How to configure NTP Server and NTP Client in Windows Server 2019

By | June 16, 2022

Configure NTP Server in Windows Server 2019

If the computer is an Active Directory Domain Controller, the NTP Server feature is enabled automatically. So, the following example is for a computer that needs to enable NTP Server in a WorkGroup environment.

Step 1. Run PowerShell with admin rights and configure the following:

Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # confirm current setting (follows are default settings) PS C:UsersAdministrator> Get-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesw32timeTimeProvidersNtpServer" InputProvider : 0 AllowNonstandardModeCombinations : 1 EventLogFlags : 0 ChainEntryTimeout : 16 ChainMaxEntries : 128 ChainMaxHostEntries : 4 ChainDisable : 0 ChainLoggingRate : 30 RequireSecureTimeSyncRequests : 0 DllName : C:WindowsSYSTEM32w32time.DLL Enabled : 0 PSPath : Microsoft.PowerShell.CoreRegistry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServ icesw32timeTimeProvidersNtpServer PSParentPath : Microsoft.PowerShell.CoreRegistry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServ icesw32timeTimeProviders PSChildName : NtpServer PSDrive : HKLM PSProvider : Microsoft.PowerShell.CoreRegistry # enable NTP Server feature PS C:UsersAdministrator> Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesw32timeTimeProvidersNtpServer" -Name "Enabled" -Value 1 # set [AnnounceFlags] to 5 # number means # 0x00 : Not a time server # 0x01 : Always time server # 0x02 : Automatic time server # 0x04 : Always reliable time server # 0x08 : Automatic reliable time server PS C:UsersAdministrator> Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetservicesW32TimeConfig" -Name "AnnounceFlags" -Value 5 # restart Windows Time service PS C:UsersAdministrator> Restart-Service w32Time # if Windows Firewall is running, allow NTP port PS C:UsersAdministrator> New-NetFirewallRule ` -Name "NTP Server Port" ` -DisplayName "NTP Server Port" ` -Description 'Allow NTP Server Port' ` -Profile Any ` -Direction Inbound ` -Action Allow ` -Protocol UDP ` -Program Any ` -LocalAddress Any ` -LocalPort 123 

Step 2. NTP Server Host also needs time synchronization with other Hosts as the NTP Client.

Configure NTP Client in Windows Server 2019

NTP Client settings are configured with NTP Server [time.windows.com] by default Windows, so if the computer is connected to the Internet, the date and time will be synchronized.

Furthermore, if the computer is in Active Directory Domain, the NTP Client settings are also configured as follows, so generally there is no need to change the settings:

  1. Domain Controller synchronizes time with PDC in the domain.
  2. The PDCs in a domain time synchronize with the PDCs in the Parent Domain (primary domain) or with other Domain Controllers.
  3. The client computers synchronize the time with the Domain Controller on which the client is currently logged on.

In the WorkGroup environment, you can change the default NTP server to other servers as follows.

Step 1. Run PowerShell with admin rights and configure the following:

Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # confirm current synchronization NTP Server PS C:UsersAdministrator> w32tm /query /source time.windows.com,0x8 # change target NTP Server (replace to your timezone server) # number means # 0x01 : SpecialInterval # 0x02 : UseAsFallbackOnly # 0x04 : SymmetricActive # 0x08 : NTP request in Client mode PS C:UsersAdministrator> Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesw32timeParameters" -Name "NtpServer" -Value "ntp.nict.jp,0x8" # restart Windows Time service PS C:UsersAdministrator> Restart-Service w32Time # re-sync manually PS C:UsersAdministrator> w32tm /resync Sending resync command to local computer The command completed successfully. # verify status PS C:UsersAdministrator> w32tm /query /status Leap Indicator: 0(no warning) Stratum: 4 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0252246s Root Dispersion: 0.0824040s ReferenceId: 0x85F3EEF3 (source IP: 133.243.238.243) Last Successful Sync Time: 9/23/2019 10:15:33 PM Source: ntp.nict.jp,0x8 Poll Interval: 8 (256s)

Step 2. If a computer is in an Active Directory domain environment and is a Forest Root, the synchronization target is usually configured to [Local CMOS Clock] (Hardware Clock). Then, if you want to change the setting from [Local CMOS Clock] to NTP server network, please set as follows:

Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # in AD Domain Environment, [Type] is set to [NT5DS] PS C:UsersAdministrator> (Get-Item -Path "HKLM:SYSTEMCurrentControlSetServicesw32timeParameters").GetValue("Type") NT5DS # if target is [Local CMOS Clock] but you'd like to change it, change [Type] to [NTP] first # next, change to NTP server with the same way in [1] section PS C:UsersAdministrator> Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesw32timeParameters" -Name "Type" -Value "NTP" 

Leave a Reply

Your email address will not be published.