Time Synchronization

Old Content

This content is old! It’s still useful, but it’s old, and there may be bit rot, newer/better tools or ways to do things. Sanity check and do your research.

Daylight Saving Time Switch

In 2007, the US and Canada, as well as others, changed the rules for when Daylight Saving Time begins and ends. In my opinion this is sheer idiocy, but then, they didn’t ask me. Anyway, it really screwed up quite a lot of things, many of which are not in our power to easily fix (GPS, car GPS, VCRs, embedded systems like cheap routers, and much more). Here are some resources:

Importance

If time is not consistent across your network

  1. ISO/IEC 17799:2000(E) (AKA BS7799), clause 9.7.3 specifies “Clock synchronization:” “[…]Where a computer or communications device has the capability to operate a real-time clock, it should be set to an agreed standard, e.g. Universal Coordinated Time (UCT) or local standard time. As some clocks are known to drift with time, there should be a procedure that checks for and corrects any significant variation.”
  2. Event Logging, Auditing or Intrusion Detection across different systems becomes very difficult.
  3. Many cryptographic functions, especially those involving key creation, exchange and expiration, as well as “ticketing” functions such as used by Kerberos require precise time synchronization.
  4. Event or program scheduling may not work as expected.
  5. Client/Server transactions may not work as expected (transaction precedence is incorrect).
  6. There may be legal issues when submitting logs or other material as evidence if the time is not known to be correct. 1
  7. Security certificates, WWW Cookies, DHCP and WINS leases may not work as expected.
  8. High Availability or clustering solutions may depend on members clocks being exactly synchronized.
  9. File creation and access times will be wrong across different computers, thus:
    1. Differential, Incremental or other backups may not work as expected.
    2. Revision control systems (such as CVS) may not work properly.
    3. E-Mail Message time stamps may be wrong, leading to unexpected transmission issues.
  10. NetWare NDS will not work right unless all NDS servers have the same time.
  11. Neither will Active Directory, even though it says it will. If you have an object collision (two objects are modified at the same time by different people on different masters) the time stamp is used to help resolve the conflict. If time is not synchronized, the results will not be as expected.

For more uses or requirements for time synchronization, search the RFCs for other RFCs that specify the use of NTP.

Time & Time Tips

Fascinating book review and thread on NTP and time issues at Slashdot.

  • Why is UTC used as the acronym for Coordinated Universal Time instead of CUT? In 1970 the Coordinated Universal Time system was devised by an international advisory group of technical experts within the International Telecommunication Union (ITU). The ITU felt it was best to designate a single abbreviation for use in all languages in order to minimize confusion. Since unanimous agreement could not be achieved on using either the English word order, CUT, or the French word order, TUC, the acronym UTC was chosen as a compromise.

  • Which is correct, UTC or GMT? Does GMT have summer time? From http://wwp.greenwichmeantime.com/home.htm During the Summer the UK is on British Summer Time which is 1 hour ahead of GMT (GMT+1). […] GMT is fixed all year and does not switch to daylight savings time. […] Although GMT has been replaced by atomic time (UTC) it is still widely regarded as the correct time for every international time zone. Greenwich Mean Time is international time, the basis of the world time clock. Marks precision time and military time (sometimes called Zulu Time). […]

  • What some critical and significant dates in computing? See J R Stockton’s Critical and Significant Dates.

  • Hey, what time is it anyway? About comp.protocols.time.ntp: life imitates art.

