Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows Time Synchronization - Best Practices
From: "Gary E. Miller" <gem () rellim com>
Date: Sun, 24 Oct 2004 18:48:07 -0700 (PDT)

Hash: SHA1

Yo Michael!

On Fri, 22 Oct 2004, Micheal Espinola Jr wrote:

You can certainly have multiple time servers specified with Windows
Time Service (SNTP).  RTM.  It has the ability to failover through a

Yes you can have multiple time servers, but only one active at a time.
With NTP your client polls a number of diverse servers.  Routes can
flap, servers can go wacko, but your time stays solid.

If you need the full features of NTP, by all means use a third party
daemon.  However, in keeping my routers, RADIUS, and Kerberos sync'd
properly -  I have yet to require anything that SNTP is unable to

So I agree it is not always required, but when those devices support
native SNTP why not use the best?

A lot of services are dependent on linear time.  NTP will usually slew
the local host time to the correct value, SNTP will in usually jump
time to the correct value.  This can cause things like cron daemons
to miss scheduled events.  I have seen this cause problems.

BTW, A Cisco router makes a dandy low-latency local NTP time server.

I've never heard of time.microsoft.com, and have never seen any
indication in any documentation to ever suggest using it.  MS's docs
have always suggested US naval observatory sites (since the
documentation is US-based).

Just read all the w32time KB articles and the only time server
mentioned with a FQDN is time.miscrosoft.com.

Even the usno NTP has gone bonkers.  Not dead, bonkers.  So failover
never occured.  Folks that synced to it and other servers with NTP
had no issues.  Those that used it solely were SOL.

I missed something.  Why would the requester time sync to Seattle, WA
USA if they are in Brazil?  That certainly goes against NTP RFC's,
regardless of any suggestions of the use of time.microsoft.com.

Cause that is the only time server mentioned by FQDN in the M$ KB.

I have used 3rd party daemons as well as the built-in SNTP.  Both work
equally well.  The built-in tools can work just fine if you understand
the components and know how to properly use them.  There  is more
functionality available than what is simply represented by NET TIME.
Again, its a matter of RTM.

Well, I RTM the SNTP RFC and it says only to use STNP on local nets at
the end nodes.   YMMV.

- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676
Version: GnuPG v1.2.3 (GNU/Linux)


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]