RE: [ActiveDir] Time Server for Forest Root PDC
Yeah, do what Chuck says. The last thing you want is to be at the mercy of your firewall admins (if youre not already). Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, June 12, 2006 1:16 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Time Server for Forest Root PDC The best approach is to setupNTP on the PDC EmulatorroleForest Root DC to point to the two IP addresses by IP on the 2 US Naval Observatory time servers. It is possible to use an internal server but best to use the external ones, depending on the individual company. Chuck -Original Message- From: Teo De Las Heras [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Mon, 12 Jun 2006 13:22:33 -0400 Subject: [ActiveDir] Time Server for Forest Root PDC How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com? Teo Check out AOL.com today. Breaking news, video search, pictures, email and IM. All on demand. Always Free.
RE: [ActiveDir] Time Server for Forest Root PDC
I would suggest you sync with whatever time source(s) the organisation considers to be 'authoritative'. This may be an internal time server or some external clock. The important point is that you trust this source to be correct and thus authoritative. Many larger orgs have internal clocks that they utilise, for example(which sync to the outside world). It's another 'it depends' kind of question. I don't think there is a prescriptive solution to such a question. neil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Teo De Las HerasSent: 12 June 2006 18:23To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Time Server for Forest Root PDC How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com? TeoPLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies.
RE: [ActiveDir] Time Server for Forest Root PDC
-Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Teo De Las Heras Sent: 12 June 2006 18:23 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Time Server for Forest Root PDC How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com? I'm coming late to this party but that hasn't stopped me throwing in my two pennies worth before... We have our own atomic / radio clock here, physically attached to a DC. The DC it is connected to syncs to this hardware and all our other servers sync to this DC. My feeling is that while having the correct time is obviously a very good thing, what is more important is that all your nodes are consistent with each other; in other words, I think that what source you pick is less important than picking just one source and making damn sure every node uses time that is based off this source. -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Time Server for Forest Root PDC
Time lag can be a painful thing in certain applications, had an incident before where the payroll system which is linked to the accesscard system was getting out of sync, some factory production workers are getting free overtime pay due to a few mins out of sync with the realworld's time... Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob MOIR Sent: Tuesday, June 13, 2006 6:33 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Time Server for Forest Root PDC -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Teo De Las Heras Sent: 12 June 2006 18:23 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Time Server for Forest Root PDC How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com? I'm coming late to this party but that hasn't stopped me throwing in my two pennies worth before... We have our own atomic / radio clock here, physically attached to a DC. The DC it is connected to syncs to this hardware and all our other servers sync to this DC. My feeling is that while having the correct time is obviously a very good thing, what is more important is that all your nodes are consistent with each other; in other words, I think that what source you pick is less important than picking just one source and making damn sure every node uses time that is based off this source. -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Time Server for Forest Root PDC
You do want to choose a reliable source, whatever it is. An external atomic clock is most likely to be reliable so long as you can communicate with it successfully and consistently. It is important to keep internal system clocks in synch. Chuck-Original Message-From: Rob MOIR [EMAIL PROTECTED]To: ActiveDir@mail.activedir.orgSent: Tue, 13 Jun 2006 11:33:20 +0100Subject: RE: [ActiveDir] Time Server for Forest Root PDC -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED]] On Behalf Of Teo De Las Heras Sent: 12 June 2006 18:23 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Time Server for Forest Root PDC How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com? I'm coming late to this party but that hasn't stopped me throwing in my two pennies worth before... We have our own atomic / radio clock here, physically attached to a DC. The DC it is connected to syncs to this hardware and all our other servers sync to this DC. My feeling is that while having the correct time is obviously a very good thing, what is more important is that all your nodes are consistent with each other; in other words, I think that what source you pick is less important than picking just one source and making damn sure every node uses time that is based off this source. -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Check out AOL.com today. Breaking news, video search, pictures, email and IM. All on demand. Always Free.
