Microsoft KB Archive/224799

From BetaArchive Wiki
Knowledge Base


Article ID: 224799

Article Last Modified on 10/26/2007


APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition


This article was previously published under Q224799


SUMMARY

Windows 2000 uses a new time synchronization service to synchronize the date and time of computers running on a Windows 2000-based network. Synchronized time is critical in Window 2000 because the default authentication protocol (MIT Kerberos version 5) uses workstation time as part of the authentication ticket generation process.

The information in this article applies to Windows 2000 clients when they belong to a Windows 2000 Active Directory Domain. If the Windows 2000 clients belong to a workgroup, you must manually configure the time synchronization settings.

MORE INFORMATION

The Windows Time Synchronization service (W32Time) is a fully compliant implementation of the Simple Network Time Protocol (SNTP) as detailed in IETF RFC 1769.

Basic Operation

  1. Client Boot No client boot-specific information.

  2. Polling Loop
    1. The client contacts an authenticating domain controller.
      • Packets are exchanged to determine the latency of communication between the two computers.
      • W32Time determines what current time should be converged to locally, (the "target" time).
    2. The client adjusts the local time.
      • If the target time is ahead of local time, local time is immediately set to the target time.
      • If the target time is behind local time, the local clock is slowed (slewed) until the two times are aligned, unless local time is more than 3 minutes out of synchronization, in which case the time is immediately set.
    3. The time server client performs periodic checks.
      • The client connects to the authenticating domain controller once each "period."
      • The initial default period is 45 minutes.
    4. If the time synchronization attempt is successful three consecutive times, then the interval check period is increased to 8 hours. If it is not successful three consecutive times, then it is reset to 45 minutes.
  3. Time Convergence Hierarchy
    1. All client desktops select an authenticating domain controller (the domain controller returned by DSGetDCName()) as their time source. If this domain controller becomes unavailable, the client re-issues its request for a domain controller.
    2. All member servers follow the same process.
    3. All domain controllers in a domain make 3 queries for a DC:
      • a reliable time service (preferred) in the parent domain,
      • a reliable time service (required) in the current domain,
      • the PDC of the current domain. It will select one of these returned DCs as a time source.

    4. The PDC FSMO at the root of the forest is authoritative, and can be manually set to synchronize with an outside time source (such as the United States Naval Observatory).

For additional information about how to configure the Windows Time Service, click the article number below to view the article in the Microsoft Knowledge Base:

216734 How to Configure an Authoritative Time Server in Windows 2000


Keywords: kbproductlink kbenv kbinfo KB224799



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/224799&oldid=371143
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki