Synchronize time with external NTP server on Windows Server 2008 (R2).

NTP synchronization is an important aspect for all computers on the network. By default, the clients computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source. I usually use the servers listed at the NTP Pool Project website. Before you begin, don’t forget to open the default UDP 123 port (in- and outbound) on your (corporate) firewall.

  1. First, locate your PDC Server. Open the command prompt and type: C:>netdom /query fsmo
  2. Log in to your PDC Server and open the command prompt.
  3. Stop the W32Time service: C:>net stop w32time
  4. Configure the external time sources, type: C:> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
  5. Make your PDC a reliable time source for the clients. Type: C:>w32tm /config /reliable:yes
  6. Start the w32time service: C:>net start w32time
  7. The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:>w32tm /query /configuration
  8. Check the Event Viewer for any errors.

Tested on Windows Server 2008 R2 (Build 7600).

Cheers!

– Marek.Z

101 Comments

  1. Thanks for this, it works very well but manualpeerlist needs quotes like this : w32tm /config /syncfromflags:manual /manualpeerlist:”0.ntp.pool.org, 1.ntp.pool.org, 2.ntp.pool.org”

      • It doesnt’ work with commas. This is the proper syntax as per pool.ntp.org website. I just rant it, then checked event viewer to confirm good time data.

        net stop w32time
        w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org”
        w32tm /config /reliable:yes
        net start w32time

        Check event viewer for time service entry and will see, for example:

        The time service is now synchronizing the system time with the time source 0.pool.ntp.org (ntp.m|0x0|0.0.0.0:123->206.108.0.133:123).

  2. The command put the whole string into the registry, quotes and all.

    This is what worked:

    w32tm /config /syncfromflags:manual “/manualpeerlist:time.chu.nrc.ca,0x1 ntp.uunet.ca,0x2”

    Hope that helps someone. 🙂

    • Hm.. strange, I’ve tested it on a W2k8 R2 server. It works without the quotes when you type the NTP servers wihout any spaces after the /manualpeerlist parameter.

  3. My Win2k8 R2 needed this. No spaces or quotes after /manualpeerlist:

    w32tm /config /syncfromflags:manual /manualpeerlist:0.ntp.pool.org,1.ntp.pool.org,2.ntp.pool.org

  4. Are the names of the time servers correct? When I check the link, it references *.pool.ntp.org. Your directions say ntp.pool.org.

    Incidentally, it didn’t work for me in 2k8R2 until I took out the space, despite the fact that help says the list should be space delimited:

    w32tm /config /syncfromflags:manual /manualpeerlist:”0.poolntp.org,1.pool.ntp.org,2.pool.ntp.org”

  5. That didn’t work for me. I had to remove both the quotes and the space, delimiting only by comma, ergo:

    w32tm /config /syncfromflags:manual /manualpeerlist:0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org

      • Marek thank you for this post, it seem to have saved so time for everyone.

        I think i know why people are having problem they are cutting and pasting the command which for some reason the qoute are cuaseing an issue.

        what i did was remove the qoute on notepad and put them back in. that seem to fix it.

        hopefully that makes sense.

        • Hi,

          Thanks for visit 🙂

          It seems that sometimes the quotes are needed and sometimes they not. Personally, I always retype the command. This way you should be able to identify the syntax error. Don’t be a copy-paste admin 🙂

          Cheers!

          Marek.Z

        • Sorry of my english … 🙂 but my w32tm help write: when I use more than one peer, I must use space between peers and “” to all switch …. eg. “/manualpeerlist:0.pool.ntp.org 1.pool.ntp.org 1.pool.ntp.org” … 😉

    • You can use quotes as long as there is no space between the argument manualpeerlist, the colon and the first quote

      …/manualpeerlist:”myntp…

  6. excellent post!
    this might also help someone:
    To clear the current time configuration, do the following:
    net stop w32time
    w32tm /unregister
    w32tm /register
    net start w32time

    unregistering will remove the whole w32tm key from the registry while registering will create a fresh key filled with the windows defaults.

    • Thank you so much, for the info here Johan, yours was the only thing that has worked for me – I work for a non-profit agency and we don’t spend much for IT – all our systems & peripherals are donated and they can’t afford to hire an experienced IT Tech so I’m it. Although it has literally been years since I’ve had anything to do with a server and that was only in school and you know how fast technology goes.

      All the other strings I typed in, not copy/pasted and I just kept getting the error that the command was unknown. So at least I got our system clocks to the correct time for now and I’ll probably have to repeat this step again but at least it works.

      Newbie IT Tech.

  7. Thanks! I used a combo of your instructions and those from M$:
    http://support.microsoft.com/kb/816042

    the list of servers needed to have ,0x1 after each entry and a space separating them to show up correctly in the NTPClient section of the registry. Otherwise only the first server on the list would populate.

  8. Worked like a champ for me, no modifications, typed as indicated, and after restarting the time service, the server picked up on the correct time right away.
    THANKS!!

