Shulou(Shulou.com)06/03 Report--

1) first confirm that the time of the underlying virtualization is accurate, because all virtual machines automatically synchronize the time of the virtual host.

2) enable time synchronization on all AD servers

First, find a suitable NTP server

First of all, you need to find a NTP server suitable for your network environment, because different networks will have different NTP servers to function. The way to detect NTP servers is to run w32tm / stripchart / computer on AD: the name of the following NTP server, such as w32tm / stripchart / computer:s1a.time.edu.cn, if available, it will be shown below

If it is not available, it will be displayed as shown below.

The CMD command specifies the NTP server

After finding an available NTP server for your network, suppose you find s1a.time.edu.cn as an available NTP server, turn on time synchronization on the AD server, and run the following command

W32tm / config / manualpeerlist:s1a.time.edu.cn / syncfromflags:MANUAL

W32tm / config / update

Net stop w32time

Net start w32time

Third, set the main domain controller to synchronize with the server of the national time service center, and the synchronization period is 1 day.

1. Add a time server

Registry: HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ DateTime\ Servers right-click on the right window to create a new string value and name it 0. Double-click the newly created string value, enter: s1a.time.edu.cn, and save. Change the "default" (that is, the first "string value") to 0, and delete all other values, leaving only the values shown in the figure.

2. Specify the time source

HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ Parameters

Change the value of key NtpServer to s1a.time.edu.cn

3. Set the time correction period

HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ TimeProviders\ NtpClient\ SpecialPollInterval

The value of the modified key SpecialPollInterval is 604800 in decimal (that is, 604800 seconds, 1 day)

Fourth, set up authoritative servers

1. Set up an authoritative server

Open the registry on the domain control server and find the key value

HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ Config

Modify the value of the key AnnounceFlags to decimal 10.

2. Enable NTPServer

HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ TimeProviders\ NtpServer

Modify the value of the key Enabled to 1 in decimal

Configure group policy and set time synchronization

1. Open Group Policy Management

2. Right-click on "Default Domain Policy" and edit.

3. Computer configuration-Administrative templates-system-Windows time service, double-click "Global configuration Settings" and select "enabled".

Modify the MaxNegPhaseCorrection value to 3600 (that is, 3600 seconds, 1 hour)

Modify the MaxPosPhaseCorrection value to 3600 (that is, 3600 seconds, 1 hour)

Modify the value of AnnounceFlags to 5

Click "apply" and "OK".

4. Computer configuration-Administrative templates-system-Windows time Service-time provider, "enable Windows NTP client", select "enabled".

Configure Windows NTP client, select enabled.

Change the NtpSever value to s1a.time.edu.cn

Change the Type value to NTP

Modify the value of SpecialPollInterval to 1800 (30 minutes)

5. Cmd command completes the detection in the domain control and the client

Run the following three commands on the domain control to detect and return the successful execution of the command. If you return to this computer without resynchronizing, because there is no available time data. Please check whether the one-step time server is available in the above document, and whether the five-to four-step server is correct, and see if the result returned by the w32tm / query / source command is correct.

Gpupdate / force update group policy

W32tm / query / source check whether the time server is a changed s1a.time.edu.cn

W32tm / resync manual synchronization time

If the client in the domain wants to synchronize the time with the primary domain, execute the following command and return that the successful execution of the command is considered successful

Pupdate / force update group policy

W32tm / resync / rediscover manually synchronize time

Note that if the time is to be synchronized successfully, the time cannot be too different from the standard time, and only those within the range can be synchronized successfully.

1. The system time is 14 hours and 59 minutes later than the standard time.

2. The system time is within 30 minutes earlier than the standard time.

NTP Server referenc

210.72.145.44 (server IP address of National time Service Center)

Ntp.sjtu.edu.cn 202.120.2.101 (NTP server address of Shanghai Jiaotong University Network Center)

S1a.time.edu.cn Beijing University of posts and Telecommunications

S1b.time.edu.cn Tsinghua University

S1c.time.edu.cn Peking University

S1d.time.edu.cn Southeast University

S1e.time.edu.cn Tsinghua University

S2a.time.edu.cn Tsinghua University

S2b.time.edu.cn Tsinghua University

S2c.time.edu.cn Beijing University of posts and Telecommunications

S2d.time.edu.cn Southwest Regional Network Center

S2e.time.edu.cn Northwest Regional Network Center

S2f.time.edu.cn Northeast Regional Network Center

S2g.time.edu.cn Southeast China Network Center

S2h.time.edu.cn Network Management Center of Sichuan University

S2j.time.edu.cn Network Center of Dalian University of Technology

S2k.time.edu.cn CERNET Guilin Master Node

S2m.time.edu.cn Peking University

3) for some client Windows Times services that stop automatically, you can try to re-register this service item

1. First, run the following command to delete the time service:

W32tm / unregister

two。 Then, run the following command to load the default time configuration service:

W32tm / register

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.