Re: [ActiveDir] Time Server for Forest Root PDC
The best approach is to setupNTP on the PDC EmulatorroleForest Root DC to point to the two IP addresses by IP on the 2 US Naval Observatory time servers. It is possible to use an internal server but best to use the external ones, depending on the individual company. Chuck-Original Message-From: Teo De Las Heras [EMAIL PROTECTED]To: ActiveDir@mail.activedir.orgSent: Mon, 12 Jun 2006 13:22:33 -0400Subject: [ActiveDir] Time Server for Forest Root PDC How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com? Teo Check out AOL.com today. Breaking news, video search, pictures, email and IM. All on demand. Always Free.
Re: [ActiveDir] Time Server for Forest Root PDC
That's how I feel. My argument against using the internal firewall is that should someone change the firewall (woops) then every PC get's that change. On the other hand, someone making a change to the DC's time should now enough about AD to not do it. Even then, an alert would be generated (if configured in MOM). Teo On 6/12/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: The best approach is to setupNTP on the PDC EmulatorroleForest Root DC to point to the two IP addresses by IP on the 2 US Naval Observatory time servers. It is possible to use an internal server but best to use the external ones, depending on the individual company. Chuck -Original Message-From: Teo De Las Heras [EMAIL PROTECTED] To: ActiveDir@mail.activedir.orgSent: Mon, 12 Jun 2006 13:22:33 -0400Subject: [ActiveDir] Time Server for Forest Root PDC How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com? Teo Check out AOL.com today. Breaking news, video search, pictures, email and IM. All on demand. Always Free.
RE: [ActiveDir] Time server in windows 2003 !!
Title: Message There is indeed a built in time sync service. Further reading here and elsewhere on microsoft.com. http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/26_s3wts.mspx neil -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Senthil KumarSent: 16 February 2005 12:39To: Active directory groupSubject: [ActiveDir] Time server in windows 2003 !! Hi all, We are having one windows 2003 DC and one windows 2003 ADC and 2000 clients of win 2000 prof and win xp prof. Now I want when the clients logs on to the domain their computer should update the time of it with the windows 2003 server.Is windows 2003 has any inbuilt feature to setup it as a time server.Is there any third party programs which converts win 2003 server in to a time server? If yes what is the name of the products. Is there any opensource programs for setting up time server in windows 2003 or linux? Can we configure this in GPO? Thanks and Regards, K.SENTHIL KUMAR Do you Yahoo!?Yahoo! Search presents - Jib Jab's 'Second Term' == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ==
RE: [ActiveDir] Time server in windows 2003 !!
Windows2003 is automatically a time server.. when any 2000/XP client is a member of a domain it should automatically pull the time from the DC. Is this not happening? Rob From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Senthil Kumar Sent: 16 February 2005 12:39 To: Active directory group Subject: [ActiveDir] Time server in windows 2003 !! Hi all, We are having one windows 2003 DC and one windows 2003 ADC and 2000 clients of win 2000 prof and win xp prof. Now I want when the clients logs on to the domain their computer should update the time of it with the windows 2003 server.Is windows 2003 has any inbuilt feature to setup it as a time server.Is there any third party programs which converts win 2003 server in to a time server? If yes what is the name of the products. Is there any opensource programs for setting up time server in windows 2003 or linux? Can we configure this in GPO? Thanks and Regards, K.SENTHIL KUMAR Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' === Scanned for virus infection by Messagelabs === === Email security provided by Modrus using MessageLabs Email Security www.modrus.com ===
Re: [ActiveDir] Time server in windows 2003 !!
Windows 2000 and 2003 servers have a native time service that can be used by any client (windows or otherwise) http://www.ultratech-llc.com/KB/?File=TimeSync.TXT -ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/ On Wed, 16 Feb 2005 04:39:16 -0800 (PST), Senthil Kumar [EMAIL PROTECTED] wrote: Hi all, We are having one windows 2003 DC and one windows 2003 ADC and 2000 clients of win 2000 prof and win xp prof. Now I want when the clients logs on to the domain their computer should update the time of it with the windows 2003 server.Is windows 2003 has any inbuilt feature to setup it as a time server.Is there any third party programs which converts win 2003 server in to a time server? If yes what is the name of the products. Is there any opensource programs for setting up time server in windows 2003 or linux? Can we configure this in GPO? Thanks and Regards, K.SENTHIL KUMAR List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Time server in windows 2003 !!
