How to configure an authoritative time

server in Windows Server

This article describes how to configure the Windows Time service and troubleshoot
when the Windows Time service doesn't work correctly.

Original product version:   Windows Server 2012 Standard, Windows Server 2012
Essentials
Original KB number:   816042

To configure an internal time server to synchronize with an external time source, use
the following method:

To configure the PDC in the root of an Active Directory forest to synchronize with an
external time source, follow these steps:

1. Change the server type to NTP. To do this, follow these steps:

1. Select Start > Run, type regedit, and then select OK.
2. Locate and then select the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\
Parameters\Type
3. In the pane on the right, right-click Type, and then
select Modify.
4. In Edit Value, type NTP in the Value data box, and then
select OK.
2. Set AnnounceFlags to 5. To do this, follow these steps:
1. Locate and then select the following registry
subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
W32Time\Config\AnnounceFlags
2. In the pane on the right, right-click AnnounceFlags, and then
select Modify.
3. In Edit DWORD Value, type 5 in the Value data box, and then
select OK.

 Note
1. If an authoritative time server that is configured to use
an AnnounceFlag value of 0x5 does not synchronize with an
upstream time server, a client server may not correctly
synchronize with the authoritative time server when the time
synchronization between the authoritative time server and
the upstream time server resumes. Therefore, if you have a
poor network connection or other concerns that may cause
time synchronization failure of the authoritative server to an
 upstream server, set the AnnounceFlag value to 0xA instead
of to 0x5.
2. If an authoritative time server that is configured to use
an AnnounceFlag value of 0x5 and to synchronize with an
upstream time server at a fixed interval that is specified
in SpecialPollInterval, a client server may not correctly
synchronize with the authoritative time server after the
authoritative time server restarts. Therefore, if you configure
your authoritative time server to synchronize with an
upstream NTP server at a fixed interval that is specified
in SpecialPollInterval, set the AnnounceFlag value
to 0xA instead of 0x5.
2. Enable NTPServer. To do this, follow these steps:

1. Locate and then select the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\
TimeProviders\NtpServer
2. In the pane on the right, right-click Enabled, and then
select Modify.
3. In Edit DWORD Value, type 1 in the Value data box, and then
select OK.
4. Specify the time sources. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\W32Time\Parameters
2. In the pane on the right, right-click NtpServer, and
then select Modify.
3. In Edit Value, type Peers in the Value data box, and
then select OK.

 Note

Peers is a placeholder for a space-delimited list of

peers from which your computer obtains time
stamps. Each DNS name that is listed must be unique.
You must append ,0x1 to the end of each DNS name.
If you do not append ,0x1 to the end of each DNS
name, the changes that you make in step 5 will not
take effect.

2. Configure the time correction settings. To do this, follow these steps:

1. Locate and then click the following registry
subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
W32Time\Config\MaxPosPhaseCorrection
 2. In the pane on the right, right-click MaxPosPhaseCorrection,
and then select Modify.
3. In Edit DWORD Value, click to select Decimal in the Base box.
4. In Edit DWORD Value, type TimeInSeconds in the Value
data box, and then select OK.

 Note

TimeInSeconds is a placeholder for a reasonable value, such

as 1 hour (3600) or 30 minutes (1800). The value that you select
will depend on the poll interval, network condition, and
external time source.
The default value of MaxPosPhaseCorrection is 48 hours in
Windows Server 2008 R2 or later.

5. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\
Config\MaxNegPhaseCorrection
6. In the pane on the right, right-click MaxNegPhaseCorrection,
and then select Modify.
7. In Edit DWORD Value, click to select Decimal in the Base box.
8. In Edit DWORD Value, type TimeInSeconds in the Value
data box, and then select OK.

 Note

TimeInSeconds is a placeholder for a reasonable value, such

as 1 hour (3600) or 30 minutes (1800). The value that you select
will depend on the poll interval, network condition, and
external time source.
The default value of MaxNegPhaseCorrection is 48 hours in
Windows Server 2008 R2 or later.

3. Close Registry Editor.

4. At the command prompt, type the following command to restart the
Windows Time service, and then press Enter:

cmdCopy
net stop w32time && net start w32time

Troubleshooting
For the Windows Time service to function correctly, the networking infrastructure
must function correctly. The most common problems that affect the Windows Time
service include the following:

 There is a problem with TCP/IP connectivity, such as a dead gateway.

 The Name Resolution service is not working correctly.
 The network is experiencing high volume delays, especially when
synchronization occurs over high-latency wide area network (WAN) links.
 The Windows Time service is trying to synchronize with inaccurate time
sources.

We recommend that you use the Netdiag.exe utility to troubleshoot network-related

issues. Netdiag.exe is part of the Windows Server 2003 Support Tools package. See
Tools Help for a complete list of command-line parameters that you can use with
Netdiag.exe. If your problem is still not solved, you can turn on the Windows Time
service debug log. Because the debug log can contain very detailed information, we
recommend that you contact Microsoft Customer Support Services when you turn on
the Windows Time service debug log.

