Managing Windows Time Service (NTP) 25 Sep 2012
Many of us who have worked with Lync understand the importance of having all the Lync servers and clients synchronized with the correct time. This is due to MTLS and TLS communications between servers and clients which require that the time difference between any two peers cannot be greater than 5 minutes. In an environment with other 3rd party devices such as Polycom RMX MCUs and HDX Video Conferencing endpoints, the challenge becomes even greater. Although not widely documented, windows server actually comes with a NTP server running as the Windows Time service. By leveraging this NTP service, you can keep all your Lync servers and Lync-connected clients/endpoints properly time-synchronized.
Domain Controllers / Members
When a server is setup to be a domain controller, it will automatically run the Windows Time Service. You can manually start/stop the service using the command:
net start w32time
net stop w32time
With the exception of the Edge server and Reverse Proxy server, all other Lync server roles are domain members and will be automatically be configured to synchronize time with the domain controller(s). So for the Edge and RP roles, you should start the time service and set it to automatic start in the services mmc. But where does the domain controller get its time source from? by default, it uses the system clock on the BIOS as can be shown by running
w32tm -query -configuration
net start w32time
net stop w32time
With the exception of the Edge server and Reverse Proxy server, all other Lync server roles are domain members and will be automatically be configured to synchronize time with the domain controller(s). So for the Edge and RP roles, you should start the time service and set it to automatic start in the services mmc. But where does the domain controller get its time source from? by default, it uses the system clock on the BIOS as can be shown by running
w32tm -query -configuration
From the above output notice that the server is both a NTP server and client. Under the NTPClient you can see the InputProvider: 1 (Local) which means the server is querying a time source and using it to syncrhonize the servers time. In the Type field, you see NT5DS which is the default setting for domain controllers meaning it will take the time source from the domain hierarchy starting with the PDC Emulator in the forest followed by other domain controllers in forest or PDC Emulators in child domains. The PDC Emulator itself will get the time source from either a external NTP server such as ntp.pool.org or if not configured then using the local BIOS clock.
Under the NTPServer section you can see it's Enabled flag is set to 1 meaning it's serving NTP requests. NTP uses UDP port 123 to listen for requests. To see what time source is currently being used, run the command
w32tm /monitor and look at the output. It will show the hostname of the server being used as the NTP time source.
Under the NTPServer section you can see it's Enabled flag is set to 1 meaning it's serving NTP requests. NTP uses UDP port 123 to listen for requests. To see what time source is currently being used, run the command
w32tm /monitor and look at the output. It will show the hostname of the server being used as the NTP time source.
Configuring an externally reliable time source
Since the BIOS clock is not a reliable time source, you should configure the PDC Emulator to obtain time from an external time source. In Asia, we can use the NTP servers listed at http://www.pool.ntp.org/zone/asia. For example I use the sg.pool.ntp.org server. To configure your PDC, use the command
w32tm /config /update /manualpeerlist:sg.pool.ntp.org,0x1 /syncfromflags:MANUAL
and followed by
w32tm /resync /rediscover /nowait
w32tm /config /update /manualpeerlist:sg.pool.ntp.org,0x1 /syncfromflags:MANUAL
and followed by
w32tm /resync /rediscover /nowait
Now stop and restart the time service and the new settings should take effect.
The above procedure should be use on Lync Edge servers and Reverse Proxy servers but specifying the PDC emulator in the peer list. You should now be able to synchronize the time on the whole Lync server farm with a reliable time source. As always, comments and feedback are welcome at http://www.ucprimer.com/comments-discussions--feedback.html
The above procedure should be use on Lync Edge servers and Reverse Proxy servers but specifying the PDC emulator in the peer list. You should now be able to synchronize the time on the whole Lync server farm with a reliable time source. As always, comments and feedback are welcome at http://www.ucprimer.com/comments-discussions--feedback.html