  9. You can simplify this to two commands: (note these are both one line, they may wrap here)

    w32tm /config /syncfromflags:manual manualpeerlist:0.uk.pool.ntp.org,1.uk.pool.ntp.org /update /reliable:yes

    w32tm /resync

    No need to restart services, and no quotes as per MS documentation

  10. Thank you, finally a concise and straightforward way. It puzzles me that windows does not offer a GUI for this… RedHat even has one!
    Steve

  11. I’m not sure if anybody mentioned this, but the reason some people may be having problems with quotes is probably due to them being formatted.

    And yes this worked great, thanks.

    Eric

  12. Maybe too late now but in case anyone is wondering about the quotes & spaces thing, here’s the clarification – the commandline expects a single argument after a flag such as /manualpeerlist and a space tells it to end the arugment; quotes are used to make the string with spaces appear as one single argument. It’s the same as when you want to cd to Documents and Settings, for instance – it would be:
    c:> cd “Documents and Settings”

    Bottom line is, if you put spaces in between the peers in the peer list, you need the quotes; no spaces, don’t need the quotes.

  13. Hey there. thanks for helpful post.
    Just want to add some notes. I’ve found out recently that my 2008 R2 works weird with /manualpeerlist:”server0, server1, server2” and i changed to /manualpeerlist:time.nist.gov (just one domain)

    After this step it works fine.

  14. hi, i did the above actions and added multiple Time servers:

    w32tm /config /syncfromflags:manual /manualpeerlist:”0.oceania.pool.ntp.org,1.oceania.pool.ntp.org,2.oceania.pool.ntp.org,3.oceania.pool.ntp.org,ntp.mel.connect.com.au,toc.ntp.telstra.net”

    but still server time which is also DC, is 6 minutes slower than the actual time.

    what am i missing. please guide. Thanks

    • Hi,

      Did you checked your firewall? Are the appropriate ports open for NTP traffic? If so, telnet to these NTP hosts to check the connection.

      Cheers!

  15. Thanks for your excellent and succinct post. One note, I just followed this again as I had to set up a new home/consulting network doman PDC from scratch, as my old one had become corrupted by bad RAM in the server. This during a transition of server upgrades that left it as the only domain controller in the forest. Bad news, really. Anyway, the access to the external NTP servers seems to work fine with only an inbound rule allowing port 123 access enabled, with no outbound port 123 rule. FWIW, but I just verified by sorting by port numbers in my Windows firewall to be sure.

    • Hi,

      Thanks for your post. The inbound port needs to be opened for your clients accessing the DC and synchronizing the time. I was also referring to the corporate firewall, I’ll update the post.

      Cheers!

      – Marek.Z

  16. This is what worked for me.

    w32tm /config /syncfromflags:manual /manualpeerlist:”0.au.pool.ntp.org 1.au.pool.ntp.org 2.au.pool.ntp.org 3.au.pool.ntp.org” /update /reliable:yes
    w32tm /resync

    Keep in mind you can easily check whether it has worked by running
    w32tm /query /peers

    If you only see one peer then it’s not right. If you see multiple then all good. What you should see if you run the command above is written below. What I have noticed is that it will generally accept anything you put in but it needs to be as per the help section of w32tm /? which is space delimited and enclosed in quotes to get them all.

    w32tm /query /peers
    #Peers: 4

    Peer: 0.au.pool.ntp.org
    State: Active
    Time Remaining: 17.2309002s
    Mode: 1 (Symmetric Active)
    Stratum: 3 (secondary reference – syncd by (S)NTP)
    PeerPoll Interval: 6 (64s)
    HostPoll Interval: 6 (64s)

    Peer: 1.au.pool.ntp.org
    State: Active
    Time Remaining: 17.2309002s
    Mode: 1 (Symmetric Active)
    Stratum: 2 (secondary reference – syncd by (S)NTP)
    PeerPoll Interval: 6 (64s)
    HostPoll Interval: 6 (64s)

    Peer: 2.au.pool.ntp.org
    State: Active
    Time Remaining: 17.2309002s
    Mode: 1 (Symmetric Active)
    Stratum: 2 (secondary reference – syncd by (S)NTP)
    PeerPoll Interval: 6 (64s)
    HostPoll Interval: 6 (64s)

    Peer: 3.au.pool.ntp.org
    State: Active
    Time Remaining: 17.2309002s
    Mode: 1 (Symmetric Active)
    Stratum: 3 (secondary reference – syncd by (S)NTP)
    PeerPoll Interval: 6 (64s)
    HostPoll Interval: 6 (64s)

  17. Well the only way it worked for me ( Windows 2008 Server R2 With SP1
    Was …. /manualpeerlist:”timeserver1″ “timeserver2” “timeserver3” …….

    None of the others worked.

    cheers

      • I required our time sources between our storage devices, firewall and PDC to be synced, so now all devices get there time synced from the same source.

        his is what worked for me on our 2008R2 Standard SP1 Server:

        w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov /update /reliable:yes

        I then did a query using: w32tm /query /status

        Leap Indicator: 0(no warning)
        Stratum: 2 (secondary reference – syncd by (S)NTP)
        Precision: -6 (15.625ms per tick)
        Root Delay: 0.3060097s
        Root Dispersion: 7.7757678s
        ReferenceId: 0x808A8DAC (source IP: 128.138.141.172)
        Last Successful Sync Time: 12/22/2012 9:44:22 PM
        Source: time.nist.gov
        Poll Interval: 6 (64s)

        all working well.

