Problems synchronizing time between Windows W32Time and Linux NTP

  • 7015424
  • 24-Jul-2014
  • 24-Jul-2014

Environment

NetIQ eDirectory 8.8 SP8 for Linux

Situation

A company's SLES 11 servers have had their NTP daemon configured to pull time from two Windows 2008 R2 servers running W32Time.  Periodically, the SLES 11 servers will not trust the Windows 2008 servers' time.
 
From a SLES 11 command line, running ntpq -p shows both of the time sources configured without an asterisk to its left indicating neither time source is trusted as shown below.
 :~# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
2008svr-1 192.168.1.123 4 u   44   64  377    0.238  1236.02   5.517
2008svr-2 192.168.1.124 4 u   46   64  377    0.209  1231.82   8.241
The reach value of 377 indicates there is no problem in contacting the server.  However, there is an offset (difference in time between this sever and its time source) of 1.2 seconds.
 
The following can also be seen in the /var/log/ntp
3 May 17:54:28 ntpd[1568]: synchronized to 192.168.1.123, stratum 4
3 May 18:36:33 ntpd[1568]: ntpd exiting on signal 15

 

Resolution

This is not a supported configuration.  Neither Microsoft nor the Linux community recommends having NTP clients getting their time from the W32Time service that comes standard with Windows server.
 
The W32Time service cannot be used as a reliable time source for a NTP client daemon.  W32Time was designed for Kerberos which has a 5 minute tolerance. The best time resolution W3Time can provide is 1-2 seconds from actual time.  Moreover, Windows will accept an offset (time difference) of 1 year with no problem.

The NTP daemon is designed for high accuracy environments.  It can resolve time down to 250 picoseconds (trillionths).  NTP, by default, not trust anything off by 1000ms and will actually unload if the offset is more than 1000 seconds.
More information can be found here: http://technet.microsoft.com/en-us/library/cc773061%28v=ws.10%29.aspx

The only supported resolution to this mix of platforms is:
1. Use NTP servers to provide reference time to other NTP clients as well as the Windows servers.  It is also recommended to have at least three reference servers.  This helps break a tie else when two are in disagreement.  The reference servers will, in turn, pull their time from a reliable non-virtualized time source also running NTP.
 2. Install a 3rd party NTP application on the Windows server (IE., ntp.org).