Re: what is the time source of domain member server when ntpserver defined
Jonathan de Boyne Pollard
Do not manual set another time server in a domain on member servers or DCs other then the PDCEmulator. It is important that only the PDCEmulator as domain time master is the source for time and configured to an external time source.
In reviewing the messages in this newsgroup, now that my news server carries it, I've seen this received wisdom stated more than once. It's wrong. As M. Fekay said, what is actually important is that all of the machines' system clocks are synchronized, so that Kerberos (and various other things) work. It does not, in fact, matter how, exactly, one goes about achieving that goal. The usual way is to go with the default behaviour of the Windows Time Service, which implements a hierarchy where one only needs to manually configure the machine (the PDC emulator) at the top of that hierarchy, and everything else below it "just works". But as far as I am aware, as long as the actual goal of keeping all machines synchronized is achieved, one can use whatever complex system of (S)NTP clients and servers that one cares to set up. Ensuring that one only twiddles with the PDC emulator is one means, but it is not the sole means available, and it isn't the actual end that needs to be achieved.
Meinolf Weber [MVP-DS]
You are of course right when saying the kerberos time must be in the correct
time window of default 5 minutes in a domain. But when using different time
sources on the servers you are out of sync more quick then you like it.
That is the the reason that the DC with the PDCEmulator is the time master
in the domain automatically where all other DC sync with and the other domain
machines sync with one available DC. This is the ONLY way to guarantee this.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Jorge Silva
- When you say:
"It is important that only the PDCEmulator as domain time master is the source for time and configured to an external time source."
Why the PDCe and not other DC?
Time sync is important, true, but the key is to have all (workstations, DCs, member servers in sync) synchronized. The PDCe is the Authoritative time server because by default the PDCe is one of the Roles that the First DC has, additionally that server will also serve as Authoritative Time server, but that doesn't mean that you must stay with that configuration, there're many scenarios were that isn't possible.
--
I hope that the information above helps you.
Have a Nice day.
MVP Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jonathan de Boyne Pollard" <J.deBoynePoll...@NTLWorld.COM> wrote in message news:IU.20100118....@J.de.Boyne.Pollard.localhost...
DaveMills
wrote:
>- When you say:
>
>"It is important that only the PDCEmulator as domain time master is the source for time and configured to an external time source."
>
>
>
>Why the PDCe and not other DC?
Well I suppose you could set it all up yourself but why bother. The DCs use the
PDC, the other PCs use one of the DCs and if you have a multi-domain forest then
the subdomain's DCs get their time from the parent etc. Why bother to set up a
complex alternative especially when you need to consider failure and fallback
configuration.
Ace referenced an article which also has a link to a MS article that explains
how much would need to be done.
>
>Time sync is important, true, but the key is to have all (workstations, DCs, member servers in sync) synchronized. The PDCe is the Authoritative time server because by default the PDCe is one of the Roles that the First DC has, additionally that server will also serve as Authoritative Time server, but that doesn't mean that you must stay with that configuration, there're many scenarios were that isn't possible.
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.
Jonathan de Boyne Pollard
Do not manual set another time server in a domain on member servers or DCs other then the PDCEmulator. It is important that only the PDCEmulator as domain time master is the source for time and configured to an external time source.
In reviewing the messages in this newsgroup, now that my news server carries it, I've seen this received wisdom stated more than once. It's wrong. As M. Fekay said, what is actually important is that all of the machines' system clocks are synchronized, so that Kerberos (and various other things) work. It does not, in fact, matter how, exactly, one goes about achieving that goal. The usual way is to go with the default behaviour of the Windows Time Service, which implements a hierarchy where one only needs to manually configure the machine (the PDC emulator) at the top of that hierarchy, and everything else below it "just works". But as far as I am aware, as long as the actual goal of keeping all machines synchronized is achieved, one can use whatever complex system of (S)NTP clients and servers that one cares to set up. Ensuring that one only twiddles with the PDC emulator is one means, but it is not the sole means available, and it isn't the actual end that needs to be achieved.
