- Настройка авторитетного сервера времени в Windows Server
- Устранение неполадок
- Дополнительные сведения
- Ссылки
- Windows Time service tools and settings
- Windows Time service tools
- W32tm.exe: Windows Time
- Using Group Policy to configure the Windows Time service
- Enabling W32Time logging
- Configuring how Windows Time service resets the computer clock
- Reference: Windows Time service registry entries
- «HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config» subkey entries
- «HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters» subkey entries
- «HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient» subkey entries
- «HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer» subkey entries
- Reference: Pre-set values for the Windows Time service GPO settings
- Pre-set values for «Global Group Policy» settings
- Pre-set values for «Configure Windows NTP Client» settings
- Reference: Network ports that the Windows Time service uses
- Related information
Настройка авторитетного сервера времени в Windows Server
В этой статье описывается настройка службы времени Windows и устранение неполадок при неправильной работе службы времени Windows.
Оригинальная версия продукта: Основные версии Windows Server 2012 Standard, Windows Server 2012
Исходный номер КБ: 816042
Чтобы настроить внутренний сервер времени для синхронизации с внешним источником времени, используйте следующий метод:
Чтобы настроить PDC в корне леса Active Directory для синхронизации с внешним источником времени, выполните следующие действия:
Измените тип сервера на NTP. Для этого выполните следующие действия:
Выберите > запуск, введите regedit, а затем выберите ОК.
Найдите и выделите следующий подраздел реестра:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
В области справа щелкните правой кнопкой мыши введите, а затем выберите Изменение.
В изменить значение введите NTP в поле данных Value, а затем выберите ОК.
Установите AnnounceFlags 5. Для этого выполните следующие действия:
Найдите и выберите следующий подкай реестра: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
В области справа щелкните правой кнопкой мыши AnnounceFlags и выберите Изменение.
В редактировании значения DWORD введите 5 в поле данных Значение, а затем выберите ОК.
- Если авторитетный сервер времени, настроенный для использования значения 0x5, не синхронизируется с сервером времени вверх по течению, клиентский сервер может неправильно синхронизироваться с авторитетным сервером времени при возобновлении синхронизации времени между авторитетным сервером времени и сервером времени вверх по AnnounceFlag течению. Поэтому, если у вас плохое сетевое подключение или другие проблемы, которые могут привести к сбою синхронизации времени авторитетного сервера на сервере выше по течению, установите значение 0xA, а не 0x5 AnnounceFlag .
- Если авторитетный сервер времени, настроенный для использования значения 0x5 и синхронизации с сервером времени вверх по течению с заданным фиксированным интервалом, клиентский сервер может неправильно синхронизироваться с авторитетным сервером времени после перезапуска авторитетного сервера AnnounceFlag SpecialPollInterval времени. Поэтому, если настроить авторитетный сервер времени для синхронизации с сервером NTP вверх по течению с фиксированным интервалом, указанным в, установите значение 0xA, а не SpecialPollInterval AnnounceFlag 0x5.
Включить NTPServer. Для этого выполните следующие действия:
Найдите и выделите следующий подраздел реестра:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
В области справа щелкните правой кнопкой мыши Включено, а затем выберите Изменение.
В изменить значение DWORD введите 1 в поле данных Значение, а затем выберите ОК.
Укажите источники времени. Для этого выполните следующие действия:
Найдите и откройте следующий подраздел реестра:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
В области справа щелкните правой кнопкой мыши NtpServer и выберите Изменение.
В редактировании значения введите одноранговые значения в поле данных Value, а затем выберите ОК.
Peers — это местоодатель для списка одноранговых аналогов, из которых компьютер получает отметки времени. Каждое имя DNS, которое перечислены, должно быть уникальным. Вы должны 0x1 до конца каждого имени DNS. Если вы не 0x1 до конца каждого имени DNS, изменения, внесенные в шаге 5, не вступят в силу.
Настройка параметров коррекции времени. Для этого выполните следующие действия:
Найдите и нажмите следующий подкай реестра: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
В области справа щелкните правой кнопкой мыши MaxPosPhaseCorrection и выберите Изменение.