  18. Thank you for these easy configuration steps!

    According http://support.microsoft.com/kb/816042/en-us and http://www.meinberg.de/english/faq/faq_28.htm, the 0x8 flag should be used.

    Statement from the KB article mentioned above: Note Use the 0x8 flag to force W32time to send normal client requests instead of symmetric active mode packets. The NTP servier replies to these normal client requests as usual.

    Used the following command for the configuration: w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8″ and it’s working.

  19. I just spent an hour on this. With 2008R2 use the “s and the ,0x1 at the end of each peer and a space between the peers. Until you get the w32tm /query /peers /verbose command to display each peer separately you haven’t got it right. The event log will tell you when you have it right imediatley with the /update.

  20. Great article, thanks. I wish M$ could write something like this. I think the problem folks are having copying and pasting is, even pasted into notepad, the leading ” was backwards. I had to delete it and type ” from my keyboard.

  21. Hi, First Of all thank you so much guys for sharing you great knowledge. It is helping people around the globe..Keep up the good work…
    I am from United arab emirates and when i checked this ntppool website the number of NTP servers in UAE is showing as Zero. My question is this will work for me or not??Your advise in this regards is highly appreciated.Thanks

  22. Thanks a lot, it works well, although i had to use 0.ntp.pool.org alone as 1.ntp.pool.org, 2.ntp.pool.org were unexpected arguments. Unless you remove spaces and the quotes. When querried, still shows 0.ntp.pool.org only

  23. you need to enclose the entire manualpeerlist parameter in quotes.e.g. “/manualpeerlist:0.ntp.pool.org, 1.ntp.pool.org, 2.ntp.pool.org”

    • I just had to paste the whole command but deleted and re-typed each double-quote individually. No need to wrap the whole switch in quotes.

  24. The command in Windows 2008 r2 must now be written as:
    w32tm / config / syncfromflags: manual / manualpeerlist: “0.pool.ntp.org”, “1.pool.ntp.org”, “2.pool.ntp.org”, “3.pool.ntp.org”

  25. Thanx, it helped :
    this worked in PS:

    w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org” /update /reliable:yes

  26. Dear All,

    I have two DC (primary and secondary) both i have configured as
    w32tm /config /manualpeer:172.25.11.90 /syncfromflags:MANUAL
    around 15 domain member servers are there, almost 80% of server synchornized but only few server not getting the time from DC. is that anything need to update the domain client server or DC.

  27. I’ve literally tried every suggestion on here and it still doesn’t work.

    I don’t blame anyone here, I blame Microsoft for this gross incompetence.

    I mean seriously, do I really need to go through 2 hours of trying to figure out how to set a F*%&’ing clock?!

    WHERE THE HELL IS STANDARDIZATION

    F MSFT

  28. it works like a charm for me in windows 7. if you do the copy paste, make sure you re-type the double quotes (using any text editor and repair the double quotes and copy paste from the text editor to command prompt). don’t forget one space button between ntp server lists.

  29. Hi All, i am new to NTP
    We have 3 No’s AD…..AD1 and AD2 have same time on both machine but is not the right time. AD3 has the right time (GMT +530, India).
    All of the clients are synchronizing with either AD1 or AD2 (not sure which from the two). Here are the list of things i need help with.

    1. When i change the time manually on AD1 or AD2 it gets changed back to the wrong time which is 10min ahead of the actual time. (changes automatically in 3 seconds every time i try changing manually). How to fix?
    2. How to check which AD is supplying the time sync to the clients?

    Please help.

  30. All the command completed successfully.but when I try to execute “w32tm /resync” command we get below error.

    C:>w32tm /resync
    Sending resync command to local computer
    The computer did not resync because no time data was available.

    C:>

  31. Thanks , works beautifully without needing to go through registry, as some other sites suggested

  32. Brilliant! Thanks. I had to take the spaces out between the time servers for Server 2012. Every other guide used reg edits so this was much easier…

  33. Thanks a lot. I have found this post very useful. I used it for two different networks. One Win2008R2 and the other Windows 2012 Server. I did retype the double quotes just in case otherwise the whole thing worked as is provided in here with out any problem.

  34. This was great thanks for the post! I had to put double quotes at the beginning and end of the peerlist to get the command to be accepted, also I wasn’t sure about the ,0x8 but the command worked and the query has all of the servers listed.

    w32tm /config /syncfromflags:manual /manualpeerlist:””0.pool.ntp.org,0×8″ “1.pool.ntp.org,0×8” “2.pool.ntp.org,0×8” “3.pool.ntp.org,0×8″” /update /reliable:yes

  35. What do you if you have an external masterclock supplying us with the universal time clock and his clock has an ip and with in a certain subnet

    • In that case you just point your PDC to that IP address so it will sync its time with your external masterclock.

  36. Hi Guys im using VMWARE EXSi. all my servers in VM, do we have steps to be followed in synchronizing the time before applying these long commands in the pdc server?

Leave a reply...