Modifying the Registry for NTP Access(Authoritative)--Doesn't Look Right
W. Watson
This <http://support.microsoft.com/default.aspx?scid=kb;en-us;314054> shows steps to
modify the registry to use NTP as an external source. Step 3 asks that
SpecialPolInterval be changed to TimeInSeconds. The current value is binary. I have a
limited knowledge of the use of regedit, but this looks wrong.
BTW, before attempting to modify the registry I exported it. I made a mistake early,
and decided to import the file. It looks like it did this successfully, but gave me a
message at the end that said something like it could not restore all values because
they were in use. Close to that wording. What's that about. I had no windows open.
--
Wayne T. Watson (Watson Adventures, Prop., Nevada City, CA)
(121.015 Deg. W, 39.262 Deg. N) GMT-8 hr std. time)
Obz Site: 39° 15' 7" N, 121° 2' 32" W, 2700 feet
Web Page: <home.earthlink.net/~mtnviews>
rdge...@cablelynx.com
W. Watson wrote:
> Win XP Pro.
> This <http://support.microsoft.com/default.aspx?scid=kb;en-us;314054
> shows steps to
> modify the registry to use NTP as an external source. Step 3 asks
that
> SpecialPolInterval be changed to TimeInSeconds. The current value is
binary.
Something sounds off here -- this is not a "binary" value. See below.
>I have a limited knowledge of the use of regedit, but this looks
wrong.
Sure does ... [:-(
> BTW, before attempting to modify the registry I exported it. I made a
mistake early,
> and decided to import the file. It looks like it did this
successfully, but gave me a
> message at the end that said something like it could not restore all
values because
> they were in use. Close to that wording. What's that about. I had no
windows open.
It's a registry check so that it's not hacked (among other reasons).
"In use" means there is _some_ part of the system that is monitoring it
for changes -- like when you are editing ;-) I usually save the
sub-key folder I'm editing, make edits, open the reg file to check I
haven't just pooped on the registry, then close regedit when I'm
comfortable.
In fact, for what you were doing, I would probably have saved the
sub-key folder
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\ and just
edited the values by hand, then imported it.
But, back to Step 3 ...
c.
In the Edit DWORD Value dialog box, under Value data, type
'TimeInSeconds', and then click OK.
A DWORD should present you a dialog with an edit field and two radio
buttons: 1) decimal 2) hex. Check decimal and just enter 900 (or
whatever you want to try). "900 Decimal" means that the only valid
keystrokes are "decimals", ie., 0-9. Base 16 hex valid keystrokes are
0-9, a-f, A-F. 900 decimal in hex is 0x384 -- that's what the hex key
on the desktop calculators is for ;-)
In step 6 the instructions are more specific:
b.
In the right pane, right-click MaxPosPhaseCorrection, and then click
Modify.
c.
In the Edit DWORD Value dialog box, under Base, click Decimal.
d.
In the Edit DWORD Value dialog box, under Value data, type
TimeInSeconds, and then click OK.
Same should apply for step 3.
But when you look at step 5 they use hex for the # one, ie., 0x1. Not
that this would matter as 1=0x1. Somebody in doc creation is messin'
with your head? Click the radio button to tell registry how you are
entering the data, ie., decimal or hex, and it will interpret what you
enter.
Binary values present you with a hex editor and if you've not used one
before (or even if you have) you have to be sure you're editing the
correct nybbles (the individual digits). The "value" may contain a
number of discrete pieces of data of different sizes.
That's why this DWORD value presenting itself as binary sounds like
something is not right with the XP world. It makes perfect sense that
# of seconds be a DWORD integer -- none that it be binary. Besides,
it's been declared DWORD since W2K or even NT.
Are you being presented with the hex editor for binary values? It
looks like a small, scrollabe window with hex numbers in neat, numbered
rows on the left and a column of gobbled characters -- some words mixed
with junk on the right.
I don't recall MS ever publishing a registry edit that involved a
binary value -- usually they just provide a reg file for that. If you
are getting the binary hex editor for a DWORD, something is broke.
hth,
prg
email above disabled
PS Here's the links for firewall stuff:
http://www.microsoft.com/technet/community/columns/cableguy/cg0104.mspx#EHAA
http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;886185
the Critical Update :(
rdge...@cablelynx.com
> Win XP Pro.
> This <http://support.microsoft.com/default.aspx?scid=kb;en-us;314054>
shows
> steps to modify the registry to use NTP as an external source. Step 3
asks
> that SpecialPolInterval be changed to TimeInSeconds. The current
value is
> binary. I have a limited knowledge of the use of regedit, but this
looks
> wrong.
Here is a list of instructions to get XP's ntpd server up and running.
It's broken down into several sections (posted separately) realated to
the purpose of the registry changes.