Hi, Windows 2000 and Windows 2003 DCs provide time services for all clients and servers in the AD domain/forest. TIME plays a very important role in kerberos authentication. There is no need to configure your clients or servers. The configuration is automagically when their are joined to the AD domain. There may be one configuration needed though and that's the configuration of a reliable time source for the PDC emulator of the forest root AD domain (the first AD domain ever created in a AD forest). That reliable time source could be an external time server or an internal time server (another server or an atomic clock) For more info see: * http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techre f/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techre f/en-us/W2K3TR_times_intro.asp * http://support.microsoft.com/kb/816042 * http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Time -Service.html Cheers Jorge -Original Message- From: [EMAIL PROTECTED] To: Active directory group Sent: 2/16/2005 1:39 PM Subject: [ActiveDir] Time server in windows 2003 !! Hi all, We are having one windows 2003 DC and one windows 2003 ADC and 2000 clients of win 2000 prof and win xp prof. Now I want when the clients logs on to the domain their computer should update the time of it with the windows 2003 server.Is windows 2003 has any inbuilt feature to setup it as a time server.Is there any third party programs which converts win 2003 server in to a time server? If yes what is the name of the products. Is there any opensource programs for setting up time server in windows 2003 or linux? Can we configure this in GPO? Thanks and Regards, K.SENTHIL KUMAR _ Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' http://us.rd.yahoo.com/evt=30648/*http://movies.yahoo.com/movies/featur e/jibjabinaugural.html This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Time server in windows 2003 !!
Senthil, Goodinfo on timehere in plain english... http://www.activexperts.com/activmonitor/functions/ntp/ In order to set up an authorative time server on a Windows 2003 server: http://support.microsoft.com/kb/816042 To set a server as the default time server you can use the below batch file on workstations or serversas a login script: CLS@echo offECHO.ECHO Sets SNTP Server To Internal NTP Server...net time /setsntp:%IPAddressOfTimeServer%net stop w32timenet start w32timeECHO. To verify the settings are correct from a command prompt type in: net time /querysntp You could go further and in your workstation builds do the following registry hacks: Windows Registry Editor Version 5.00 ; Delete Time Server Defaults From Registry[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers] ; Add Domain Specific Time Server [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers]@="1""1"="%IPAddressOfTimeServer" ; Change W32 Time Polling Interval To Every Hour[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\TimeProviders\NtpClient]"SpecialPollInterval"=dword:e10 James From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Senthil KumarSent: Wednesday, 16 February 2005 10:39 PMTo: Active directory groupSubject: [ActiveDir] Time server in windows 2003 !! Hi all, We are having one windows 2003 DC and one windows 2003 ADC and 2000 clients of win 2000 prof and win xp prof. Now I want when the clients logs on to the domain their computer should update the time of it with the windows 2003 server.Is windows 2003 has any inbuilt feature to setup it as a time server.Is there any third party programs which converts win 2003 server in to a time server? If yes what is the name of the products. Is there any opensource programs for setting up time server in windows 2003 or linux? Can we configure this in GPO? Thanks and Regards, K.SENTHIL KUMAR Do you Yahoo!?Yahoo! Search presents - Jib Jab's 'Second Term'
RE: [ActiveDir] time server
Title: time server If you're going to fix one of them, you may as well suggest that they fix them all. There're several as seen by a query for NTP+Windowsserver2003 and you might want to throw in W32Time just for fun. Theconfusing wording was pervasiveon the several that I sampled while looking at this question and trying to remember how this all worked, which protocol was used, why it should even matter, etc. There's a lot of room for improvement in the docs... I should stop before it comes to, "hey, why don't you write a kb and/or STHU? " ;-) -ajm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan MuggliSent: Monday, January 10, 2005 6:44 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server The packets are identical, and NTP actually came first. I just spoke with my time developer and he confirmed that time syncs should be able to work ntp - sntp, and sntp - ntp. Most of the problems we've seen with interoperability have been caused by client side logic in applications doing weird things like version checks, etc. The best way to get to the bottom of Mark's NTP phone problem is network sniffs. You could try turning on W32time debug logging on the 2000 server and see if you can catch the discovery request. I think the sniff is the best way to go. Or, you could always upgrade to 2003 J. Regarding the Doc, it's obviously wrong (I'll get it fixed). The W32time server service in 2000 was SNTP, and 2003 its NTP. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 12:19 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server As Al pointed out, some MS docs need to be reviewed... The one Al specifically pointed out "http://www.microsoft.com/technet/itsolutions/cits/interopmigration/unix/usecdirw/06wsdsu.mspx" says straight out that the Time Server is SNTP based. WindowsServer2003 time services are based upon the Simple Network Time Protocol (SNTP); this is a simplified version of the UNIX Network Time Protocol (NTP). The packet formats of both protocols are identical, and the servers and clients for each can be used interchangeably. The interchangeable part seems to be more of a theory or hope than strictly the real world. From chats I have had previously with people who played with the time stuff a lot it seems that it is more likely a SNTP client will be able to use a NTP source than an NTP client using a SNTP source. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan MuggliSent: Monday, January 10, 2005 3:02 PMTo: ActiveDir@mail.activedir.org; Send - AD mailing listSubject: RE: [ActiveDir] time server I own the time service for Windows, so I can field the OS question. The NTP server in Windows 2003 is NTP V3 RFC compliant and third party NTP clients can (well *should*) be able to sync with it. When you say "doesn't seem to recognize", is there an error message? How does it find a valid NTP server? -Nathan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Monday, January 10, 2005 11:07 AMTo: Send - AD mailing listSubject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx --Dean WellsMSEtechnology* Email: [EMAIL PROTECTED]http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 1:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 11:27 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesn't seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Title: time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 11:27 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Title: time server Thanks Joe, I suspect thats it then. There wasnt anything in the interface about an SNTP server. mc From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 10, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Monday, January 10, 2005 11:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation. This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Title: time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 1:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 11:27 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Title: time server Thiscomment is accurate for Windows 2000, but not for Windows XP/2003. References: http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=""> and http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=""> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 1:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 11:27 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Conflicting information: (http://www.microsoft.com/technet/itsolutions/cits/interopmigration/unix/use cdirw/06wsdsu.mspx) To sum it up, SNTP and NTP are supposed to be interchangeable and compatible. Reality is, some verbs/commands aren't. When setting up a time server from a non-Microsoft client, you need to check to see what the error actually is. That'll help you to narrow down what the cause is and how to adjust your client/server to make it work. Time sync is highly critical in a Kerberos environment, and making it work with multiple vendors would infer that a 2003 DC should speak both NTP and SNTP. Event logs are helpful here. ;) I've had a heck of a time with the time service changes in the past. There're several options you can use if it doesn't work as a client although those are some rare occasions supposedly. As a server, you'll have to figure out what's going on first. Maybe a network trace would be helpful as well? Configuring Time Services Kerberos 5 authentication is dependent upon the synchronization of the internal clocks within the Kerberos domain. Before proceeding with building a security solution using Kerberos, it is necessary to set up a time service to ensure this required accuracy. Windows Server 2003 time services are based upon the Simple Network Time Protocol (SNTP); this is a simplified version of the UNIX Network Time Protocol (NTP). The packet formats of both protocols are identical, and the servers and clients for each can be used interchangeably. More information about the time service protocols can be found in the RFCs for each protocol. These are as follows: * RFC 2030: Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6, and OSI * RFC 1305: Network Time Protocol (Version 3) Specification, Implementation, and Analysis Version 4 of NTP is currently in development and has yet to be released as a RFC. More information on the specifics of implementing time services in the Active Directory environment can be found in The Windows Time Service (Brandolini and Green) at http://www.microsoft.com/windows2000/techinfo/howitworks/security/wintimeser v.asp. The following sections address the most common configuration scenarios for setting up time servers and clients in a heterogeneous environment. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Monday, January 10, 2005 2:07 PM To: Send - AD mailing list Subject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://msetechnology.com http://msetechnology.com/ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 10, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Monday, January 10, 2005 11:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesn't seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] time server