В изменить значение DWORD щелкните, чтобы выбрать десятичной знак в базовом окне.
В редактировании значения DWORD введите TimeInSeconds в поле данных Value, а затем выберите ОК.
TimeInSeconds — это местоодатель для разумного значения, например 1 часа (3600) или 30 минут (1800). Выбранное значение зависит от интервала опроса, состояния сети и внешнего источника времени.
По умолчанию значение MaxPosPhaseCorrection составляет 48 часов в Windows Server 2008 R2 или более поздней части.
Найдите и откройте следующий подраздел реестра:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
В области справа щелкните правой кнопкой мыши MaxNegPhaseCorrection и выберите Изменение.
В изменить значение DWORD щелкните, чтобы выбрать десятичной знак в базовом окне.
В редактировании значения DWORD введите TimeInSeconds в поле данных Value, а затем выберите ОК.
TimeInSeconds — это местоодатель для разумного значения, например 1 часа (3600) или 30 минут (1800). Выбранное значение зависит от интервала опроса, состояния сети и внешнего источника времени.
По умолчанию значение MaxNegPhaseCorrection составляет 48 часов в Windows Server 2008 R2 или более поздней части.
Закройте редактор реестра.
В командной подсказке введите следующую команду для перезапуска службы Времени Windows и нажмите кнопку Ввод:
Устранение неполадок
Чтобы служба Времени Windows функционировала правильно, инфраструктура сети должна функционировать правильно. Наиболее распространенные проблемы, влияющие на службу Времени Windows, включают следующие:
- Существует проблема с подключением TCP/IP, например с мертвым шлюзом.
- Служба разрешения имен работает неправильно.
- В сети возникают большие задержки громкости, особенно если синхронизация происходит по ссылкам широкой сети WAN с высокой задержкой.
- Служба Времени Windows пытается синхронизироваться с неточными источниками времени.
Рекомендуется использовать Netdiag.exe для устранения проблем, связанных с сетью. Netdiag.exe входит в пакет средств поддержки Windows Server 2003. Полный список параметров командной строки, которые можно использовать с помощью Netdiag.exe. Если проблема еще не решена, можно включить журнал отлажки службы Windows Time. Так как журнал отключки может содержать очень подробные сведения, рекомендуется обращаться в службы поддержки клиентов Майкрософт при включив журнал отработки отработки службы Windows Time.
В особых случаях плата, которая обычно взимается за вызовы поддержки, может быть отменена, если специалист службы поддержки Майкрософт решит проблему с определенным обновлением. Обычные расходы на поддержку будут применяться к дополнительным вопросам и вопросам поддержки, которые не отвечают требованиям для конкретного обновления.
Дополнительные сведения
Windows Server включает W32Time — средство службы времени, которое требуется протоколом проверки подлинности Kerberos. Служба Windows Time позволяет использовать общее время для всех компьютеров в организации, которая работает с операционной системой Microsoft Windows 2000 Server или более поздними версиями.
Для обеспечения надлежащего общего использования времени служба Времени Windows использует иерархические отношения, контролирующие полномочия, а служба времени Windows не позволяет использовать циклы. По умолчанию компьютеры на базе Windows используют следующую иерархию:
- Все клиентские настольные компьютеры назначают контроллер домена проверки подлинности в качестве своего связанного партнера по времени.
- Все серверы-члены следуют одному и том же процессу, что и клиентские настольные компьютеры.
- Все контроллеры домена в домене назначают основного мастера операций контроллера домена (PDC) в качестве своего связанного партнера по времени.
- Все мастера операций PDC следуют иерархии доменов при выборе своего связанного партнера по времени.
В этой иерархии мастер операций PDC в корне леса становится авторитетным для организации. Настоятельно рекомендуется настроить авторитетный сервер времени для получения времени из аппаратного источника. При настройке авторитетного сервера времени для синхронизации с источником времени в Интернете проверка подлинности не происходит. Мы также рекомендуем уменьшить параметры коррекции времени для серверов и автономных клиентов. Эти рекомендации обеспечивают большую точность и безопасность вашего домена.
Ссылки
Дополнительные сведения о службе Windows Time см. в этой версии:
Дополнительные сведения о службе времени Windows см. в см. в w32Time.
Windows Time service tools and settings
Applies to: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10 or later
In this topic, you learn about tools and settings for Windows Time service (W32Time).
If you want to synchronize time for only a domain-joined client computer, see Configure a client computer for automatic domain time synchronization. For additional topics about how to configure Windows Time service, see Where to Find Windows Time Service Configuration Information.
You should not use the Net time command to configure or set time when the Windows Time service is running.
Also, on older computers that run Windows XP or earlier versions, the Net time /querysntp command displays the name of a Network Time Protocol (NTP) server with which a computer is configured to synchronize, but that NTP server is used only when the computer’s time client is configured as NTP or AllSync. That command has since been deprecated.
Most domain member computers have a time client type of NT5DS, which means that they synchronize time from the domain hierarchy. The only typical exception to this is the domain controller that functions as the primary domain controller (PDC) emulator operations master of the forest root domain. The PDC emulator operations master is usually configured to synchronize time with an external time source. To view the time client configuration of a computer (starting in Windows Server 2008 and Windows Vista), run the W32tm /query /configuration command from an elevated Command Prompt, and read the Type line in the command output. For more information, see How Windows Time Service Works. Additionally, you can run the reg query HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters command and read the value of NtpServer in the command output.
Prior to Windows Server 2016, the W32Time service was not designed to meet time-sensitive application needs. However, updates to Windows Server 2016 now allow you to implement a solution for one-millisecond accuracy in your domain. For more information, see Windows 2016 Accurate Time and Support boundary to configure the Windows Time service for high-accuracy environments.
Windows Time service tools
The following tool is associated with the Windows Time service.
W32tm.exe: Windows Time
Category
This tool is part of the default installation of Windows (Windows XP and later versions) and Windows Server (Windows Server 2003 and later versions).
Version compatibility
This tool works on the default installation of Windows (Windows XP and later versions) and Windows Server (Windows Server 2003 and later versions).
You can use W32tm.exe to configure Windows Time service settings and to diagnose time service problems. W32tm.exe is the preferred command-line tool for configuring, monitoring, or troubleshooting the Windows Time service.
The following tables describe the parameters that you can use with W32tm.exe.
W32tm.exe primary parameters
| Parameter | Description |
|---|---|
| w32tm /? | Displays the W32tm command-line help |
| w32tm /register | Registers the time service to run as a service and adds its default configuration information to the registry. |
| w32tm /unregister | Unregisters the time service and removes all of its configuration information from the registry. |
| w32tm /monitor [/domain: ] [/computers: [, [, . ]]] [/threads: ] | Monitors the Windows Time service. /domain: Specifies which domain to monitor. If no domain name is given, or neither the /domain nor /computers option is specified, the default domain is used. This option might be used more than once. /computers: Monitors the given list of computers. Computer names are separated by commas, with no spaces. If a name is prefixed with a *, it is treated as a PDC. This option might be used more than once. /threads: Specifies the number of computers to analyze simultaneously. The default value is three. Allowed range is 1-50. |
| w32tm /ntte | Converts a Windows NT system time (measured in 10 -7 -second intervals starting from 0h 1-Jan 1601) into a readable format. |
| w32tm /ntpte | Converts an NTP time (measured in 2 -32 -second intervals starting from 0h 1-Jan 1900) into a readable format. |
| w32tm /resync [/computer: ] [/nowait] [/rediscover] [/soft] | Tells a computer that it should resynchronize its clock as soon as possible, throwing out all accumulated error statistics. /computer: : Specifies the computer that should resynchronize. If not specified, the local computer will resynchronize. /nowait: do not wait for the resynchronize to occur; return immediately. Otherwise, wait for the resynchronize to complete before returning. /rediscover: Redetects the network configuration and rediscovers network sources, then resynchronize. /soft: Resynchronizes by using existing error statistics. Not useful, provided for compatibility. |
| w32tm /stripchart /computer: [/period: ] [/dataonly] [/samples: ] [/rdtsc] | Displays a strip chart of the offset between this computer and another computer. /computer: : The computer to measure the offset against. /period: : The time between samples, in seconds. The default is two seconds. /dataonly: Displays the data only, without graphics. /samples: : Collects samples, then stops. If not specified, samples will be collected until Ctrl+C is pressed. /rdtsc: For each sample, this option prints comma-separated values along with the headers RdtscStart, RdtscEnd, FileTime, RoundtripDelay, and NtpOffset instead of the text graphic.