Time & Time Zone Links

Time Synchronization Tools

NTP Tools for Windows

  • First read public NTP time servers for everyone and the NTP Pool for vendors.
  • By far the best NTP client and server that I found is Tardis. It runs as an NTP client and NTP server. There is one version that is an NT4/Win2K service, and another that runs as a normal application under Win9x/ME. It has only one minor problem – it’s not free. It runs from $20 to $2,000 USD, see the web site for details.
  • The next best is the “official” NTP package from David Mills. Only the source is available from the Time Server site, but compiled binaries for Windows are available.
  • NTP for Windows NT/2000/XP/2003/Vista is an NTP for Windows binary port and installer, along with a cool monitoring GUI.
  • If you own the NT Resource Kit (or a newer ResKit), you should look into the NTRK TimeServ utility. While you can only get the TimeServ tool from the NTRK, you can find more information about it, and time in general at Doug Hogarth’s Niceties site, specifically the TimeServ page. Also see other built-in Windows options below.
  • Tom Horsley’s NTP Time for Windows is a nice NTP client program. It is free, but is a client only, and can be configured to talk to only one NTP server at a time. NTP works much better when referencing a pool of servers.
  • I have also used the very cool AboutTime program, which is a Daytime/TCP, Time/TCP, Time/UDP and SNTP client and server. It runs under any Windows version, but does not run as a service. It is free!
  • I’ve used Dimension4, which is a free client for Time and NTP.
  • There are also Tardis/K9, which are excellent shareware tools.
  • And for a minimalistic web site but neat sounding tool, see Graham Mainwaring’s NetTime, at Sourceforge.

The Microsoft Networking “Net Time” Command

Displays the time on or synchronizes your computer’s clock with the shared clock on a Microsoft Windows for Workgroups, Windows NT, Windows 95, or NetWare time server.

NET TIME [\\computer | /WORKGROUP:wgname] [/SET] [/YES]

  computer    Specifies the name of the computer (time
              server) whose time you want to check or
              synchronize your computer's clock with.

  /WORKGROUP  Specifies that you want to use the clock on a
              computer (time server) in another workgroup.

  wgname      Specifies the name of the workgroup containing
              a computer whose clock you want to check or
              synchronize your computer's clock with. If
              there are multiple time servers in that
              workgroup, NET TIME uses the first one it
              finds.

  /SET        Synchronizes your computer's clock with the
              clock on the computer or workgroup you
              specify.

  /YES        Carries out the NET TIME command without
              first prompting you to provide information or
              confirm actions.

For example, if your PCD is named MYPDC, the following command in a shortcut in your Startup Group, or in a logon script will synchronize a client PC’s time at logon. Note, if your clients never log off, this will not work. Of course, that’s very bad for other reasons. This works for any system that runs Microsoft Networking. You can even sync again a Linux server running Samba with this command, if you’d like!

“net time \\MYPDC /set/ yes”

Win2K NTP Time Service

Win2K has a very simple SNTP facility built in: “net time /setsntp[:NTP server list]”. See the following for more information:

Here is the batch file I use, since I find the documentation lacking and the usage statement obscure:

@echo off
REM Win2k-SNTP.bat -- Set Win2K SNTP service
REM v1.0 25-May-2001 JP Vossen JPATjpsdomainDOTorg

REM v1.1 22-Jun-2001 JPV Changed to use home NTP time source only

rem NOTE: The Win2K "Windows Time" service is manual by default, so you have to
rem set it to automatic and start it. Also, it will attempt to use all specified
rem time sources and get an "average" so only specify servers that will be
rem available at all times. Do not use the list as a set of sequential
rem "failover" servers (as I did in v1.0 of this).

rem NET TIME /SETSNTP:"192.168.1.11 172.16.1.1 10.1.1. 10.1.1.2"
NET TIME /SETSNTP:"192.168.1.11"

You can see how it’s currently set by using this command: “net time /querysntp” which will return something like:

The current SNTP value is: 192.168.1.11
The command completed successfully.