Title: time server From my understandingit (2K and K3) supports NTP for reading time from a source, not as a source. I.E. Windows with the default time service is not a NTP Source, it is a SNTP Source. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Monday, January 10, 2005 2:07 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 1:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 11:27 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Title: time server I own the time service for Windows, so I can field the OS question. The NTP server in Windows 2003 is NTP V3 RFC compliant and third party NTP clients can (well *should*) be able to sync with it. When you say doesnt seem to recognize, is there an error message? How does it find a valid NTP server? -Nathan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Monday, January 10, 2005 11:07 AM To: Send - AD mailing list Subject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 10, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Monday, January 10, 2005 11:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Title: time server That's a good point Joe, I've never sniffed the traffic off the wire to be sure (nor used ~any other means) but the link I supplied certainly implies it's NTP based. --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 2:43 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server From my understandingit (2K and K3) supports NTP for reading time from a source, not as a source. I.E. Windows with the default time service is not a NTP Source, it is a SNTP Source. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Monday, January 10, 2005 2:07 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 1:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 11:27 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Title: time server As Al pointed out, some MS docs need to be reviewed... The one Al specifically pointed out "http://www.microsoft.com/technet/itsolutions/cits/interopmigration/unix/usecdirw/06wsdsu.mspx" says straight out that the Time Server is SNTP based. WindowsServer2003 time services are based upon the Simple Network Time Protocol (SNTP); this is a simplified version of the UNIX Network Time Protocol (NTP). The packet formats of both protocols are identical, and the servers and clients for each can be used interchangeably. The interchangeable part seems to be more of a theory or hope than strictly the real world. From chats I have had previously with people who played with the time stuff a lot it seems that it is more likely a SNTP client will be able to use a NTP source than an NTP client using a SNTP source. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan MuggliSent: Monday, January 10, 2005 3:02 PMTo: ActiveDir@mail.activedir.org; Send - AD mailing listSubject: RE: [ActiveDir] time server I own the time service for Windows, so I can field the OS question. The NTP server in Windows 2003 is NTP V3 RFC compliant and third party NTP clients can (well *should*) be able to sync with it. When you say doesnt seem to recognize, is there an error message? How does it find a valid NTP server? -Nathan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Monday, January 10, 2005 11:07 AMTo: Send - AD mailing listSubject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx --Dean WellsMSEtechnology* Email: [EMAIL PROTECTED]http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 1:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 11:27 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Title: time server I've had problems with machines that are not part of the domain being unable to synch with the time service on a DC. It seems that if the machine is not part of the domain you are unable to use it as a time NTP or SNTP server. Mike From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Monday, January 10, 2005 3:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Its an AVAYA S8700 Media Server. The phone system admin showed me the web page where the Network Time Server should be configured on the AVAYA. It doesnt let me choose which protocol, it simply has a place for the IP address or DNS name of the Network Time Server. We entered the IP, and it says Could not update Network Time Server (as if it tries to query and fails). We can ping the AVAYA from the DC, and they are on the same subnet. I think (though unconfirmed) that the AVAYA runs on a proprietary Linux version. Only other option I thought might be a factor is Multicast client support, which is currently set to no. Our AD domains are Windows 2000. mc From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan MuggliSent: Monday, January 10, 2005 3:02 PMTo: ActiveDir@mail.activedir.org; Send - AD mailing listSubject: RE: [ActiveDir] time server I own the time service for Windows, so I can field the OS question. The NTP server in Windows 2003 is NTP V3 RFC compliant and third party NTP clients can (well *should*) be able to sync with it. When you say doesnt seem to recognize, is there an error message? How does it find a valid NTP server? -Nathan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Monday, January 10, 2005 11:07 AMTo: Send - AD mailing listSubject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx --Dean WellsMSEtechnology* Email: [EMAIL PROTECTED]http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 1:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 11:27 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Title: Message 510 software has a windows port of NTP that works very well (all of my servers were running it back in the NT4 days). I suppose a person could usew32timeto sync to the forest, and run ntp acting as a local time master to provide sync to the phone switch. You'd have to alternate them somehow (scheduled batch file?) because they'd both be trying to grab port 123. Messy, to say the least. Also, confguring NTP is a PITA. Can't you point the phone switch to some public NTP server? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 3:19 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server As Al pointed out, some MS docs need to be reviewed... The one Al specifically pointed out "http://www.microsoft.com/technet/itsolutions/cits/interopmigration/unix/usecdirw/06wsdsu.mspx" says straight out that the Time Server is SNTP based. WindowsServer2003 time services are based upon the Simple Network Time Protocol (SNTP); this is a simplified version of the UNIX Network Time Protocol (NTP). The packet formats of both protocols are identical, and the servers and clients for each can be used interchangeably. The interchangeable part seems to be more of a theory or hope than strictly the real world. From chats I have had previously with people who played with the time stuff a lot it seems that it is more likely a SNTP client will be able to use a NTP source than an NTP client using a SNTP source. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan MuggliSent: Monday, January 10, 2005 3:02 PMTo: ActiveDir@mail.activedir.org; Send - AD mailing listSubject: RE: [ActiveDir] time server I own the time service for Windows, so I can field the OS question. The NTP server in Windows 2003 is NTP V3 RFC compliant and third party NTP clients can (well *should*) be able to sync with it. When you say doesnt seem to recognize, is there an error message? How does it find a valid NTP server? -Nathan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Monday, January 10, 2005 11:07 AMTo: Send - AD mailing listSubject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx --Dean WellsMSEtechnology* Email: [EMAIL PROTECTED]http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 1:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 11:27 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Have you checked the DC in question to see what it's reporting? You may also want to grab a net trace to see the packets on the wire. Those two things might help to clarify the issue faster (permissions, incompat, etc) faster. If the phone switch has a log file or output, that also might be helpful in this situation. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Monday, January 10, 2005 3:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] time server It's an AVAYA S8700 Media Server. The phone system admin showed me the web page where the Network Time Server should be configured on the AVAYA. It doesn't let me choose which protocol, it simply has a place for the IP address or DNS name of the Network Time Server. We entered the IP, and it says Could not update Network Time Server (as if it tries to query and fails). We can ping the AVAYA from the DC, and they are on the same subnet. I think (though unconfirmed) that the AVAYA runs on a proprietary Linux version. Only other option I thought might be a factor is Multicast client support, which is currently set to no. Our AD domains are Windows 2000. mc From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Muggli Sent: Monday, January 10, 2005 3:02 PM To: ActiveDir@mail.activedir.org; Send - AD mailing list Subject: RE: [ActiveDir] time server I own the time service for Windows, so I can field the OS question. The NTP server in Windows 2003 is NTP V3 RFC compliant and third party NTP clients can (well *should*) be able to sync with it. When you say doesn't seem to recognize, is there an error message? How does it find a valid NTP server? -Nathan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Monday, January 10, 2005 11:07 AM To: Send - AD mailing list Subject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com http://msetechnology.com/ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 10, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Monday, January 10, 2005 11:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesn't seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation. This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] time server
Is there anything on the network in between your AD domain and the phone switch? I know it's fairly common for phone switches to be behind some type of NATing firewall, although it doesn't happen everywhere. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, January 10, 2005 4:30 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] time server Have you checked the DC in question to see what it's reporting? You may also want to grab a net trace to see the packets on the wire. Those two things might help to clarify the issue faster (permissions, incompat, etc) faster. If the phone switch has a log file or output, that also might be helpful in this situation. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Monday, January 10, 2005 3:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] time server It's an AVAYA S8700 Media Server. The phone system admin showed me the web page where the Network Time Server should be configured on the AVAYA. It doesn't let me choose which protocol, it simply has a place for the IP address or DNS name of the Network Time Server. We entered the IP, and it says Could not update Network Time Server (as if it tries to query and fails). We can ping the AVAYA from the DC, and they are on the same subnet. I think (though unconfirmed) that the AVAYA runs on a proprietary Linux version. Only other option I thought might be a factor is Multicast client support, which is currently set to no. Our AD domains are Windows 2000. mc From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Muggli