You are of course right when saying the kerberos time must be in the correct time window of default 5 minutes in a domain. But when using different time sources on the servers you are out of sync more quick then you like it.
That is the the reason that the DC with the PDCEmulator is the time master in the domain automatically where all other DC sync with and the other domain machines sync with one available DC. This is the only way to guarantee this.
Nonsense. There are plenty of people in the world who have achieved
synchronization via other arrangements of (S)NTP clients and servers.
It is far from being the only way. I repeat: The Windows Time Service
default synchronization structure is but one means of
achieving the actual goal. There are other ways of arranging for all
machines to be synchronized, and as long as all machines are
synchronized it doesn't matter which way one goes about achieving it.
The means is not the end. Nor is it the sole guaranteed
means.
Jorge Silva
> use the
> PDC, the other PCs use one of the DCs and if you have a multi-domain
> forest then
> the subdomain's DCs get their time from the parent etc. Why bother to set
> up a
> complex alternative especially when you need to consider failure and
> fallback
> configuration.
First, what you say may apply in your network scenario, but there're many
others that need to change for may different reasons, each environment has
different requirements. One thing that people forget, is that NOT always
things are configured correctly at the first time, and for many different
reasons they need to change them. Setting up a new Authoritative server is
NOT a complex task coordinating those changes, may be, in some environments
a challenge to ensure that no-one "suffers" with those same changes.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"DaveMills" <Dave...@newsgroup.nospam> wrote in message
news:h32fl59qfem2ldcu3...@4ax.com...
Rich Wonneberger
Two questions
Whats the easiest way to sync the time?
What are you doing outside of a OS2 group?? :)
Rich W.
Jonathan de Boyne Pollard wrote:
>>
> Nonsense. There are plenty of people in the world who have achieved
> synchronization via other arrangements of (S)NTP clients and servers.
> It is far from being the only way. I repeat: The Windows Time Service
> default synchronization structure is but /one means/ of achieving the
> actual goal. There are other ways of arranging for all machines to be
> synchronized, and as long as all machines /are/ synchronized it doesn't
> matter which way one goes about achieving it. The means is /not/ the
Jonathan de Boyne Pollard
>
>
> Whats the easiest way to sync the time?
>
likely going to be to go with what's supplied out of the box. As I
wrote in the messages that you replied to, one manually configures the
machine at the top of the Windows Time Service hierarchy, and everything
else "just works". That's the intention of the design. But as M. Silva
has pointed out, there are going to be many situations where this
doesn't happen, not least because not every domain is set up and
maintained perfectly ab initio. It's not difficult to undermine the
bases upon which "just works" just works, through error and otherwise.
And as has also been pointed out, the Windows Time Service design is
sometimes not what one wants. (One prior thread in MPWSA, for example,
was started by someone who apparently didn't want the three minute
threshold that the WTS implements and who wanted all adjustments to be
incremental. Another prior thread was started by someone who wanted the
opposite, and wanted no incremental adjustments. Knowing the constraints
and design choices of the WTS design is important.)
Sometimes the easiest way, for AD, is not the right way nor the desired
way. In this thread, the point is that it's most certainly not the only
and the mandatory way, as has unfortunately become received wisdom in
some places.
> What are you doing outside of a OS2 group?? :)
>
Talking about a subject that isn't OS/2, of course. Welcome to
comp.protocols.time.ntp, where the topic is NTP. (-:
Jonathan de Boyne Pollard
Do not manual set another time server in a domain on member servers or DCs other then the PDCEmulator. It is important that only the PDCEmulator as domain time master is the source for time and configured to an external time source.