|
| w32tm /config [/computer: ] [/update] [/manualpeerlist: ] [/syncfromflags: ] [/LocalClockDispersion: ] [/reliable:(YES|NO)] [/largephaseoffset: ] | /computer: : Adjusts the configuration of . If not specified, the default is the local computer. /update: Notifies the time service that the configuration has changed, causing the changes to take effect. /manualpeerlist: : Sets the manual peer list to , which is a space-delimited list of DNS and/or IP addresses. When specifying multiple peers, this option must be enclosed in quotes. /syncfromflags: : Sets what sources the NTP client should synchronize from. should be a comma-separated list of these keywords (not case sensitive):
/LocalClockDispersion: : Configures the accuracy of the internal clock that W32Time will assume when it can’t acquire time from its configured sources. /reliable:(YES|NO): Set whether this computer is a reliable time source. This setting is only meaningful on domain controllers.
/largephaseoffset: : sets the time difference between local and network time which W32Time will consider a spike. |
| w32tm /tz | Display the current time zone settings. |
| w32tm /dumpreg [/subkey: ] [/computer: ] | Display the values associated with a given registry key. The default key is HKLM\System\CurrentControlSet\Services\W32Time (the root key for the time service). /subkey: : Displays the values associated with subkey of the default key. /computer: : Queries registry settings for computer |
| w32tm /query [/computer: ] [/verbose] | Displays a computer’s Windows Time service information. This parameter was first made available in the Windows Time client in Windows Vista and Windows Server 2008. /computer: : Queries the information of . If not specified, the default value is the local computer. /source: Displays the time source. /configuration: Displays the configuration of run time and where the setting comes from. In verbose mode, display the undefined or unused setting too. /peers: Displays a list of peers and their status. /status: Displays Windows Time service status. /verbose: Sets the verbose mode to display more information. |
| w32tm /debug > | Enables or disables the local computer Windows Time service private log. This parameter was first made available in the Windows Time client in Windows Vista and Windows Server 2008. /disable: Disables the private log. /enable: Enables the private log.
/truncate: Truncate the file if it exists. |
For more information about W32tm.exe, see Windows help.
Examples
If you want to set the local Windows Time client to point to two different time servers, one named ntpserver.contoso.com and another named clock.adatum.com, type the following command at the command line, and then press ENTER:
If you want to check the Windows Time client configuration from a Windows-based client computer that has a host name of CONTOSOW1, run the following command:
The output of this command is a list of configuration parameters that are set for the Windows Time client.
Windows Server 2016 has improved the time synchronization algorithms to align with RFC specifications. Therefore, if you want to set the local Windows Time client to point to multiple peers, it is highly recommended that you prepare three or more different time servers.
If you have only two time servers, you should specify the UseAsFallbackOnly flag (0x2) to de-prioritize one of them. For instance, if you want to prioritize ntpserver.contoso.com over clock.adatum.com, run the following command.
Using Group Policy to configure the Windows Time service
The Windows Time service stores a number of configuration properties as registry entries. You can use Group Policy Objects to configure most of this information. For example, you can use GPOs to configure a computer to be an NTPServer or NTPClient, configure the time synchronization mechanism, or configure a computer to be a reliable time source.
Group Policy settings for the Windows Time service can be configured on Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 domain controllers and can be applied only to computers running Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2.
Windows stores the Windows Time service policy information in the W32Time.admx administrative template file, under Computer Configuration\Administrative Templates\System\Windows Time Service. It stores the configuration information that the policies define in the registry, and uses those registry entries to configure the registry entries for the Windows Time service. As a result, the values defined by Group Policy overwrite any pre-existing values in the Windows Time service section of the registry.
Some of the preset GPO settings differ from the corresponding default registry entries. If you plan to use a GPO to configure any Windows Time setting, be sure that you review Preset values for the Windows Time service Group Policy settings are different from the corresponding Windows Time service registry entries in Windows Server 2003. This issue applies to Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, and Windows Server 2003.
For example, suppose you edit policy settings in the Configure Windows NTP Client policy.
Your changes are stored in the following location in the administrative template:
Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\ Configure Windows NTP Client
Windows loads these settings into the policy area of the registry under the following subkey:
HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient
Then Windows uses the policy settings to configure the related Windows Time service registry entries under the following subkey:
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Time Providers\NTPClient\
The following table lists the policies that you can configure for the Windows Time service, and the registry subkeys that those policies affect.
When you remove a Group Policy setting, Windows removes the corresponding entry from the policy area of the registry.
| Policy 1 | Registry locations 2, 3 |
|---|---|
| Global Configuration Settings | W32Time W32Time\Config W32Time\Parameters |
| Time Providers\Configure Windows NTP Client | W32Time\TimeProviders\NtpClient |
| Time Providers\Enable Windows NTP Client | W32Time\TimeProviders\NtpClient |
| Time Providers\Enable Windows NTP Server | W32Time\TimeProviders\NtpServer |
1 Category path: Computer Configuration\Administrative Templates\System\Windows Time Service 2 Subkey: HKLM\SOFTWARE\Policies\Microsoft 3 Subkey: HKLM\SYSTEM\CurrentControlSet\Services
Enabling W32Time logging
The following three registry entries are not a part of the W32Time default configuration but can be added to the registry to obtain increased logging capabilities. The information logged to the System Event log can be modified by changing value for the EventLogFlags setting in the Group Policy Object Editor. By default, the time service logs an event every time that it switches to a new time source.
In order to enable W32Time logging, add the following registry entries:
| Registry Entry | Versions | Description |
|---|---|---|
| FileLogEntries | All versions | Controls the number of entries created in the Windows Time log file. The default value is none, which does not log any Windows Time activity. Valid values are 0 to 300. This value does not affect the event log entries normally created by Windows Time |
| FileLogName | All versions | Controls the location and file name of the Windows Time log. The default value is blank, and should not be changed unless FileLogEntries is changed. A valid value is a full path and file name that Windows Time will use to create the log file. This value does not affect the event log entries normally created by Windows Time. |
| FileLogSize | All versions | Controls the circular logging behavior of Windows Time log files. When FileLogEntries and FileLogName are defined, Entry defines the size, in bytes, to allow the log file to reach before overwriting the oldest log entries with new entries. Please use 1000000 or larger value for this setting. This value does not affect the event log entries normally created by Windows Time. |
Configuring how Windows Time service resets the computer clock
In order for W32Time to set the computer clock gradually, the offset must be less than the MaxAllowedPhaseOffset value and satisfy the following equation at the same time:
Windows Server 2016 and later versions:
|CurrentTimeOffset| ÷ (16 × PhaseCorrectRate × pollIntervalInSeconds) ≤ SystemClockRate ÷ 2
Windows Server 2012 R2 and earlier versions:
|CurrentTimeOffset| ÷ (PhaseCorrectRate × UpdateInterval) ≤ SystemClockRate ÷ 2
The CurrentTimeOffset value is measured in clock ticks, where 1 ms = 10,000 clock ticks on a Windows system.
SystemClockRate and PhaseCorrectRate are also measured in clock ticks. To get the SystemClockRate value, you can use the following command and convert it from seconds to clock ticks by using the formula of seconds Г— 1,000 Г— 10,000:
SystemClockRate is the rate of the clock on the system. Using 156,000 seconds as an example, the SystemClockRate value would be 0.0156000 Г— 1,000 Г— 10,000 = 156,000 clock ticks.
MaxAllowedPhaseOffset is also measured in seconds. To convert it to clock ticks, multiply MaxAllowedPhaseOffset Г— 1,000 Г— 10,000.