NTP Tools for Netware

  1. First read public NTP time servers for everyone and the NTP Pool for vendors, don’t use the ones listed in TID 10011518.
  2. Set one NetWare server as the SINGLE Reference server. This server will sync itself to the NTP time.
    • Load MONITOR.NLM | Server Parameters | Time, change the following parameters
      • Default Time Server Type = SINGLE
      • TIMESYNC Configured Sources = ON
      • TIMESYNC Time Sources = <2-4 NTP time sources>:123; Where 123 is the NTP port on that time source.
        • Example: TIMESYNC Time Sources = 172.31.1.1:123;172.31.2.1:123;172.31.3.1:123;
  3. Set any/all other NetWare servers as SECONDARY.
  1. First read public NTP time servers for everyone and the NTP Pool for vendors, don’t use the ones listed in TID 10011518.
  2. Set one NetWare server as the REFERENCE server. This server will sync itself to the NTP time.
    • Load MONITOR.NLM | Server Parameters | Time, change the following parameters
      • Default Time Server Type = REFERENCE
      • Time Server Type = REFERENCE
      • TIMESYNC Configured Sources = ON
      • TIMESYNC Time Sources = <At least one PRIMARY server>;<2-4 NTP time sources>:123;
  3. Set one other NetWare server at the main site, and one NetWare server at each remote site as a PRIMARY server.
    • Load MONITOR.NLM | Server Parameters | Time, change the following parameters
      • Default Time Server Type = PRIMARY
      • Time Server Type = PRIMARY
      • TIMESYNC Configured Sources = ON
      • TIMESYNC Time Sources = <Your REFERENCE server from step 2>;
  4. Set all other NetWare servers as SECONDARY.
    • Load MONITOR.NLM | Server Parameters | Time, change the following parameters
      • Default Time Server Type = SECONDARY
      • Time Server Type = SECONDARY
      • TIMESYNC Configured Sources = ON
      • TIMESYNC Time Sources = <The closest PRIMARY server from step 3>;

Note: usually, the REFERENCE server does not ever change it’s own time, it just serves the time. However, when using NTP, the REFERENCE server will adjust its local clock to synchronize with the NTP time source. See the middle of TID 10050215.

Thanks to Steve Schrank & Bob Kulp for some of these Netware pointers.

NTP Tools for UNIX

See the following articles as well. They are Sun centric, but still relevant for other UNIX systems:

NTP for Cisco IOS

Thanks to Greg Sottile for this section on IOS.

With that said, the commands are the following:

IOS Commands Description
clock timezone est -5 Set your correct time zone.
clock summer-time edt recurring Set daylight savings.
ntp master 6 Become an NTP server.
ntp update-calendar Periodically set calendar from an NTP server. Supported by 7000, 7200, 4500.
ntp server {insert your favorite NTP server here} NTP server from which to get the time

NTP for Nokia IPSO

IPSO comes with xNTP, but you can’t change the default polling, which is something like every minute and a half. Until Voyager is enhanced to provide this capability, there is no easy way to do it. You could edit the ntp.conf file, but Voyager will overwrite it at bootup.

S50fixntp.sh is a script I got from Nokia support database resolution 3808 (Thanks Dameon), with minor modifications and additional documentation. Read the code for more details. Then read public NTP time servers for everyone and the NTP Pool for vendors.

Other Lists of Time Client and/or Server Programs

Time Protocols

Port Name Description/Accuracy Source
13 tcp/udp Daytime Returns the day and time in an ASCII string. No accounting for different time zones, daylight savings, etc. Very inaccurate. RFC867
37 tcp/udp Timeserver Returns the number of seconds since 00:00 (midnight) 1 January 1900 GMT, such that the time 1 is 2:00:01 am on 1 January 1900 GMT. No accounting for different time zones, daylight savings, etc. Very inaccurate. RFC868
52 tcp/udp Xns-time Xerox Time ( RFC1700)
123 tcp/udp NTP/SNTP NTP (Network Time Protocol) or SNTP (Simple Network Time Protocol). Accurate to the limitations of the clock hardware. RFC1305, RFC2030
309 EntrusTime ??? Entrust Time protocol ??? GnatBox Admin Tool
519 tcp/udp unixtime utime ( RFC1700)
525 tcp/udp Timeserver Timed ( RFC1700)
1506 Utcd UTC (Universal Time Coordinated, AKA GMT, AKA Zulu) daemon GnatBox Admin Tool

Notes:

  1. Protocols marked with ( RFC1700) are listed, but not defined in the RFC.
  2. Protocols marked with GnatBox Admin Tool are listed in the services list in the executable.
Old Content

This content is old! It’s still useful, but it’s old, and there may be bit rot, newer/better tools or ways to do things. Sanity check and do your research.

  1. See Securing Windows NT/2000 Servers for the Internet by Stefan Norberg, page 153. ↩︎