In reviewing the messages in this newsgroup, now that my news server carries it, I've seen this received wisdom stated more than once. It's wrong. As M. Fekay said, what is actually important is that all of the machines' system clocks are synchronized, so that Kerberos (and various other things) work. It does not, in fact, matter how, exactly, one goes about achieving that goal. The usual way is to go with the default behaviour of the Windows Time Service, which implements a hierarchy where one only needs to manually configure the machine (the PDC emulator) at the top of that hierarchy, and everything else below it "just works". But as far as I am aware, as long as the actual goal of keeping all machines synchronized is achieved, one can use whatever complex system of (S)NTP clients and servers that one cares to set up. Ensuring that one only twiddles with the PDC emulator is one means, but it is not the sole means available, and it isn't the actual end that needs to be achieved.
[...] Why the PDCe and not other DC? Time sync is important, true, but the key is to have all (workstations, DCs, member servers in sync) synchronized. The PDCe is the Authoritative time server because by default the PDCe is one of the Roles that the First DC has, additionally that server will also serve as Authoritative Time server, but that doesn't mean that you must stay with that configuration, there're many scenarios were that isn't possible.
... which is pretty much the same thing as I wrote in that the text
that you replied to. (-:
Now go and see how many times the mantra, that one must always
and only configure the PDC emulator as the lowest stratum time
server, has been stated in MPWSA and other newsgroups over the past few
years. Here's an example, from a post
by Paul Williams, Directory Services MVP, in January 2007:
The only machine that should have one or more external time servers defined is the PDCe in the forest root domain.
It's received wisdom; it's oft-repeated received wisdom; and it's
wrong.
WinTFTP
WinTFTP Server Pro 3 is multithreading application designed to
allow network administrators and users to save, upload and download
configuration files from various network equipments. Example like
router, VPN devices, smart hubs, network switches, CATV modems, IP
Phones, network printers and other network devices which support router
TFTP protocol. WinTFTP Server Pro can be used for writing router
configuration or firmware files as well. The server application together
with the client application can be used to transfer files between computers.
This multithreading server application may be used in very
complex network configuration for network monitoring software at all
network devices. This include modem configuration CATV TFTP with CMTS
systems. Is configured to use up to 4 network card interfaces using a
visual interface on display. The freeware tftp client application is
included within the installation kit.
Wintftp server free for professionals supports the TFTP Option
Negotiation Protocol. The client appends options at the end of the Read
Request or Write request packet. It also supports the TFTP Blocksize
Option which allows the free client tftp and free server tftp to
negotiate a block size more applicable to the network environment.
WinTFTP Server Pro 3
* Is running on Microsoft Windows XP / Windows 2000 / Windows Vista
platforms.
* Is a multi threading application which means it can accept and
handle multiple tftp router connections at the same time.
* Supports up to 4 network interfaces so don�t worry to use it on a
machine with more than 1 network interface.Tftp client configuration
main window application
* Has security option based on IP address access lists and folder
access. Although the tftp protocol has no security option, we enhanced
our server with IP address access list, folder access and
upload/download permissions.
* Built in option to change listening port for each server network
interface.
* Supports long filenames and nested directories.
* Supports nick names both for tft server and tftp clients for an
easy administration of your tasks.
* Log file for later analysis of your tftp traffic.
http://WinTFTP.com
Configured for running on Windows 2000/XP/2003/Vista/2008/7
Windows XP / Windows 2000 / Windows tftp server Vista, Windows 7 tftp
server free platforms. We recomand to become registered user following
registration link on home page and receive the update information and
update software for free.
Install this tftp application and use for unlimited number of
files. Multiple files are accepted and multiuser settings and rights. It
works for unlimited number of IP, unlimited size of files depending of
your OS. Use all features unlimited times for 30 days without any
restriction. We have a very large number of visitors and users growing
fast every day worldwide online business.
WinTFTP Server Pro 3 is a client server multithread application
compatible with TFTP protocol as described by Internet Standard
Documents. TFTP protocol is a datagram based protocol (UDP), used to
transfer files between two hosts (ex: PC to PC, PC to device, to
devices, etc). For more information about the tftp protocol please see
links below:
*
RFC 1350 - Trivial File Transfer Protocol (RFC 1350 protocol)
*
RFC 1782 - TFTP Option Extension (RFC 1782 protocol)
*
RFC 1783 - TFTP Blocksize Option
(http://www.rfc-editor.org/rfc/rfc1783.txt)
All rights reserved. Copyright (c) 2001-2010 http://www.WinTFTP.com
WinTFTP Server
WinTFTP Server Pro 3 is multithreading application designed to
allow network administrators and users to save, upload and download
configuration files from various network equipments. Example like
router, VPN devices, smart hubs, network switches, CATV modems, IP
Phones, network printers and other network devices which support router
TFTP protocol. WinTFTP Server Pro can be used for writing router
configuration or firmware files as well. The server application together
with the client application can be used to transfer files between computers.
This multithreading server application may be used in very
complex network configuration for network monitoring software at all
network devices. This include modem configuration CATV TFTP with CMTS
systems. Is configured to use up to 4 network card interfaces using a
visual interface on display. The freeware tftp client application is
included within the installation kit.
Wintftp server free for professionals supports the TFTP Option
Negotiation Protocol. The client appends options at the end of the Read
Request or Write request packet. It also supports the TFTP Blocksize
Option which allows the free client tftp and free server tftp to
negotiate a block size more applicable to the network environment.
WinTFTP Server Pro 3
Ace Fekay [MVP-DS, MCT]
>
What does this have to do with this thread????
Jonathan de Boyne Pollard
["WinTFTP" <win...@wintftp.com> wrote message news:hmp1lt$1ma6$2...@adenine.netfront.net]
What does this have to do with this thread????
You surprise me.� I was expecting the usual response.� I've done it
for you.� I'm not sure why it's the usual response, mind
you.� Such a response seems like simple amplification of the problem,
to me.� This particular message that you replied to currently has a
Breidbart Index of 9, which is less than the required threshold.
Ace Fekay [MVP-DS, MCT]
>
> ["WinTFTP" <win...@wintftp.com> wrote message news:hmp1lt$1ma6$2...@adenine.netfront.net]
>
> What does this have to do with this thread????
>
>
> I've done it for you. I'm not sure why it's the usual response, mind you.
> Breidbart Index of 9, which is less than the required threshold.
>
>
I should have just ignored it, knowing it was spam. And honestly, I never heard of the Breidbart Index, so I had to look it up. :-)
Breidbart Index - Wikipedia, the free encyclopediaThe Breidbart Index, developed by Seth Breidbart, is the most significant cancel index in Usenet. A cancel index measures the dissemination intensity of ...
Cancel Index - Breidbart Index (BI) - Breidbart-Index, Version 2 (BI2)
http://en.wikipedia.org/wiki/Breidbart_Index
Ace
Gufus
04 Mar 10, Ace Fekay [MVP-DS, MCT] writes to WinTFTP:
> What does this have to do with this thread????
It's a sale's pitch.
--
K Klement
Enhance your marketing at http://www.gypsy-designs.com
mailto:in...@gypsy-designs.com
Gypsy Designs Fax: (403) 242-3221
... Knowledge is power.
Kevin Klement
16:02:39 MDT]
From: Gufus [G] <STOP.NOS...@shaw.ca> *
Subject: Re: wintftp
Hello, Gufus!
You wrote in conference comp.os.ms-windows.nt.admin.networking to All
on Mon, 15 Mar 2010 16:02:39 MDT:
G> 04 Mar 10, Ace Fekay [MVP-DS, MCT] writes to WinTFTP:
??>> What does this have to do with this thread????
G> It's a sale's pitch.
Ops..
Please ignore.
With best regards, Kevin Klement. E-mail: in...@gypsy-designs.com
--- VSoup v1.2.9.47Beta [95/NT]
* Origin: Gypsy BBS -- Gypsy Designs Calgary CDN
Message-ID: 12686...@f77.n342.z1.fidonet.org