The following examples show how to apply these calculations when you use Windows Server 2012 R2 or an earlier version.
Example 1: Time differs by four minutes
Your time is 11:05 and the time sample that you received from a peer and believe to be correct is 11:09.
PhaseCorrectRate = 1
UpdateInterval = 30,000 clock ticks
SystemClockRate = 156,000 clock ticks
MaxAllowedPhaseOffset = 10 min = 600 seconds = 600 Г— 1,000 Г— 10,000 = 6,000,000,000 clock ticks
|CurrentTimeOffset| = 4 min = 4 Г— 60 Г— 1,000 Г— 10,000 = 2,400,000,000 clock ticks
Is CurrentTimeOffset ≤ MaxAllowedPhaseOffset?
2,400,000,000 ≤ 6,000,000,000: TRUE
AND does it satisfy the above equation?
(|CurrentTimeOffset| ÷ (PhaseCorrectRate × UpdateInterval) ≤ SystemClockRate ÷ 2)
Is 2,400,000,000 / (30,000 × 1) ≤ 156,000 ÷ 2
80,000 ≤ 78,000: FALSE
Therefore, W32tm would set the clock back immediately.
In this case, if you want to set the clock back slowly, you would also have to adjust the values of PhaseCorrectRate or UpdateInterval in the registry to make sure that the equation result is TRUE.
Example 2: Time differs by three minutes
PhaseCorrectRate = 1
UpdateInterval = 30,000 clock ticks
SystemClockRate = 156,000 clock ticks
MaxAllowedPhaseOffset = 10 min = 600 seconds = 600 Г— 1,000 Г— 10,000 = 6,000,000,000 clock ticks
|CurrentTimeOffset| = 3 mins = 3 Г— 60 Г— 1,000 Г— 10,000 = 1,800,000,000 clock ticks
Is |CurrentTimeOffset| ≤ MaxAllowedPhaseOffset?
1,800,000,000 ≤ 6,000,000,000: TRUE
AND does it satisfy the above equation?
(|CurrentTimeOffset| ÷ (PhaseCorrectRate × UpdateInterval) ≤ SystemClockRate ÷ 2)
Is 3 mins × (1,800,000,000) ÷ (30,000 × 1) ≤ 156,000 ÷ 2
Is 60,000 ≤ 78,000: TRUE
In this case, the clock will be set back slowly.
Reference: Windows Time service registry entries
The information about these registry entries is provided as a reference for use in troubleshooting or verifying that the required settings are applied. Many of the values in the W32Time section of the registry are used internally by W32Time to store information. Do not manually change these values. Modifications to the registry are not validated by the registry editor or by Windows before they are applied. If the registry contains invalid values, Windows may experience unrecoverable errors.
Windows Time service stores information under the following registry subkeys:
Additionally, for troubleshooting purposes, you can add entries in order to configure logs.
In the following tables, «All versions» refers to versions of Windows that include Windows 7, Windows 8, Windows 10, Windows Server 2008 and Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019. Some entries are only available on later Windows versions.
Some of the parameters in the registry are measured in clock ticks and some are measured in seconds. To convert the time from clock ticks to seconds, use these conversion factors:
- 1 minute = 60 sec
- 1 sec = 1000 ms
- 1 ms = 10,000 clock ticks on a Windows system, as described at DateTime.Ticks Property.
For example, 5 minutes becomes 5 Г— 60 Г— 1000 Г— 10000 = 3,000,000,000 clock ticks.
«HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config» subkey entries
| Registry entry | Versions | Description |
|---|---|---|
| AnnounceFlags | All versions | Controls whether this computer is marked as a reliable time server. A computer is not marked as reliable unless it is also marked as a time server.