Note: you've seen many commandline instructions but they all suffer
from the fact that they reset certain, definitely not wanted, defaults.
That's why the setup is done in the registry and not the commandline.
You've got the w32time/ntpd up and running as a client, so the most
basic item of connecting out to a time server is taken care of.
Now we have to tell XP to act as a time _server_ for requesting clients
(your Linux box) as well.
The first thing is to shut down w32time while we edit the registry.
At commandline enter:
net stop w32time
We will re-start it when we are done.
ONE: Enable NTPServer
I suspect this is the "new way" for XP SP2, so we will check to see if
the registry subkey already exits. See a. If it does not exist we
will use the "old way" next below.
This is documented for W2K3: << we'll revisit this doc below
To do this, follow these steps:
a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer\Enabled
If this subkey does exist, skip the "old way" and go to "Doc for W2K3
found here:". If this subkey does not exist we use the "old way".
This is the "old" way and I'm not sure if this is now needed, but it
won't hurt.
a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
If LocalNTP already exists (in right pane) skip b?.and c?.
b?. From the Edit menu, select New, DWORD Value.
this may not be needed, LocalNTP exists already?
c?. Enter the name LocalNTP, then press Enter.
this may already exist, don't add a new one if so
d. Right-click LocalNTP, select Modify, set it to 1. Click OK.
This begins the series of changes that we must make. Other approaches
(especially pre-SP2) may work as well, but I've confirmed/coroborated
the following steps:
Doc for W2K3 found here:
http://www.isaserver.org/pages/article_p.asp?id=1291
(From MS docs but formatted better for my purposes. The gui guidance
may also be useful to you)
Have handy:
How to configure an authoritative time server in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314054
(you already have this, IIRC)
To configure the Windows Time service to use an external time source,
follow these steps:
(Done this already? Double check. You're in the neighborhood anyway,
so double check!:)
1. Change the server type to NTP. To do this, follow these steps:
a. Click Start, click Run, type regedit, and then click OK.
b. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
c. In the right pane, right-click Type, and then click Modify.
d. In Edit Value, type NTP in the Value data box, and then click OK.
2. Set AnnounceFlags to 5. To do this, follow these steps:
a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
b. In the right pane, right-click AnnounceFlags, and then click Modify.
c. In Edit DWORD Value, type 5 in the Value data box, and then click
OK.
me -- This must be set correctly or w32time may be flakey. This tells
XP to treat _your_ w32time as a reliable source to anyone who asks
(ie., Linux). 5 comes from this
1(Always a time server) + 4(Always a reliable time server) = 5
3. Enable NTPServer. To do this, follow these steps:
a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer\Enabled
b. In the right pane, right-click Enabled, and then click Modify.
c. In Edit DWORD Value, type 1 in the Value data box, and then click
OK.
me -- Here it is! We told XP that you want to act as a ntp time
server.
4. Specify the time sources. To do this, follow these steps:
a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer
b. In the right pane, right-click NtpServer, and then click Modify.
c. In Edit Value, type *Peers* in the Value data box, and then click
OK.
Note *Peers* is a placeholder for a space-delimited (ie., space
separated - me) list of peers from which your computer obtains time
stamps. ****Each DNS name that is listed must be unique. You must
append ,0x1 to the end of each DNS name. If you do not append ,0x1 to
the end of each DNS name, the changes made in step 5 will not take
effect.**** emphasis added - me You can use IP addres(ses) here.
me -- Some swear by DNS names, others not. Depends on how reliable
your DNS server is and the likelihood that the time server's IP will
change (names tend to remain the same). You may be tempted to use one
of the pool.ntp.org NTP 'pool.' members, but I do not recommend it for
your use. It's a round robin distribution of servers and you can't be
sure how close they are -- you need servers you _know_ are located
close to you. Later you can add/manage this list from gui? Need to
find where.
me again -- found some gui guidance. See at end of post.
Here is yet another list of public time servers -- several in Bay area.
http://support.microsoft.com/default.aspx?scid=kb;en-us;262680
me -- The following is the one you've had "trouble" with. See my
previous post on this matter if you haven't already.
http://groups-beta.google.com/group/microsoft.public.windowsxp.general/msg/80972226b9c08fc8
5. Select the poll interval. To do this, follow these steps:
a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
b. In the right pane, right-click SpecialPollInterval, and then click
Modify.
c. In Edit DWORD Value, type *TimeInSeconds* in the Value data box, and
then click OK.
Note *TimeInSeconds* is a placeholder for the number of seconds that
you want between each poll. A recommended value is 384. This value
configures the Time Server to poll every 15 minutes.
me -- You gotta get this out of the default setting which is once a
week for a stand-alone machine!
me again -- Notice the 384 suggested here; it implies that they are
looking for a hex value -- hex should be checked in the Vaule data box.
