Windows Time Service

Windows Time Service

Reference Links

& 

Reference Links

The Computers running Windows Server 2003, XP use the Network Time Protocol (NTP),

Is used which give benefits such as more reliable time due to better correction methods.
This is configured using the new W32TM commands which we will look at later on.
Whereas Computers running Windows 2000 use the Simple Network Time Protocol (SNTP).
Configured with the NET TIME command.

Benefits and Purposes of Windows Time Service

The first question that we need to ask ourselves why do we need time synchronization? Well, in an Active 

Directory domain, it is very important for all clocks to be within 5 minutes of each other (by default) due to 

the implementation of the Kerberos protocol for authentication which relies on time stamped packets to prevent amongst other things, man-in-the-middle attacks. Another reason time sync is important for is because now Active Directory uses multi-master domain controllers (DCs) it is important that changes made at a later actual time on one DC don’t get overwritten by similar changes on another DC whose time is set wrong thus making it look like the most recent change!

The Kerberos V5 authentication protocol on a Windows Server 2003 family domain has a default time synchronization threshold of 5 minutes. Computers that are more than five minutes out of synchronization on the domain will fail to authenticate using the Kerberos protocol. This time value is also configurable, allowing for greater or lesser thresholds. Failure to authenticate using the Kerberos protocol can prevent logons and access to Web sites, file shares, printers, and other resources or services within a domain.
The Windows Time service is implemented in a dynamic link library called W32Time.dll. W32Time.dll is installed by default in the Systemroot\System32 folder during Windows Server 2003 setup and installation.

Port and Protocol

Port: NTP and SNTP use User Datagram Protocol (UDP) port 123 on time servers. If this port is not open to the Internet, you cannot synchronize your server to Internet SNTP or NTP servers.

Protocol: The service on Windows Server 2003 implements NTP to communicate with other computers on the network.

Forest Time Server configuration for Windows 2000 and 2003:

I am now going to look at how you setup your Windows 2000 machine to sync over the Internet and what protocol Windows 2000 users to do this. As mentioned briefly above, this is one of the differences between Windows 2003/XP and 2000. The protocol used for Windows 2000, is called Simple Network Time Protocol or SNTP. It is a “simple” version of NTP and lacks some of the more complex algorithms which provide more accurate and stable time for NTP clients. The way you set this up is to use the command line to enter the following:

NET TIME /SETSNTP:dnsnameofserver

For example, you could use the following:

NET TIME /SETSNTP:time.window.com

If you what to find out which server you setup a machine to sync to you can use the following command:

NET TIME /QUERYSNTP

Windows 2003 uses W32TM not NET TIME

As I mentioned above, Windows Server 2003 and Windows XP now use NTP instead of SNTP. Alongside that they now have a new way of configuring the WTS. The command that now does everything regarding WTS is:

w32tm

What these parameters actually do is control a registry entry called "Type" in:

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters 

This key is either set to

"NT5DS" if you're in an AD,

 or "NTP" if you're either not an AD member, or if you're the root domain's PDCe.

Actually, this key could also be set to “NoSync” to prevent any time sync taking place.

Once you have setup the PDC to sync with an external time source then what will happens?

Well, it tries to sync every 45 minutes until it achieves its first sync. Then after that, it syncs again every 45 minutes until it has done three successful syncs in a row. After that it syncs once every 8 hours.

If a domain controller is configured to be a reliable time source, in other words, it syncs with an external time source, the NetLogon service announces that domain controller as a reliable time source when it logs on to the network. When other domain controllers look for a time source to synchronize with, they choose a reliable source first if one is available. When a DC is intended to be a reliable time source you should ensure that the following registry key has a value of 5 if not then the default value 10 should be left in place.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time

\Config\AnnounceFlags

Group Policy Settings:

Group Policy can be used to control Windows Time Service for computers that are running Windows Server 2003 to limit the flow of information to and from the Internet.
The synchronization type and NTP time server information can be managed and controlled through Group Policy. The Windows Time Service Group Policy object (GPO) contains configuration settings that specify the synchronization type. When the synchronization type is set to NT5DS, Windows Time Service synchronizes its time resource with the network domain controller. Alternatively, setting the type attribute to NTP configures Windows Time Service to synchronize with a specified NTP time server. The NTP server is specified by either its Domain Name System (DNS) name or its IP address when you select NTP as the synchronization type.

You can set the global configuration settings for Windows Time Service by using Group Policy.

In Computer Configuration\Administrative Templates\System\Windows Time Service\Global Configuration Settings, there is only one setting that might, in certain scenarios, affect the way that Windows Time Service communicates when the computer is in a domain.

This setting is AnnounceFlags, which controls whether this computer is marked as a reliable time server. A computer is not marked as reliable unless it is also marked as a time server. The settings are as follows:

0 Not a time server

1 Always a time server

2 Automatic time server, meaning the role is decided by Windows Time Service

4 Always a reliable time server

Automatic reliable time server, meaning the role is decided by Windows Time Service

The default is 10, meaning that Windows Time Service decides the role.

In the Group Policy settings located in Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers, there are a number of settings that might affect the way that Windows Time Service communicates across the Internet. The following table describes some of these policy settings.

Selected Group Policy Settings for Configuring the Windows Time Service NTP Client for Computers Running Windows Server 2003

Policy Setting	Effect of Setting	Default Setting
NtpServer	Establishes a space-delimited list of peers from which a computer obtains time stamps, consisting of one or more DNS names or IP addresses per line. Computers connected to a domain must synchronize with a more reliable time source, such as the official U.S. time clock. This setting is used only when Type is set to NTP or AllSync. 0x01 SpecialInterval 0x02 UseAsFallbackOnly 0x04 SymmetricActive 0x08 NTP request in Client mode	time.windows.com, 0x1
Type	Indicates which peers to accept synchronization from: NoSync. The time service does not synchronize with other sources. NTP. The time service synchronizes from the servers specified in the NtpServer registry entry. NT5DS. The time service synchronizes from the domain hierarchy. AllSync. The time service uses all the available synchronization mechanisms	Default options NTP. Use on computers that are not joined to a domain. NT5DS. Use on computers that are joined to a domain.
CrossSiteSyncFlags	Determines whether the service chooses synchronization partners outside the domain of the computer. None 0 PdcOnly 1 All 2 This value is ignored if the NT5DS value is not set.	2
ResolvePeerBackoffMinutes	Specifies the initial interval to wait, in minutes, before attempting to locate a peer to synchronize with. If the Windows Time Service cannot successfully synchronize with a time source, it will keep retrying, using the settings specified in ResolvePeerBackOffMinutes and ResolvePeerBackoffMaxTimes.	15
ResolvePeerBackoffMaxTimes	Specifies the maximum number of times to double the wait interval when repeated attempts fail to locate a peer to synchronize with. A value of zero means that the wait interval is always the initial interval in ResolvePeerBackoffMinutes.	7
SpecialPollInterval	Specifies the special poll interval in seconds for peers that have been configured manually. When a special poll is enabled, Windows Time Service will use this poll interval instead of a dynamic one that is determined by synchronization algorithms built into Windows Time Service.	604800 (workgroup) 3600 (domain)

Troubleshooting Commands:

To Manually Start Windows Time Service Using the Net Command

Net Start w32time

To Manually Stop Windows Time Service Using the Net Command

Net Stop w32time

To Synchronize the Client Time with a Time Server

w32tm /resync

To Resynchronize the Client Time with a Time Server

By default, a computer running Windows Time Service will not synchronize with a time source if the computer's time is more than 15 hours off

w32tm /resync /rediscover

After running this command we should get event id 35 / 37 and event itself is self explanatory.

Event id 35 and Event 37 are for successfully Time sync.

Registry Values:

In domain based environment for time sync, in registry there a key called “Type” should have value as “NT5DS” under 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

Event IDs

Event id 35 and Event 37 are for successfully Time sync.