The default value for domain members is 10. The default value for stand-alone clients and servers is 10. |
| ChainDisable | Controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), a read-only domain controller (RODC) can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. This is a boolean setting, and the default value is 0. | |
| ChainEntryTimeout | Specifies the maximum amount of time that an entry can remain in the chaining table before the entry is considered to be expired. Expired entries may be removed when the next request or response is processed. The default value is 16 (seconds). | |
| ChainLoggingRate | Controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. The default is 30 (minutes). | |
| ChainMaxEntries | Controls the maximum number of entries that are allowed in the chaining table. If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. The default value is 128 (entries). | |
| ChainMaxHostEntries | Controls the maximum number of entries that are allowed in the chaining table for a particular host. The default value is 4 (entries). | |
| ClockAdjustmentAuditLimit | Windows Server 2016 Version 1709 and later versions; Windows 10 Version 1709 and later versions | Specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target computer. The default value is 800 (parts per million — PPM). |
| ClockHoldoverPeriod | Windows Server 2016 Version 1709 and later versions; Windows 10 Version 1709 and later versions | Indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7,800 seconds. |
| EventLogFlags | All versions | Controls which events that the time service logs.
The default value on domain members is 2. The default value on stand-alone clients and servers is 2. |
| FrequencyCorrectRate | All versions | Controls the rate at which the clock is corrected. If this value is too small, the clock is unstable and overcorrects. If the value is too large, the clock takes a long time to synchronize. The default value on domain members is 4. The default value on stand-alone clients and servers is 4. |
Note
Zero is not a valid value for the FrequencyCorrectRate registry entry. On Windows Server 2003, Windows Server 2003 R2, Windows Server 2008 , and Windows Server 2008 R2 computers, if the value is set to 0, the Windows Time service automatically changes it to 1.
Note
The value 0xFFFFFFFF is a special case. This value means that the service always corrects the time.
The default value for domain members is 0xFFFFFFFF. The default value for stand-alone clients and servers is 54,000 (15 hrs).
Note
The value 0xFFFFFFFF is a special case. This value means that the service always corrects the time.
The default value for domain members is 0xFFFFFFFF. The default value for stand-alone clients and servers is 54,000 (15 hrs).
The default value on domain members is 1. The default value on stand-alone clients and servers is 7.
Note
Zero is not a valid value for the PhaseCorrectRate registry entry. On Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 computers, if the value is set to 0, the Windows Time service automatically changes it to 1.
Note
Zero is not a valid value for the UpdateInterval registry entry. On computers running Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2, if the value is set to 0, the Windows Time service automatically changes it to 1.
«HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters» subkey entries
| Registry entry | Versions | Description |
|---|---|---|
| AllowNonstandardModeCombinations | All versions | Indicates that non-standard mode combinations are allowed in synchronization between peers. The default value for domain members is 1. The default value for stand-alone clients and servers is 1. |
| NtpServer | All versions | Specifies a space-delimited list of peers from which a computer obtains time stamps, consisting of one or more DNS names or IP addresses per line. Each DNS name or IP address listed must be unique. Computers connected to a domain must synchronize with a more reliable time source, such as the official U.S. time clock.
There is no default value for this registry entry on domain members. The default value on stand-alone clients and servers is time.windows.com,0x1. |
| ServiceDll | All versions | Maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default location for this DLL on both domain members and stand-alone clients and servers is %windir%\System32\W32Time.dll. |
| ServiceMain | All versions | Maintained by W32Time. It contains reserved data that is used by the Windows operating system, and any changes to this setting can cause unpredictable results. The default value on domain members is SvchostEntry_W32Time. The default value on stand-alone clients and servers is SvchostEntry_W32Time. |
| Type | All versions | Indicates which peers to accept synchronization from:
The default value on domain members is NT5DS. The default value on stand-alone clients and servers is NTP. |
«HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient» subkey entries
| Registry entry | Version | Description |
|---|---|---|
| AllowNonstandardModeCombinations | All versions | Indicates that non-standard mode combinations are allowed in synchronization between peers. The default value for domain members is 1. The default value for stand-alone clients and servers is 1. |
| CompatibilityFlags | All versions | Specifies the following compatibility flags and values:
The default value for domain members is 0x80000000. The default value for stand-alone clients and servers is 0x80000000. |
| CrossSiteSyncFlags | All versions | Determines whether the service chooses synchronization partners outside the domain of the computer. The options and values are:
This value is ignored if the NT5DS value is not set. The default value for domain members is 2. The default value for stand-alone clients and servers is 2. |
| DllName | All versions | Specifies the location of the DLL for the time provider. |
The default location for this DLL on both domain members and stand-alone clients and servers is %windir%\System32\W32Time.dll.