While a decimal value would probably work, the fact that they are
suggesting a hex value implies that the code is somehow more efficient
if restricted to some hex values (which 384 is!). Just enter 384 --
it is hex for 900 seconds=15 minutes. With your likely line
quality/speed it probably makes no sense for a lower value and too high
may obscure network conditions like spikes.
6. Configure the time correction settings. To do this, follow these
steps:
a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
b. In the right pane, right-click MaxPosPhaseCorrection, and then click
Modify.
c. In Edit DWORD Value, select Decimal in the Base box.
d. In Edit DWORD Value, type *TimeInSeconds* in the Value data box, and
then click OK.
Note *TimeInSeconds* is a placeholder for a reasonable value, such as 1
hour (3600) or 30 minutes (1800). The value that you select will depend
upon the poll interval, network condition, and external time source.
The default value for stand-alone clients and servers is 54,000 (15 hrs
-- YUK!).
me -- 3600 should be a good start. You may decide that the special
value -1 is needed -- says to always correct (but I'm not sure about
the implications of this in your situation. It is the default if
connected to a lan Domain).
These are the "basics" and there are many more to explore. I'll
include the most interesting ones in another post to keep the sections
smaller.
To get an idea whether it's synching set your XP clock _back_ about 5
minutes. With luck it may synch immediately or take as much as 15
minutes (the next poll) to ask for the time. Reboot should also be
immediate, but may not be inconvenient. You decide.
Re-start your time service from this commandline:
net start w32time
How to Configure Services
How to Start, Stop, Pause, Resume, or Restart a Service
NOTE: You must be logged on as an administrator or a member of the
Administrators group to complete this procedure. If your computer is
connected to a network, network policy settings may also prevent you
from completing this procedure.
1.
Click Start, click Control Panel, click Performance and Maintenance,
click Administrative Tools, and then double-click Services.
2.
In the Details pane, click the service.
3.
On the Action menu, click Start, Stop, Pause, Resume, or Restart.
4.
To configure the startup parameters for a service, right-click the
service, click Properties, and then type the parameters in the Start
parameters box before you click Start. These settings are used only
once and are not saved. A backslash character (\) is treated as an
escape character; type two backslashes for each backslash in a
parameter.
Notes:
·
If you stop, start, or restart a service, any dependent services are
also affected.
·
Changing the default service settings might prevent key services from
running correctly. Use caution when you change the Startup Type and Log
On As settings for services that are configured to start automatically.
Next installments will cover w32time tweaks and maintainence and
address some firewall issues that _may_ arise (hopefully not).
till next time,
prg
email above disabled
Note that computers running Windows XP use the Network Time Protocol
(NTP), while computers running Windows 2000 use the Simple Network Time
Protocol (SNTP).
rdge...@cablelynx.com
W. Watson wrote:
... Lot's of stuff. Believe me, lots of stuff. But it was thought he
might need this so ...
Section TWO: Is it up? Is it running?
Now that we have basic w32time service running ...
It is up and running, right?
Oops, afraid of that.
Can you ping the XP box from your ntp client (Linux)? If not, it's
time to get the connection working again. You will need to see whaat
net tool protocols are available in the firewall settings. See ICMP
Settings below.
If you can ping, then we can check a few things on XP before sniffing
packets on the wire.
>From the commandline type:
net stop w32time
w32tm -once
net start w32time
This gets the time set _if_ the server can be reached _and_ spits out
lots of info about the connection to the server -- what "kind" of time
is it providing? The numbers can be useful in tweaking registry
entries later on.
For now we're looking for:
...
W32Time: Timer calibrated, looped 1 times
...
W32Time: BEGIN:CMOSSynchSet
W32Time: Setting adjustment 156250 - Bool 0
W32Time: BEGIN:SetTSTimeRes
W32Time: END:Line 1295
W32Time: END:Line 864
...
W32Time: Advertising that I'm a Time Service Provider (?)
...
Seems we're working on XP.
Let's query the time server(s). From a commandline type:
net time \\ComputerName /querysntp
where ComputerName is the computer to query. Nice output, huh?
Before sniffing the wire we need to check that the firewall is not
boinking us. Look here for background:
http://www.theeldergeek.com/windows_firewall.htm
Click Start > Control Panel, then click the Security Center icon.
The [Manage Security Settings For] section at the bottom of Security
Center contains a Windows Firewall icon. Clicking it will open the
Windows Firewall property sheet.
The General Tab is, well, pretty general.
Click the Exceptions Tab. We need to be sure UDP port 123 is open for
the time service. If you can get out to a server, this should be open
already, but double check. Always pay to double check ;-)
Mmmm... need to add the port?
