JSI Tip 2669. How do I configure an authoritative time server in Windows 2000?

The Kerberos authentication protocol requires that all Windows 2000 computers in your enterprise use a common time. The Windows Time service, W32Time, insures appropriate common time usage.

Windows 2000 computers use the following default time partner hierarchy:

1. Clients and member servers use the authenticating domain controller, %LOGONSERVER%.

2. Domain controllers nominate the PDC FSMO.

3. The PDC FSMO at the root of the forest is authoritative for the enterprise.
    It should be configured to use the SNTP (Simple Network Time Protocol)
    to recognize an external time source using:

    net time /setsntp:<server list>

    To use the U.S. Naval Observatory:

    ntp2.usno.navy.mil at 192.5.41.209
    tock.usno.navy.mil at 192.5.41.41

    Example: net time /setsntp:192.5.41.41

NOTE: SNTP use port 123. See tip 2337.

NOTE: See tip 2273 - Windows 2000 registry entries for the W32Time service..

NOTE: If you can not use an external time source, use the PDC FSMO at the root of the forest.

NOTE: You may have to restart the PDC FSMO.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish