[KBA-00022] Synchronizing Time Across an Omnicast or Security Center System - Security Center 3.0 - 5.0 | Omnicastâ„¢ 4.0 - 4.8

series
Security Center 3.0 - 5.0 | Omnicastâ„¢ 4.0 - 4.8
revised_modified
2013-09-06

[KBA-00022] Synchronizing Time Across an Omnicast or Security Center System

This article describes how to synchronize the time across all computers in an Omnicast or Security Center system.

Summary

The Windows Time service (W32Time) is designed to maintain date and time synchronization for computers running Windows. W32Time is based on the Simple Network Time Protocol (SNTP) designed to ensure loose synchronization only, which means the clocks of all Windows machines in a forest will agree within 20 seconds of one another (or 2 seconds difference within a particular site).

If there is a domain-controller on the network, every computer on that domain will automatically be synchronized with that computer. Otherwise, manual configurations need to be made. Once well configured, the Time Server will synchronize the client clock periodically.

Synchronization does not always instantly change the time on the local machine. If the local clock time of the client is less than three minutes ahead of the time on the server, W32Time will quarter or halve the clock frequency for long enough to bring the clocks into sync. If the local clock time of the client is more than three minutes ahead of the time on the server, W32Time will change the local clock time immediately. If the local clock time of the client is behind the current time received from the server, W32Time will change the local clock time immediately.

More Information

On the PC we want to use as the Time Server:
  • Open a command prompt.
  • Stop your time service by typing the following command:
    • Net stop w32time [enter]
  • Wait for the confirmation message that the service has stopped.
  • Open the Windows Registry Editor (start / run / regedit)
  • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
  • Create or edit the following two registry keys:
    • NameLocalNTP (DWORD value): value=1.
    • ReliableTimeSource (DWORD value): value=1.
  • Close the Windows Registry Editor.
  • Start your time service by typing the following command:
    • Net start w32time [enter] Close the command prompt
On the PC we want to use as the SNTP clients:
  • Open a command prompt Type the following command(s):
    • Net stop w32time [enter].
  • w32tm /config /manualpeerlist:ntpserver /syncfromflags:MANUAL (where ntpserver is the IP address of the time server).
  • Net start w32time [enter]
  • w32tm /config /update
  • w32tm /resync (forces the 1st synchronization to the time server).
  • Close the command prompt.

By default, the time synchronization will occur once every 45 minutes until 3 good synchronizations occur, then once every 8 hours (3 per day in total).

Using Net Time:

If desired, the above steps can be replaced by a freeware like NetTime for Windows. You can downloaded this freeware from the following URL: https://gtap.genetec.com//Uploads/Downloads/8d986d98-8c32-4b65-b38a-324f79c1583e/NetTime-2b7.zip.
  • Unzip, install and run the Net Time client application.
  • On your Time Server, choose the option "Allow other computers to sync to this one".
  • On all the other machines, click the "Find" button in order to synch to the Time Server (TCP protocol must be used).
Troubleshooting errors: Make sure that UDP port 123 is open on all firewalls between you and the remote time servers that you wish to synchronize to.