Linux Backup Script

echo ""
echo "   Windows Directory Mounting "
echo ""
# Mount the directories or drives from your LINUX systems on /mnt directory and before that check #desired permissions on
# Source and destination (Source normally use Backup Operator rights, destination use full rights like 777) 
# The below is my windows file server and i am talking entire backup on D thats why i am using D$

mount -t cifs -o username=Provide yourUser Name,password=password //10.X.X.X/D$/ /mnt/disk1

# The below is my destination windows server which i am running for back up purpose

mount -t cifs -o username=Provide yourUser Name,password=Password //10.X.X.X/f/ /mnt/todisk

echo ""
if [ $? = 0 ];then
echo " Directory mounted Suceesfully "
echo ""
sleep 2
echo " Backup Started "
echo ""
LOG=`date +%d%b%y`
# My back operation switch key (avuzb) - exclude i would like to exclude some of the files while running back
# And log will saved on log folder
# Exclude.txt file refer end of this script

rsync -avuzb --exclude-from exclude.txt /mnt/disk1/ /mnt/todisk  >> /log/disk5h.$LOG.log

echo ""
echo " Backup Has been Completed Successfully "
echo ""

#Once the backup has been completed the mount drives will be automatically unmovent.

umount /mnt/disk1/
umount /mnt/todisk/

# Creating the directory for storing logs

mkdir /log/`date +%d%b%y`

# Moving the log files on the day folder.

mv /log/disk*.* /log/`date +%d%b%y`

else
 echo "mount Failed"
 exit 0
fi






########################



exclude.txt

*.bak
*.mp3
*.avi
System Volume Information
RECYCLER

RAID INTERVIEW QUESTIONS

RAID 0 – Striping (Striped Disk Array without Fault tolerance)

It is the Stripped Disk Array with no fault tolerance and it requires at least 2 drives

To be implemented. Due to no redundancy feature, RAID 0 is considered to be the

Lowest ranked RAID level. Striped data mapping technique is implemented for

High performance at low cost. The I/O performance is also improved as it is loaded across many channels.

Recommended Applications

Video production and editing

Image editing

Pre-press applications

Any application requiring high bandwidth

RAID 1 – Mirroring (Mirroring & Duplexing)

It is the Mirroring it is provide high performance. RAID 1 controller is able to perform 2 separate parallel reads or writes per mirrored pair. It also requires at least 2 drives to implement a non-redundant disk array. High level of availability, access and reliability can be achieved by entry-level RAID 1 array. With full redundancy feature available, need of readability is almost negligible. Controller configurations and Storage subsystem design is the easiest and simplest amongst all RAID levels.

Disadvantages

Typically the RAID function is done by system software, loading the CPU/Server and possible degrading throughput at high activity levels. Hardware implementation is strongly recommended

May not support hot swap of failed disk when implemented “software”

Recommended Applications

Accounting

Payroll

Financial

Any application requiring very high availability

RAID 2 (ECC error correcting code) (Hamming Code ECC)

It is the combination of Inherently Parallel Mapping and Protection RAID array.

It's also known as ECC RAID because each data word bit is written to data disk

Which is verified for correct data or correct disk error when the RAID disk is read.

Due to special disk features required, RAID 2 is not very popular since ECC is embedded in almost all modern disk drives.

Disadvantages

Very high ratio of ECC disks to data disks with smaller word sizes – inefficient

Entry level cost very high – requires very high transfer rate requirement to justify

Transaction rate is equal to that of a single disk at best (with spindle synchronization)

No commercial implementations exist / not commercially visible.

RAID LEVEL 3 (Parallel Transfer with Parity)

At least 3 drives we need to implementation in this raid level. Can be used single user environments which access long sequential records to Speed up data transfer. However raid-3 does not allow multiple I/O operation

We can use this raid level for image editing, pre press applications.

Disadvantages 

Transaction rate equal to that of a single disk drive at best (if spindles are synchronized)

Controller design is fairly complex

Very difficult and resource intensive to do as a "software" RAID

Recommended Applications

Video Production and live streaming

Image Editing

Video Editing

Prepress Applications

Any application requiring high throughput

RAID Level 4:  Independent Data Disk with Shared Parity Disk

Raid 4 does not support multiple simultaneous write operations.

RAID 4 requires a minimum of 3 drives to be implemented. It is composed of independent disks with shared parity to protect the data. Data transaction rate for

Read is exceptionally high and highly aggregated. Similarly, the low ratio of parity

Disks to data disks indicates high efficiency.

Disadvantages

Quite complex controller design

Worst Write transaction rate and Write aggregate transfer rate

Difficult and inefficient data rebuild in the event of disk failure

Block Read transfer rate equal to that of a single disk

RAID Level 5: Independent Data Disk with distributed Parity Blocks

RAIDS 5 is Independent Distributed parity block of data disks with a minimum

Requirement of at least 3 drives to be implemented and N-1 array capacity. It helps in reducing the write inherence found in RAID 4. RAID 5 array offers highest data transaction Read rate, medium data transaction Write rate and good cumulative transfer rate.

Characteristics and Advantages 

Highest Read data transaction rate

Medium Write data transaction rate

Low ratio of ECC (Parity) disks to data disks means high efficiency

Good aggregate transfer rate

Disadvantages

Disk failure has a medium impact on throughput

Most complex controller design

Difficult to rebuild in the event of a disk failure (as compared to RAID level 1)

Individual block data transfer rate same as single disk

Recommended Applications

File and Application servers

Database servers

Web, E-mail, and News servers

Intranet servers

Most versatile RAID level

RAID Level 6:

RAIDS 6 are Independent Data Disk array with Independent Distributed parity. It is known to be an extension of RAID level 5 with extra fault tolerance and distributed parity scheme added. RAID 6 is the best available RAID array for mission critical

Applications and data storage needs, though the controller design is very complex

And overheads are extremely high.

Disadvantages

More complex controller design

Controller overhead to compute parity addresses is extremely high

Write performance can be brought on par with RAID Level 5 by using a custom

ASIC for computing Reed-Solomon parity

Requires N+2 drives to implement because of dual parity scheme

Recommended Applications

File and Application servers

Database servers

Web and E-mail servers

Intranet servers

Excellent fault-tolerance with the lowest overhead  

RAID Level 10:

RAID 10 is classified as the futuristic RAID controller with extremely high Reliability and performance embedded in a single RAID controller. The minimum

Requirement to form a RAID level 10 controller is 4 data disks. The implementation

Of RAID 10 is based on a striped array of RAID 1 array segments, with almost the

Same fault tolerance level as RAID 1. RAID 10 controllers and arrays are suitable

For uncompromising availability and extremely high throughput required systems

And environment. With all the significant RAID levels discussed here briefly, another important point to add is that whichever level of RAID is used regular and consistent data backup maintenance using tape storage is must as the regular tape storage is best media to recover from lost data scene.

Disadvantages

Very expensive / high overhead

All drives must move in parallel to proper track lowering sustained performance

Very limited scalability at a very high inherent cost

Recommended Applications

Database server requiring high performance and fault tolerance   

RAID Level 0+1:

It is the RAID array providing high data transference performance with at least 4 disks needed to implement the RAID 0+1 level. It's a unique combination of stripping

and mirroring with all the best features of RAID 0 and RAID 1 included such as fast

data access and fault tolerance at single drive level. The multiple stripe segments

have added high I/O rates to the RAID performance and it is the best solution for maximum reliability.

Disadvantages

RAID 0+1 is NOT to be confused with RAID 10. A single drive failure will cause the whole array to become, in essence, a RAID Level 0 array

Very expensive / high overhead

All drives must move in parallel to proper track lowering sustained performance

Very limited scalability at a very high inherent cost

Recommended Applications

Imaging applications

General Fileserver

RAID LEVEL 50

RAID Level 50 requires a minimum of 6 drives to implement

Characteristics and Advantages

RAID 50 should have been called "RAID 03" because it was implemented as a striped

(RAID level 0) array whose segments were RAID 3 arrays (during mid-90s)

Most current RAID 50 implementation is illustrated above

RAID 50 is more fault tolerant than RAID 5 but has twice the parity overhead

High data transfer rates are achieved thanks to its RAID 5 array segments

High I/O rates for small requests are achieved thanks to its RAID 0 striping

Maybe a good solution for sites that would have otherwise gone with RAID 5 but need some additional performance boost

Disadvantages

Very expensive to implement

All disk spindles must be synchronized, which limits the choice of drives

Failure of two drives in one of the RAID 5 segments renders the whole array unusable.