Sent: Monday, January 10, 2005 3:02 PM To: ActiveDir@mail.activedir.org; Send - AD mailing list Subject: RE: [ActiveDir] time server I own the time service for Windows, so I can field the OS question. The NTP server in Windows 2003 is NTP V3 RFC compliant and third party NTP clients can (well *should*) be able to sync with it. When you say doesn't seem to recognize, is there an error message? How does it find a valid NTP server? -Nathan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Monday, January 10, 2005 11:07 AM To: Send - AD mailing list Subject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com http://msetechnology.com/ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 10, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Monday, January 10, 2005 11:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesn't seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation. This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org
RE: [ActiveDir] time server
Title: time server The packets are identical, and NTP actually came first. I just spoke with my time developer and he confirmed that time syncs should be able to work ntp - sntp, and sntp - ntp. Most of the problems weve seen with interoperability have been caused by client side logic in applications doing weird things like version checks, etc. The best way to get to the bottom of Marks NTP phone problem is network sniffs. You could try turning on W32time debug logging on the 2000 server and see if you can catch the discovery request. I think the sniff is the best way to go. Or, you could always upgrade to 2003 J. Regarding the Doc, its obviously wrong (Ill get it fixed). The W32time server service in 2000 was SNTP, and 2003 its NTP. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 10, 2005 12:19 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] time server As Al pointed out, some MS docs need to be reviewed... The one Al specifically pointed out http://www.microsoft.com/technet/itsolutions/cits/interopmigration/unix/usecdirw/06wsdsu.mspx says straight out that the Time Server is SNTP based. WindowsServer2003 time services are based upon the Simple Network Time Protocol (SNTP); this is a simplified version of the UNIX Network Time Protocol (NTP). The packet formats of both protocols are identical, and the servers and clients for each can be used interchangeably. The interchangeable part seems to be more of a theory or hope than strictly the real world. From chats I have had previously with people who played with the time stuff a lot it seems that it is more likely a SNTP client will be able to use a NTP source than an NTP client using a SNTP source. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Muggli Sent: Monday, January 10, 2005 3:02 PM To: ActiveDir@mail.activedir.org; Send - AD mailing list Subject: RE: [ActiveDir] time server I own the time service for Windows, so I can field the OS question. The NTP server in Windows 2003 is NTP V3 RFC compliant and third party NTP clients can (well *should*) be able to sync with it. When you say doesnt seem to recognize, is there an error message? How does it find a valid NTP server? -Nathan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Monday, January 10, 2005 11:07 AM To: Send - AD mailing list Subject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 10, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Monday, January 10, 2005 11:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] time server
Title: time server Mark, I've got a number of Avayas (S8700's) at work. I can check with our on-staff Avaya folks, as I know that they are synching time internally. However, I think that it's going back against our AIX systems. But, as to it being Linux - it's how you order the modules. I have at least one or two modules that are Windows 2000 based for our CTI needs. -rtk From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 2:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Its an AVAYA S8700 Media Server. The phone system admin showed me the web page where the Network Time Server should be configured on the AVAYA. It doesnt let me choose which protocol, it simply has a place for the IP address or DNS name of the Network Time Server. We entered the IP, and it says Could not update Network Time Server (as if it tries to query and fails). We can ping the AVAYA from the DC, and they are on the same subnet. I think (though unconfirmed) that the AVAYA runs on a proprietary Linux version. Only other option I thought might be a factor is Multicast client support, which is currently set to no. Our AD domains are Windows 2000. mc From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan MuggliSent: Monday, January 10, 2005 3:02 PMTo: ActiveDir@mail.activedir.org; Send - AD mailing listSubject: RE: [ActiveDir] time server I own the time service for Windows, so I can field the OS question. The NTP server in Windows 2003 is NTP V3 RFC compliant and third party NTP clients can (well *should*) be able to sync with it. When you say doesnt seem to recognize, is there an error message? How does it find a valid NTP server? -Nathan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Monday, January 10, 2005 11:07 AMTo: Send - AD mailing listSubject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx --Dean WellsMSEtechnology* Email: [EMAIL PROTECTED]http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 1:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 11:27 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation. smime.p7s Description: S/MIME cryptographic signature