Windows NTP Server A Stratum is 2, Windows NTP Server B Stratum is 15

ntp

We have a network that is mostly separated from our corporate network. The corporate network uses ntp1.corpaddress.tdl.

We have a second server, isolated.corpaddress.tdl. It is getting its NTP time from ntp1. We want it to act as the NTP server for our clients. So it would look like:

Corpoate NTP Server -> Isolated NTP Server -> Isolated Clients

Our corporate NTP server is a stratum of 2. Our isolated NTP server is a stratum of 15 and I can't figure out why. all of the clients drop the packet because they say they fail "test 7" due to a stratum greater than 15.

The isolated server is Windows server 2008. The clients are Windows 7 machines.

Do we have our isolated windows 2008 server configured incorrectly? What should we check to make sure it has a stratum of 3?


Solution 1:

On your "isolated" server, isolated.corpaddress.tdl, use w32tm /query /peers to verify that it is using the NTP source that you want it to use:

PS C:\Users\Administrator> w32tm /query /peers
#Peers: 2

Peer: 0.us.pool.ntp.org
State: Active
Time Remaining: 1023.4062481s
Mode: 3 (Client)
Stratum: 2 (secondary reference - syncd by (S)NTP)
PeerPoll Interval: 17 (out of valid range)
HostPoll Interval: 10 (1024s)

Peer: 1.us.pool.ntp.org
State: Active
Time Remaining: 1023.4062481s
Mode: 3 (Client)
Stratum: 3 (secondary reference - syncd by (S)NTP)
PeerPoll Interval: 17 (out of valid range)
HostPoll Interval: 10 (1024s)

If it is not, use the following command to tell it to use your corporate NTP server:

w32tm /config /manualpeerlist:"ntp1.corpaddress.tdl" /reliable:yes /syncfromflags:manual /update

Then check the event logs over the next couple of minutes to verify that you see an event like "Windows Time service is now receiving valid time data from ntp1.corpaddress.tdl"...

Or you can use

w32tm /stripchart /computer:ntp1.corpaddress.tdl

To verify that you can actually communicate with the NTP server and receive time data from it.

And finally, if your corp NTP server is non-Windows server, then it might help if you add the SpecialInterval flag to the end of the server's FQDN, like so:

/manualpeerlist:ntp1.corpaddress.tdl,0x1

And/or the "client-mode" flag of 0x8. If you wanted to combine both the special poll interval flag and the client-mode flag, you add them together, so it'd be 0x9.

And if you mess up all your settings and just want to revert to factory defaults, do

net stop w32time
w32tm /unregister
w32tm /register
net start w32time

Oh and on the off chance that isolated.corpaddress.tdl is a virtual machine, then either disable the time synchronization VM guest service, or fix the time on the virtualization host.

Related

Automatic power on after graceful shutdown on UPS
AWS Elastic Beanstalk File Upload Limit Issue
Does Active Directory's Kerberos implementation support per-user ticket lifetime settings?
Apache mod_proxy: Multiple virtual hosts disable each other
Securing the primary Ansible user
PHP FPM keeps hanging
GroupOfNames without members
Publicly routable IPv6 linux container
Child Domain Logons to Cross Forest Trust Domains
HBASE Space Used Started Climbing Rapidly
configuring command prompt in Asterisk CLI
How to the set the hostname in an AWS ec2 instance to a unique value in an autoscale group?