greg hughes - dot net - NTP time sync with time.windows.com failing?

Sunday, September 16, 2007

NTP time sync with time.windows.com failing?

I was trying to figure out why my clock was not getting properly synchronized with the default Network Time Protocol (NTP) server this evening because I noticed my home router (which also has NTP sync enabled) was a couple minutes ahead of my laptop.

UPDATE: I've made a very quick-and-dirty screencast (typing errors, 'umms' and all) showing how to change the Time Server settings in Windows, which you can view in your browser by clicking here. I incorporated a couple readers' thoughts from the comments into the video, as well.

Since I am running Vista, I went to the Change Date and Time settings dialog for the clock, then I clicked on the Internet Time tab, and noted that "time.windows.com" was selected as the NTP host to sync with. The only problem is, it looks like that host is not working. In fact, if I tried to select that host and do an update the system dialog would hang until it timed out:

So, I changed the NTP host to "ntp1.dlink.com" (same one my DLink router uses) and saved it, and instantly the time was updated on the Windows machine.

I went with the DLink time server after messing with a few of the other NTP host options (the NIST ones) available in the configuration list, some of which worked at the time and some of which didn't work too well or at all.

Anyone else having problems successfully connecting via NTP at time.windows.com? It will be interesting to see if this problem still exists tomorrow or not. At least one other person I just checked with has the exact same issues as of the time of this writing. Bummer that the default Windows Vista time service is not highly available (or at least appears not to be, so let me know if I am wrong here). Seems like it should be. Time sync issues across an ASP.net web farm for example can wreak havoc with an app, and try getting a domain controller's time out of sync with member servers. It can be a whole lot of not-fun. Of course, perhaps relying on time.windows.com is not the best way to ensure stability when you really should be running your own enterprise time services keyed to GPS or atomic clock, but you get the point.

For what it's worth, here is how to synchronize Windows Vista with an Internet time server, as cannibalized from Windows Help:

You can synchronize your computer clock with an Internet time server. This means that the clock on your computer is updated to match the clock on the time server, which can help ensure that the clock on your computer is accurate. Your clock is typically updated once a week and needs to be connected to the Internet for the synchronization to occur.

Open the Date and Time dialog.
Click the Internet Time tab, and then click Change settings. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
Click Automatically synchronize with an Internet time server, select a listed time server or enter the name of the one you want to use, and then click OK. Test the connection using the button provided.

Add/Read: Comments [26]

Tech

Sunday, September 16, 2007 11:31:30 PM (Pacific Daylight Time, UTC-07:00)

Sunday, September 16, 2007 11:42:16 PM (Pacific Daylight Time, UTC-07:00)

Yep, same problem here!

John Walker

Sunday, September 16, 2007 11:57:52 PM (Pacific Daylight Time, UTC-07:00)

Thanks, John. At least I know I am not crazy now. :)

Greg

Monday, September 17, 2007 4:50:30 AM (Pacific Daylight Time, UTC-07:00)

You really should be using your ISP's NTP server. You'll get better time (which probably doesn't make any difference given how loose Windows is about time) and not create extra load for a shared public service. All ISPs have time servers, though the level 1 phone support people might not know it.

Lyle

Monday, September 17, 2007 8:51:08 AM (Pacific Daylight Time, UTC-07:00)

@Lyle - Yep, I agree. But my original point still stands - The default time server set up for Windows should be a highly-available service, since only a fraction of a percentage of Windows users will ever even know what a time server is or tha one exists, but the need is there. And previous versions of Windows rely on time.windows.com as well.

Seems like a nit-pick maybe but I am just surprised it's unavailable. Still is today. It could cetainly be an issue with precision requirements of the time service and less than helpful error messages. I am going to look at thet network traffic and see what's happening between the client and host.

greg

Greg

Monday, September 17, 2007 8:55:11 AM (Pacific Daylight Time, UTC-07:00)

By the way, for people who like this stuff but have never done it, Wireshark (which used to be called Ethereal) is a great program.

http://www.wireshark.org/

Greg

Monday, September 17, 2007 4:15:06 PM (Pacific Daylight Time, UTC-07:00)

Thanks, Greg. I've noticed that the default has NEVER worked for me. Occasionally I try a manual update, but it always timed out, and I always just said, "Ah, well, I'll get to this later." I used the ntp1.dlink.com address, and now I finally feel "synced up".

Mark Freedman

Tuesday, September 18, 2007 2:05:44 PM (Pacific Daylight Time, UTC-07:00)

I recommend that people use pool.ntp.org for syncing their time clocks.

Since this does like a round robin type of thing with several tier 2 servers, it's much more robust than just using one or two servers you pick on your own.

Regards,

Alex

Alexander Scoble

Wednesday, September 19, 2007 4:31:46 PM (Pacific Daylight Time, UTC-07:00)

Just another confirmation... My clock (on Vista) has never successfully synced with the default setting of "time.windows.com". That is lame. Hmm... I wonder if they know it's not working. Scott, could you check on that for us? ;)

Once I set up my laptop to use Alex's recommendation, it jumped forward 2 minutes!

Thanks for posting! I will sleep better tonight. :)

Steve

Wednesday, October 03, 2007 4:05:03 AM (Pacific Daylight Time, UTC-07:00)

I've tried all of the above recommended fixes and I still get the message "An error occurred while Windows was synchronizing with (fill in the blank)." Although the clock is actually in synch, this message is throwing off my Zone Alarm updates and makes me get all kinds of certificate notices when I go to a new site. Any suggestions? thanks.

Walt

Wednesday, October 03, 2007 6:42:23 PM (Pacific Daylight Time, UTC-07:00)

Walt - Check and see if your date and year are set correctly. If they are off, the time sync will fail with all servers. Also, zone alarm will need to be configured to allow the outbound connections.

Greg

Tuesday, October 16, 2007 11:04:27 PM (Pacific Daylight Time, UTC-07:00)

This worked for my Vista Premium + McAfee computer:

For anyone else pulling their hair out, open McAfee (or just flippin get rid of it and save yourself 3 years of headaches). Go to the Advanced menu if you aren’t already there. Click on the Configure box. On the left, click on Internet & Network. Now click the second grey row that says Firewall protection is enabled. Click Advanced… On the left, click System Services. Check the box next to Network Time Protocol Port 123. Click Apply, then OK. Then follow the synchronization steps as usual (only it’s best to enter another website than the junk ones they have listed).

Kelsey

Wednesday, October 24, 2007 7:05:39 AM (Pacific Daylight Time, UTC-07:00)

I noticed this error on 4 of my pcs this morning. And found an easy fix for it for NORTH AMERICAN users Double click the clock and click the Internet Time tab. In the box where it says "time.windows" type in the following IP.... 132.163.4.102 Click update. Then click apply then ok. Time will now be in sync.

Zanesvillman

Wednesday, October 24, 2007 11:10:32 AM (Pacific Daylight Time, UTC-07:00)

@Zanesvillman - Yeah, that IP address belongs to NIST and is one of their time servers it appears. Saving the DNS lookup probably speeds things up slightly, but not sure if it makes a difference in terms of timeouts.

Greg

Friday, October 26, 2007 11:33:08 PM (Pacific Daylight Time, UTC-07:00)

Yeah, I am getting the same error message on a Vista Ultimate laptop. I live in Saudi Arabia (GMT+3 Time Zone). I have McAfee Firewall as <Kelsey> discribed but I couldn't do it. I'll keep following on this thread for a possible easy solution.

Fray

Sunday, October 28, 2007 5:12:10 AM (Pacific Daylight Time, UTC-07:00)

I just used my ISPs time server (ntp.sky.com) and it worked. I recommend that you use your ISPs server (ntp.yourisp.com)

John

Monday, October 29, 2007 10:00:57 AM (Pacific Daylight Time, UTC-07:00)

None of these worked for me :(

Adam

Saturday, November 03, 2007 7:04:28 AM (Pacific Daylight Time, UTC-07:00)

time.windows.com or any of the defaults never worked for me.

the dlink one greg mentioned, I tried first, which worked for me.

I'm going to quote this guy earlier:

I recommend that people use pool.ntp.org for syncing their time clocks.

Since this does like a round robin type of thing with several tier 2 servers, it's much more robust than just using one or two servers you pick on your own.

--

I'm now using pool.ntp.org and it's working nicely.

zeeg

Saturday, November 03, 2007 6:01:48 PM (Pacific Daylight Time, UTC-07:00)

I have a dell laptop with McAfee installed. I did what Kelsey suggested and used ntp1.dlink.com to finally sync my time.

Shyam

Sunday, November 04, 2007 10:03:20 AM (Pacific Standard Time, UTC-08:00)

i have been having this problem for the longest time and this resolved the problem. thanks so much!

Amanda

Sunday, November 04, 2007 11:23:48 AM (Pacific Standard Time, UTC-08:00)

Thanks Greg... Great write up and your video guide was very helpful!

David B.

Saturday, November 24, 2007 12:46:04 PM (Pacific Standard Time, UTC-08:00)

For those of you who have McAfee and can't time Sync here is the latest.(This is for a windows XP machine)

DON"T open your port 123 as sugessted by Kelsey. That is not secure.

Here is how tech support at mcAfee solved the problem.. Basically you're simply finding the ip address for the time server and adding it to your list of trusted ip addresses in the firewall program.....
Double click on your clock icon at lower right corner of the desktop screen and select "Internet Time" on the tabs in your Date and Time window that pops up
Ensure Automatically update with the internet time server is selected.
Observe the name of the Server field and write it down.
ie: time.windows.com
Now click Start, Run and type "cmd" and press ENTER.
command prompt window is opened
Type ping time.windows.com and press ENTER. The ping results may return "Request timed out" if the server is set not to respond to ping attempts.
The first line displays:

Pinging <Server Name> [IP Address] with 32 bytes of data:

Write down the [IP Address] and close the command window.

For example given, the ip address would be... 207.46.197.32
Now double-click the Red "M" icon in the systray to open the SecurityCenter.
From the Basic Menu
Click Internet & Network and click Configure which is on the center right.
click Firewall protection is enabled and click Advanced.
Click Trusted and Banned IPs.
Select Trusted IP Addresses from the drop-down menu.
Click "Add and select Single IP Address" then type the Server IP Address (207.46.197.32) in the IP Address: field.
Click OK then click Yes.
Close the Firewall Window, then close the SecurityCenter.
Please restart your system to take the changes get affected.
Check your time and update it to see that the changes have fixed your problem

Ledoc

Thursday, November 29, 2007 3:30:49 AM (Pacific Standard Time, UTC-08:00)

thanks ledoc...worked superbly for me!

greatful

Wednesday, December 05, 2007 7:12:50 AM (Pacific Standard Time, UTC-08:00)

Kelsey's method worked for me, so I thank you very much for the help. This has been killing me for a long time.

andrew

Sunday, December 23, 2007 4:54:39 PM (Pacific Standard Time, UTC-08:00)

ATTENTION McAFEE SECURITY CENTER USERS — An Alternate Solution:

If you have McAfee Security Center v8.x (verified; Vista OS) and/or McAfee Personal Firewall v9.x (verified; Vista OS) and have already tried the above solution(s) — or, for some reason, chose not to — and are still receiving the aforementioned "error .. while ... synchronizing with [time server]," you might try the following:

Instructions via McAfee Security Center 8.0

1> Open McAfee Security Center.

2> If you see the phrase "Advanced Menu" (with a horizontal arrow icon immediately to its left) at the bottom of the left-hand panel, click "Advanced Menu." Alternately, if you see the phrase "Basic Menu" (also with similar arrow icon to its left), do nothing. The panel is as it needs to be for these instructions.

3> Now, from the left-hand panel select "Configure."

4> Having done that, look for the following phrases listed inside and at the top of the newly-refreshed left-hand panel:

- Security Center
- Computer & Files
- Internet & Network
- E-mail & IM
- Parental Controls

5> Select "Internet & Network."

6> From the refreshed page that appears to the right of the left-hand panel, several sections will appear. Look for the section named "Firewall protection is enabled." If the "Firewall protection" section is collapsed, simply press its double arrows (pointing up), and located to the right.

(NOTE: If the section reads "Firewall protection is DISABLED," this solution will probably not apply to the Time Server error that Windows is displaying.)

7> Click the "Advanced" tab within the "Firewall" section.

8> In the new (pop-up) window that appears, select "System Services" from the [new] left-hand panel.

9> From the refreshed page to the right of the Firewall's left-hand panel, scroll through the Open System Service Port list and find "Network Time Protocol Port 123." If it is not selected/checked, mark it as checked and then click the "Apply" button at the bottom right of the window.

*If you are unable to find "Network Time Protocol Port 123" in the System Services list, please continue to the next step. Otherwise, your Windows system should now recognize whatever valid time server you select.

10> To create the "Time Protocol Port," click the "Add" Button at the bottom of the System Services window. Several empty fields should appear, including "Program name," "Program category," "Inbound TCP/IP ports," etc.

11> Enter the information below into the respective fields.

- Program name: Network Time Protocol Port 123
- Program category: System Ports
- Inbound TCP/IP ports: 123
- Outbound TCP/IP ports: 123
- Inbound UDP ports: 123
- Outbound UDP ports: 123

- Do not check "Forward network activity..." unless you know that it applies to your system's network or Windows' Internet Connection Sharing setup.

- In the Description field, enter: Standard Network Time Protocol Port

- Click the "OK" button.

12> Again, from the System Services area, search again for the port "Program name" you entered in the previous step. Ensure that the "Network Time Protocol Port 123" is checked, and click the "Apply" button at the bottom-right of the window.

Your Windows system should now recognize whatever valid time server you select.

Qbert

Thursday, January 03, 2008 9:38:03 PM (Pacific Standard Time, UTC-08:00)

The last blog by qbert worked for me it is the maccafee firewall time issue.
Thanks a lot now it does sync as designed... Oh I also used this site ntp1.dlink.com instead of the windows provided ones since they did not work.

THANKS QBERT and all...

cARLOS

Thursday, March 27, 2008 8:58:42 PM (Pacific Daylight Time, UTC-07:00)

One thing I did find was that an error affecting W2K3 servers and NTP appeared to be the cause of the sync error on my XP machine (the McAfee tips did not apply).

Basically the w32time service was having problems with time servers with a -31 precision.

To determine if you have the same problem, turn on logging on w32time (http://support.microsoft.com/kb/816043/) and check to see if the following appears in the log:

Time - TimeProvCommand([NtpClient], TPC_TimeJumped) called.
...
Time - | Poll Interval: 6 - 64s; Precision: -31 - -0.465661ns per tick
...
Time - Rejecting packet w/ bad precision
Time - Ignoring garbage packet.

When I switched to a time server with a different precision (e.g. time-a.nist.gov as opposed to time.nist.gov) I had no problems syncing.

eialba

Name
E-mail
Home page

	Remember Me
Comment (Some html is allowed: `a@href@title, b, blockquote@cite, em, i, strike, strong, sub, super, u`) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.

Live Comment Preview