |
-adj |
Set the computer’s system clock frequency to the last frequency determined during synchronization, then exit |
-adjoff |
Set the computer’s system clock frequency to the system default, then exit |
-source |
Choose a
synchronization source, then exit. Note that a source is chosen before
each synchronization, so this is useful only in showing that a source
could be found. Remember to use -v to see the output. |
-once |
Do only one
synchronization, then exit. Otherwise, run continuously as a client,
synchronizing the local clock until ctrl-c is pressed. |
The following options can be used in conjunction with the above:
|
-test |
Prevent the time on the local system from actually being modified |
-v |
Print out a verbose
description of what the program is doing. This is usually needed since
otherwise the program produces no output. The exceptions are -s and -tz. |
-p |
-P set the server port |
-period |
set the sync period just as in the registry. That is:
0=once a day
65535=once every 2 days
65534=once every 3 days
65533=once every week (7 days)
65532=once every 45 min (3/day)
65531=once every 45 min until we get one good sync, then once every day |
|
W32tm command options