 Note

In special cases, charges that are ordinarily incurred for support calls may be
canceled if a Microsoft Support Professional determines that a specific update will
resolve your problem. The usual support costs will apply to additional support
questions and issues that do not qualify for the specific update in question.

More information
Windows Server includes W32Time, the Time Service tool that is required by the
Kerberos authentication protocol. The Windows Time service makes sure that all
computers in an organization that are running the Microsoft Windows 2000 Server
operating system or later versions use a common time.

To guarantee appropriate common time usage, the Windows Time service uses a
hierarchical relationship that controls authority, and the Windows Time service does
not allow for loops. By default, Windows-based computers use the following
hierarchy:

 All client desktop computers nominate the authenticating domain

controller as their in-bound time partner.
 All member servers follow the same process that client desktop
computers follow.
 All domain controllers in a domain nominate the primary domain
controller (PDC) operations master as their in-bound time partner.
  All PDC operations masters follow the hierarchy of domains in the
selection of their in-bound time partner.

In this hierarchy, the PDC operations master at the root of the forest becomes
authoritative for the organization. We highly recommend that you configure the
authoritative time server to obtain the time from a hardware source. When you
configure the authoritative time server to sync with an Internet time source, there is
no authentication. We also recommend that you reduce your time correction settings
for your servers and stand-alone clients. These recommendations provide more
accuracy and security to your domain.

How to Configure NTP Server in

Windows 2012 r2 Step by Step
NTP or Network Time Protocol is a networking protocol that is used
for synchronizing clocks across networks and computers around the world.
An NTP server is very important for a system to provide you with the
correct time.
As a result, it is also very important to configure NTP correctly on your
system. But, it is a bit complicated process. Due to that, we have created
this post where we will be covering how to configure NTP server in
Windows 2012 R2 in a step by step manner. Added to that, we will also
provide screenshots of the entire procedure.
So, let’s dive right in…
How to Configure NTP servers in
Windows 2012 R2
There are a couple of methods you can follow. We will be sharing one by
one in the following sections.

Method 1:
 First, right-click on the ‘Start’ button and click on
the ‘Run’ option from there
 Next, type in ‘gpedit.msc’ on the box and click on ‘OK’ or
press the ‘Enter’ key

 In doing so, the ‘Local Group Policy Editor’ window will

open up
 From the left pane of the new window, you will have to navigate
to ‘Administrative template>System>Windows Time
Service>Time Providers’
 Now, you will have to open the ‘Enable Windows NTP
Server’ option from the right pane
 Next, checkmark the ‘Enabled’ option on the upper left corner
from the new popup window
 Close the window by clicking on the ‘OK’ or ‘Apply’ button
 Now, select the ‘Windows Time Service’ option from the left
pane once again

 And, open the ‘Global Configuration Settings’ option from

the right pane
 Again, checkmark the ‘Enabled’ option on the upper left corner
from the new popup window
 Also, you have to change the ‘AnnounceFlag’ to ‘5’

 And click on the ‘OK’ button from the bottom right corner

  Finally, close the ‘Local Group Policy Editor’ window
At this moment, you will have to open the ‘Server Manager’ on your
machine. And, follow accordingly…
 After opening the ‘Server Manager’, click on ‘Tools’ and then
select ‘Services’
 Now, scroll down and right-click on the ‘Windows
Time’ option
 Then click on ‘Start’ or ‘Restart’ from the submenu
Method 2:
In this method, you will have to obtain a list of trusted and working NTP
servers. You can find them here. Now, follow these steps…
 Launch command prompt in your system
 Now, you will stop the time service with this command:
type net stop w32time and press Enter
 Also, you can use this command as well: Stop-Service
w32time
 In doing so, you will see the confirmation message like
this: Windows Time Service was stopped successfully
 Now a enter this new command for configuring the NTP
servers: w32tm /config /syncfromflags:manual
/manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org
2.pool.ntp.org 3.pool.ntp.org”
  Here, we have used the timeservers that we have obtained
from here
 For older versions of Windows, you can use the command
instead: net time /setsntp:”0.pool.ntp.org 1.pool.ntp.org
2.pool.ntp.org”
 Next, enter this command to specify the system that these
timeservers are reliable: w32tm /config /reliable:yes
 Now, start the time service by entering this command on
CMD: net start w32time or Start-Service w32time

Now, you have configured the NTP timeservers on your system. But we
have a few steps to make sure this procedure works. Let’s begin…
 To check if the timeservers are working, use this
command: w32tm /query /configuration
 You can also check using this command: w32tm /query
/status
 If it shows any error, use this command to re-sync the
timeservers: w32tm /resync
 Still, if you see this error: ‘The computer did not resync
because no time data was available’. You should redo the
whole process
This is how you can configure NTP servers in Windows 2012 R2. If you
have followed the instructions above, it should work as usual. Still, there
are a few things you should keep on mind. Let’s learn about those in the
following section.