When you click AddPort, the Add a Port dialog box is displayed, from
which you can configure a TCP or UDP port.
The Advanced Tab can be used to refine how the fw works on this port,
but there's not much you can do except open or close the port. NTP uses
this one port for both directions -- sending and receiving (unlike just
about all other services). But you might be able to restrict it to
specific IP addresses to help with security -- never hurts.
Click Custom list: In the edit box ...
You can specify one or more IPv4 addresses or IPv4 address ranges
separated by commas. IPv4 address ranges typically correspond to
subnets. For IPv4 addresses, type the IPv4 address in dotted decimal
notation. For IPv4 address ranges, you can specify the range using a
dotted decimal subnet mask or a prefix length. When you use a dotted
decimal subnet mask, you can specify the range as an IPv4 network ID
(such as 10.47.81.0/255.255.255.0) or by using an IPv4 address within
the range (such as 10.47.81.231/255.255.255.0). When you use a network
prefix length, you can specify the range as an IPv4 network ID (such as
10.47.81.0/24) or by using an IPv4 address within the range (such as
10.47.81.231/24). An example custom list is the following:
10.91.12.56,10.7.14.9/255.255.255.0,10.116.45.0/255.255.255.0,172.16.31.11/24,172.16.111.0/24
ICMP Settings from the Advanced Tab
For network diagnostics you should click the ICMP Settings button and
check that the necessary messages are allowed through the firewall. If
you're unsure what a selection does, highlight it and read the
description. You will probably have to allow several message types.
You will probably want to come back after a diagnostic session and
disallow them back again.
For more complete coverage of WF see:
Troubleshooting tips:
http://www.microsoft.com/technet/prodtechnol/winxppro/support/wftshoot.mspx
General:
http://www.microsoft.com/technet/community/columns/cableguy/cg0104.mspx#EHAA
http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx
and don't forget the SP 2 Critical Update for dial-up connections:
http://support.microsoft.com/default.aspx?scid=kb;en-us;886185
With w32time running and the firewall checked to make sure it allows
out ntp traffic, it's time to see what the debugger will reveal. Mind
numbing error codes? We have to edit the registry to turn it on. Oh
joy, so much joy and happiness.
I had hoped that W.W. might need this or might be willing to turn it on
just to see what it might reveal about the nature of his time server
setup -- in a "challenging" environment. Oh well ...
Use Registry Editor at your own risk.
To turn on debug logging in the Windows Time service:
1.
Start Registry Editor.
2.
Locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
3.
On the Edit menu, click New Value, and then add the following registry
values:
Value Name: FileLogSize
Data Type: DWORD
Value data: 10000000 << 10 MB!
This registry value specifies the size of the log file in bytes.
Value name: FileLogName
Data Type: String
Value data: C:\Windows\Debug\w32time.log
This registry value specifies the location of the log file. The path
is
not fixed. You can use a different path.
Value name: FileLogEntries
Data Type: String
Value: 0-116
This registry value specifies the level of detail of the information
in
the debug log. If you must have more detailed logging information,
contact a Microsoft Support Professional. Ominous shudders ...
Note: The Data Type value must be of type REG_SZ (String). You must
type the value exactly as shown (that is, type 0-116). The highest
possible value is 0-300 for most detailed logging. The meaning of this
value is: Log all entries within the range of 0 and 116.
It's time to sniff the wire. Get ethereal here:
http://www.ethereal.com/download.html
Read the docs and sniff the wire ;-) Private instruction available for
an appropriate amount of $. Don't forget to save it to a capture file.
Worthy of noting:
XP Pro, by way of Local Group Policy, allows you to control/set many
aspects of your setup with a gui tool. To access it, from the
Start>Run box, type:
gpedit.msc
Look here for background/tips:
http://www.theeldergeek.com/gp04.htm
This tool is as dangerous/powerful as regedit, so don't go
experimenting just to see what happens ;-o you'll regret you did ...
The commandlne tool used to configure/manipulate w32time is called
'w32tm'. It's uses and options are outlined here:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/time_w32tm.mspx
It is also worth knowing about the 'net time' command. Usage can be
found here:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/net_time.mspx
These options are immediately handy:
\\ComputerName : "XXX" /set : Synchronizes the computer's clock with
the
time on the specified computer.
\\ComputerName : "XXX" /querysntp : Displays the name of the Network
Time Protocol (NTP) server currently configured for the
local computer or the one specified in ComputerName.
\\ComputerName : "XXX" /setsntp[:NTPServerList] :
Specifies a list of NTP time servers to be used by the
local
computer. The list can contain IP addresses or DNS names,
separated by spaces. If you use multiple time servers,
you must enclose the list in quotation marks.
Well, boys-n-girls, that's all for now. Stay tuned for the tweaking
episode in the next installment.
prg
email above disabled