This article describes how to configure the Windows Time service in Microsoft Windows Server 2000. The Windows Time service can be configured to use an internal hardware clock or an external time source. We recommend that you use an internal hardware clock.

Windows includes W32Time, the Time service tool that is required by the Kerberos authentication protocol. The purpose of the Windows Time service is to make sure that all computers that are running Windows 2000 or later versions in an organization use a common time. To guarantee appropriate common time usage, the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops.

By default, Windows-based computers use the following hierarchy:

•	All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
•	All member servers follow the same process as client desktop computers.
•	Domain controllers may nominate the primary domain controller (PDC) operations master as their in-bound time partner but may use a parent domain controller based on stratum numbering.
•	All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner.

Following this hierarchy, the PDC operations master at the root of the forest becomes authoritative for the organization. We highly recommend that you configure the authoritative Time Server to gather the time from a hardware source. When you configure the authoritative Time Server to sync with an Internet time source, there is no authentication. We also recommend that you reduce your time correction settings for your servers and stand-alone clients. These recommendations provide more accuracy and security to your domain.

Configuring the Windows Time service to use an internal hardware clock

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

We highly recommend that you configure the authoritative time server to gather the time from a hardware source. When you configure the authoritative Time Server to sync with an Internet time source, there is no authentication. To configure Windows Time service to use an internal hardware clock, follow these steps:

1.	Click Start, click Run, type regedit, and then click OK.
2.	Locate and then click the following registry subkey: HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
3.	In the right pane, right-click ReliableTimeSource, and then click Modify.
4.	In Edit DWORD Value, type 1 in the Value data box, and then click OK.
5.	Locate and then click the following registry subkey: HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
6.	In the right pane, right-click LocalNTP, and then click Modify.
7.	In Edit DWORD Value, type 1 in the Value data box, and then click OK.
8.	Quit Registry Editor.
9.	At the command prompt, type the following command to restart the Windows Time service, and then press ENTER: net stop w32time && net start w32time
10.	Run the following command on all the computers other than the Time Server to reset the local computer's time against the Time Server: w32tm -s

Note You must not configure the Time Server to synchronize with itself. If you configure the Time Server to synchronize with itself, the following events are logged in the Application log:

The time provider NtpClient cannot reach or is currently receiving invalid time data from 192.168.1.1 (ntp.m|0x0|192.168.1.1:123->192.168.1.1:123).

No response has been received from Manual peer 192.168.1.1 after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer from which to synchronize.

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 960 minutes. NtpClient has no source of accurate time.

For more information about the w32tm command, type the following command at a command prompt:

Configuring Windows Time service to use an external time source

Administrators can configure the Windows Time service on the PDC operations master at the root of the forest to recognize an external Simple Network Time Protocol (SNTP) time server as authoritative. For example, you can use the Microsoft time server (time.windows.com) as the external SNTP time server. To configure Windows Time service to use an external SNTP time server, follow these steps:

1.	Click Start, click Run, type regedit, and then click OK.
2.	Follow these steps to change the server type to NTP: a. Locate and then click the following registry subkey: HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters b. In the right pane, right-click TYPE, and then click Modify. c. In Edit Value, type NTP in the Value data box, and then click OK.
3.	Follow these steps to configure the server as a reliable time source: a. In the right pane, right-click ReliableTimeSource, and then click Modify. b. In Edit DWORD Value, type 1 in the Value data box, and then click OK.
4.	Follow these steps to configure the server LocalNTP to 1: a. In the right pane, right-click LocalNTP, and then click Modify. b. In Edit DWORD Value, type 1 in the Value data box, and then click OK.
5.	Follow these steps to specify the time sources: a. In the right pane, right-click NtpServer, and then click Modify. b. In Edit Value, type Peers in the Value data box, and then click OK. Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique.
6.	For Windows 2000 Service Pack 4 only, set the time correction setting. To do this, follow these steps: a. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters b. In the right pane, right-click MaxAllowedClockErrInSecs, and then click Modify. c. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK. Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900. This value configures the Time Server to poll every 15 minutes.
7.	Follow these steps to set the poll interval: a. Locate and then click the following registry subkey: HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters b. In the right pane, right-click Period, and then click Modify. c. In Edit DWORD Value, type 24 in the Value data box, and then click OK.
8.	On the File menu, click Exit to exit Registry Editor.
9.	At the command prompt, type the following command to restart the Windows Time service, and then press ENTER: net stop w32time && net start w32time
10.	Run the following command on all the computers other than the Time Server to reset the local computer's time against the Time Server: w32tm -s

By default, SNTP uses User Datagram Protocol (UDP) port 123. If this port is not open to the Internet, you cannot synchronize your server to Internet SNTP servers. A computer that is configured to be a reliable time source is identified as the root of the Windows Time service. The root of the Time service is the authoritative server for the domain and typically is configured to retrieve time from an external NTP server or a hardware device. A time server can be configured as a reliable time source to optimize how time is transferred throughout the domain hierarchy. If a domain controller is configured to be a reliable time source, the Net Logon service announces that domain controller as a reliable time source when it logs on to the network. When other domain controllers look for a time source to synchronize with, they choose a reliable source first if one is available.

The HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Period registry key controls how frequently the Windows Time service synchronizes. If a value is specified, it must be one of the special values in the following list:

•	65531, "DailySpecialSkew" - Sets synchronization to one time every 45 minutes until successful one time, then one time every day.
•	65532, "SpecialSkew" - Sets synchronization to one time every 45 minutes until successful three times, then one time every eight hours. This is the default setting.
•	65533, "Weekly" - Sets synchronization to one time every seven days.
•	65534, "Tridaily" - Sets synchronization to one time every three days.
•	65535, "BiDaily" - Sets synchronization to one time every two days.
•	0 - For NT5DS, the synchronization is one time every 45 minutes until successful three times, then one time every eight hours. For NTP, the synchronization is one time every 8 hours.
•	freq - freq stands for the number of times per day you want Windows Time service to synchronize. If want to use a value other than any one of those specified earlier, you must use this option.

For additional information about the Windows Time service, click the following article numbers to view the articles in the Microsoft Knowledge Base:
For additional information about the Windows Time service in Windows 2000 Server, see the "The Windows Time Service" white paper. To download this document, visit the following Microsoft Web site:
For additional information about the Windows Time service in a Windows Server 2003-based forest, visit the following Web site: