Our company has computers at several customer locations in the world. Every 5 minutes we request the time from pool.ntp.org. The problem was in the area of north-west Europe.
On august 31 2023 the time switched to a different time on may 24 2023. This caused problems for our customers. The next time update 5 minutes later did set the correct time again.
In the system log of Windows the event was logged.
Is this a problem on our side? (It happend on 30% of our systems) Or is this something else?
Something went wrong with the server at about 2023-08-31 16:30 UTC; it seems to have been sync’d to an internal clock which had a large error.
The NTP server reported stratum 10. I don’t recommend using any NTP server with stratum higher than 4 or 5. [There are plenty of stratum 1’s and 2’s available.]
It’s not that uncommon for pool servers to fail. It can be a misconfiguration like in this case, or it could be a software/hardware/fireware bug.
You need to use a proper NTP client configured to poll multiple servers, so a faulty server can be detected and replaced with another server from the pool. Simple clients that can poll only one server at a time shouldn’t be used with the pool if reliable operation is expected.
I bet that “Secure Time Seeding” is implemented in the Windows Time service (w32time). If you install ntpd for Windows using the Meinberg installer that service is disabled in favor of ntpd:
TL/DR: Windows does not officially support any time sync models besides one server polling (once per 15 minutes I guess?), but unofficially you can configure it to use multiple servers and track them. I was using it on Windows Server but not sure about other versions.
Just in case you don’t want to dive in into installing/configuring/supporting Meinberg on yer host hoard.
That’s not quite right, but they don’t make the information easy to find. Microsoft documents how to configure the Windows Time service (AKA w32time AKA w32tm) on the PDC (primary domain controller) emulator at the root of an Active Directory forest [1]. They don’t mention it in other contexts because for unmanaged systems (not in an Active Directory domain) they expect the default GUI-accessible settings to be fine. Those settings cause w32time to poll time.microsoft.com once a week (!). Domain members sync to their domain controllers, which sync up the AD tree to the domain controller hosting the PDC emulator.
If you want to sync your Windows unmanaged box(es) to a NTP server using w32time, I suggest following the instructions posted by Meinberg. [2] These are instructions for using w32time, not ntpd.
In particular, take note of the syntax given by both Microsoft and Meinberg to add ,0x8 after each server name to cause it to use a normal NTP client mode request, instead of a symmetric active mode request which many servers may reject. Also note the /syncfromflags:MANUAL given by Meinberg, which is needed to override the default of using Active Directory servers if your machine is joined to a domain.
More details on w32tm options, including monitoring other systems’ time sync and making text strip charts of offsets, can be found at [3].