- 1 — Yes
- 0 — No
The default value on domain members is 1. The default value on stand-alone clients and servers is 1.
- 0x1 — Reachability changes
- 0x2 — Large sample skew (This is applicable to Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 only)
The default value on domain members is 0x1. The default value on stand-alone clients and servers is 0x1.
- 1 — Yes
- 0 — No
Default value for both domain members and stand-alone clients is 1.
New for build 1703, SpecialPollInterval is contained by the MinPollInterval and MaxPollInterval Config registry values.
«HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer» subkey entries
| Registry Entry | Versions | Description |
|---|---|---|
| AllowNonstandardModeCombinations | All versions | Indicates that non-standard mode combinations are allowed in synchronization between clients and servers. The default value for domain members is 1. The default value for stand-alone clients and servers is 1. |
| DllName | All versions | Specifies the location of the DLL for the time provider. The default location for this DLL on both domain members and stand-alone clients and servers is %windir%\System32\W32Time.dll. |
| Enabled | All versions | Indicates if the NtpServer provider is enabled in the current Time Service.
The default value on domain members is 1. The default value on stand-alone clients and servers is 1. |
| InputProvider | All versions | Indicates whether to enable the NtpClient as an InputProvider, which obtains time information from the NtpServer. The NtpServer is a time server that responds to client time requests on the network by returning time samples that are useful for synchronizing the local clock.
Default value for both domain members and stand-alone clients: 1 |
Reference: Pre-set values for the Windows Time service GPO settings
The following table lists the global Group Policy settings that are associated with the Windows Time service and the pre-set value associated with each setting. For more information about each setting, see the corresponding registry entries in Reference: Windows Time service registry entries earlier in this article. The following settings are contained in a single GPO called Global Configuration Settings.
Pre-set values for «Global Group Policy» settings
| Group Policy setting | Pre-set value |
|---|---|
| AnnounceFlags | 10 |
| EventLogFlags | 2 |
| FrequencyCorrectRate | 4 |
| HoldPeriod | 5 |
| LargePhaseOffset | 1,280,000 |
| LocalClockDispersion | 10 |
| MaxAllowedPhaseOffset | 300 |
| MaxNegPhaseCorrection | 54,000 (15 hours) |
| MaxPollInterval | 15 |
| MaxPosPhaseCorrection | 54,000 (15 hours) |
| MinPollInterval | 10 |
| PhaseCorrectRate | 7 |
| PollAdjustFactor | 5 |
| SpikeWatchPeriod | 90 |
| UpdateInterval | 100 |
Pre-set values for «Configure Windows NTP Client» settings
The following table lists the available settings for the Configure Windows NTP Client GPO and the pre-set values that are associated with the Windows Time service. For more information about each setting, see the corresponding registry entries in Reference: Windows Time service registry entries earlier in this article.
| Group Policy setting | Pre-set value |
|---|---|
| NtpServer | time.windows.com, 0x1 |
| Type | Default options:
|
| CrossSiteSyncFlags | 2 |
| ResolvePeerBackoffMinutes | 15 |
| ResolvePeerBackoffMaxTimes | 7 |
| SpecialPollInterval | 3,600 |
| EventLogFlags | 0 |
Reference: Network ports that the Windows Time service uses
Windows Time follows the NTP specification, which requires the use of UDP port 123 for all time synchronization communication. This port is reserved by Windows Time and remains reserved at all times. Whenever the computer synchronizes its clock or provides time to another computer, that communication is performed on UDP port 123.
If you have a computer that has multiple network adapters (also called a multihomed computer), you cannot selectively enable the Windows Time service based on the network adapter.
Related information
The following resources contain additional information that is relevant to this section.
- RFC 1305 in the IETF RFC Database
—>
