Time synchronization in Security Center - Security Center 5.9

series
Security Center 5.9
revised_modified
2020-09-23

What is time synchronization?

Time synchronization occurs when all network components are on the exact same time as one another, or an external source of time.

Time synchronization is managed by your IT team or Windows domain and is required for Security Center to process timestamps for events and video archives.

About Windows Time service

The Windows Time service (W32Time) is designed to maintain date and time synchronization for computers running Windows. W32Time is based on the Simple Network Time Protocol (SNTP) designed to ensure loose synchronization only, which means the clocks of all Windows machines in a forest agree within 20 seconds of one another (or 2 seconds difference within a particular site).

If there is a domain-controller on the network, every computer on that domain is automatically synchronized with that computer. Otherwise, manual configurations must be made. When well configured, the Time Server synchronizes the client clock periodically.

Synchronization does not always instantly change the time on the local machine. If the local clock time of the client is less than three minutes ahead of the time on the server, W32Time quarters or halves the clock frequency long enough to bring the clocks into sync. If the local clock time of the client is more than three minutes ahead of the time on the server, W32Time changes the local clock time immediately. If the local clock time of the client is behind the current time received from the server, W32Time changes the local clock time immediately.

Why time synchronization is important

Time synchronization is important for working with schedules, timelines, logs, and failover. In a large-scale Security Center installation, devices and servers can be spread among multiple networks, spanning many timezones.

When all Security Center network components are time synchronized, you can avoid the following issues:

Expansion server does not connect
  • When you want to add a new server as an expansion server, it remains in a yellow warning state with the error message Server registered. Waiting for directory response.
  • When you have an existing expansion server and it goes offline for more than 2 seconds, the server remains offline and cannot reconnect.
Agent clock synchronicity error message in Config Tool
When your system has Archiver failover configured, an error message on the main Archiver is present in Config Tool.
Insufficient privileges error message in Security Desk on workstations
When your workstation is out of sync with the Directory, you receive an error message when dragging a camera to a tile in Security Desk.
Hot actions do not work when triggered from a workstation
When your workstation is out of sync with the Directory, hot actions triggered from the workstation do not work.
Error message requesting security information for cameras
When dragging a camera to a tile, the tile remains blank.
Missing features, tasks, and options on workstations
Even if you are logged in as Admin, Security Desk and Config Tool open with missing features, tasks, and options that should be available.
Sipelia™ functionality is impacted
  • When you try to register a workstation, the Sipelia™ configuration gets stuck on Registering without completing.
  • When making a Sipelia™ call from a workstation, the Unlock door button on the call screen does not work.
Access Manager related tasks and features do not work as intended
  • When the server hosting the Access Manager role is out of synch, Access Manager reports, door unlock schedules, and elevator access schedules are impacted.

Synchronizing time across Security Center network components

To synchronize the machines and devices of your system, you can use the embedded NTP synchronization in Windows, your domain controller, a third-party application, or perform a manual synchronization.

Before you begin

Make sure that UDP port 123 is open on all firewalls between you and the remote time servers you want to synchronize to.

What you should know

Embedded NTP synchronization in Windows is not always precise; there can be a difference of several seconds between machines in the network. Certain installations require a more precise synchronization. In this case, it is recommended that you install a full NTP client on your network from a third-party vendor and synchronize the rest of your systems to it with an SNTP client.

For information about setting up an external time server, see KB 816042 on the Microsoft Support web site.

Procedure

To set up the Windows NTP:

  1. On the machine to be used as the Time Server, open a command prompt.
    1. Stop your time service by typing Net stop w32time [enter].
    2. Wait for the confirmation message that the service has stopped.
    3. Open the Windows Registry Editor.
    4. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.
    5. Create or edit the following two registry keys:
      • NameLocalNTP (DWORD value): value=1.
      • ReliableTimeSource (DWORD value): value=1.
    6. Close the Windows Registry Editor.
    7. Start your time service by typing Net start w32time [enter].
    8. Close the command prompt.
  2. On the machine to be used as the SNTP clients:
    1. Open a command prompt and entire the following code:
      Net stop w32time [enter].
      w32tm /config /manualpeerlist:ntpserver /syncfromflags:MANUAL
      Net start w32time [enter] 
      w32tm /config /update 
      w32tm /resync

      ntpserver is the IP address of the time server.

    2. Close the command prompt.
    By default, the time is synchronized once every 45 minutes until 3 good synchronizations occur, and then once every 8 hours (3 per day in total).

To use a third-party application like Net Time:

  1. Download the Net Time freeware.
  2. Unzip, install, and run the Net Time client application.
  3. On your Time Server, choose the Allow other computers to sync to this one option.
  4. On all the other machines, click Find to synchronize to the Time Server.
    NOTE: TCP protocol must be used.

To synchronize the time manually:

  1. Open the Windows clock on all machines.
  2. Manually synchronize the clocks at the exact same time.