Windows NTP Server A Stratum is 2, Windows NTP Server B Stratum is 15
We have a network that is mostly separated from our corporate network. The corporate network uses ntp1.corpaddress.tdl.
We have a second server, isolated.corpaddress.tdl. It is getting its NTP time from ntp1. We want it to act as the NTP server for our clients. So it would look like:
Corpoate NTP Server -> Isolated NTP Server -> Isolated Clients
Our corporate NTP server is a stratum of 2. Our isolated NTP server is a stratum of 15 and I can't figure out why. all of the clients drop the packet because they say they fail "test 7" due to a stratum greater than 15.
The isolated server is Windows server 2008. The clients are Windows 7 machines.
Do we have our isolated windows 2008 server configured incorrectly? What should we check to make sure it has a stratum of 3?
Solution 1:
On your "isolated" server, isolated.corpaddress.tdl, use w32tm /query /peers
to verify that it is using the NTP source that you want it to use:
PS C:\Users\Administrator> w32tm /query /peers
#Peers: 2
Peer: 0.us.pool.ntp.org
State: Active
Time Remaining: 1023.4062481s
Mode: 3 (Client)
Stratum: 2 (secondary reference - syncd by (S)NTP)
PeerPoll Interval: 17 (out of valid range)
HostPoll Interval: 10 (1024s)
Peer: 1.us.pool.ntp.org
State: Active
Time Remaining: 1023.4062481s
Mode: 3 (Client)
Stratum: 3 (secondary reference - syncd by (S)NTP)
PeerPoll Interval: 17 (out of valid range)
HostPoll Interval: 10 (1024s)
If it is not, use the following command to tell it to use your corporate NTP server:
w32tm /config /manualpeerlist:"ntp1.corpaddress.tdl" /reliable:yes /syncfromflags:manual /update
Then check the event logs over the next couple of minutes to verify that you see an event like "Windows Time service is now receiving valid time data from ntp1.corpaddress.tdl"...
Or you can use
w32tm /stripchart /computer:ntp1.corpaddress.tdl
To verify that you can actually communicate with the NTP server and receive time data from it.
And finally, if your corp NTP server is non-Windows server, then it might help if you add the SpecialInterval flag to the end of the server's FQDN, like so:
/manualpeerlist:ntp1.corpaddress.tdl,0x1
And/or the "client-mode" flag of 0x8. If you wanted to combine both the special poll interval flag and the client-mode flag, you add them together, so it'd be 0x9.
And if you mess up all your settings and just want to revert to factory defaults, do
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
Oh and on the off chance that isolated.corpaddress.tdl is a virtual machine, then either disable the time synchronization VM guest service, or fix the time on the virtualization host.