Features, discussions, tips, tricks, questions, problems and feedback

Setting up a NTP Server and Client

#1

The IT assets of a SCADA solution are required to have their times synchronized using a single time source (NTP server). Typically, this is handled by the domain controller. However, if a domain controller is not available or the IT assets are part of a workgroup, then a time source should be nominated, the Agent Server being the most logical choice.

Note – This exercise is based on Windows server 2019 as the NTP server and Windows 10 as the NTP clients

NTP Server configuration

The following will be configured on the primary time source. This will require the access of the server registries, before doing any changes it’s recommended that a backup of the registries be taken and stored off the affected server.

Step 1: Open the Registry Editor

Open the “Run” application type in “regedit” and click OK.

Step 2: Editing the NTP server registry settings.

Browse to the following path in the registry editor: Computer>HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>W32Time>TimeProviders>NtpServer .

Step 2.1: Enable the NTPServer

Edit the REG_DWORD “Enabled” and set the “Value data” from 0 to 1

Step 2.2: Set Announce flags

Browse to the registry editor path:
Computer>HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>W32Time>Config
Edit the REG_DWORD “AnnounceFlags” and change the Value Data to 5. Using parameter 0x5 will make this time server always advertise its time as a reliable time source for clients.

Step 3: Setup the Windows Time Service

Open the windows service console and browse for the service “Windows Time”. Right click on the service and click on the properties of the service.
Set the dropdown box “Startup type” to “Automatic”. If the service is running restart the service else start the service.
Note – If the Server’s firewall is enabled the UDP Port 123 will need to be opened.

NTP Client Configuration

The following steps must be run on all PC that are required to have their time synchronized to the NTP server time source.

Step 1: Open Command prompt

The NTP client setting will need to be run from the command prompt, which is running with elevated rights, i.e. “Run as Administrator”.
Click on the start button and type “cmd” when the command prompt application appears select the “Run as Administrator” option in the start menu.

Step 2: Start the Windows Time service.

Before you can configure the Time service you will need to make sure the Windows time service is started. In the command prompt enter the following command
net start w32time
The service should respond with a started successfully.
Note – if the service is already running the service will respond accordingly.

Step: 3: Configure the NTP client

The following command line will configure the client to the connected server. In the example below the NTP time source’s IP address is “192.168.0.101”. Substitute your IP address or DNS name. In the command prompt enter the following command.

w32tm /config /manualpeerlist:“192.168.0.101” /syncfromflags:manual /update

The service should respond with the command completed successfully.

Step 3: Setup the Windows Time Service

Open the windows service console and browse for the service “Windows Time”. Right click on the service and click on the properties of the service.

Set the dropdown box “Startup type” to “Automatic”. If the service is running restart the service else start the service.

1 Like