I'm building a small workgroup that must have time synchronization in a classified government LAN with no WAN connectivity.  All the systems are running Windows 7 Enterprise.  While it is obvious how to configure the clients to point at one system as the time server, I can find no guidance on how to properly configure the system which will host the authoritative time.  I have attempted to configure the system with authoritative time to use an internal hardware clock, as described for a PDC master in KB article 816042, by setting the AnnounceFlags to 0xA.  The client systems are able to compare their time with the master system using the w32tm /stripchart command, but a w32tm /resync commands results in the message "The computer did not resync because no time data was available."

(FYI, I am posting to this forum because of guidance provided by Kurt Hudson in the Windows Time Service thread at http://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx.)

Hi,

Synchronize Time in a workgroup environment or with a non-Windows time server:
http://blogs.technet.com/b/bulentozkir/archive/2011/05/20/synchronize-time-in-a-workgroup-environment-or-with-a-non-windows-time-server.aspx

EDIT: Kb article: http://support.microsoft.com/kb/87542

In addition, see if this helps:

How to synchronize the time with the Windows Time service in Windows XP (applies to all operating systems in a workgroup environment):
 "When the computers are part of a workgroup, you must manually configure the time synchronization settings. You might identify a computer as a locally reliable time source by configuring the Windows Time service on that computer to use a known accurate time source, either by using special hardware or by using a time source that is available on the Internet. You can configure all other workgroup computers manually to synchronize their time with this local time source."
 http://support.microsoft.com/kb/307897

Hello,

314054  (http://support.microsoft.com/kb/314054/ ) How to configure an authoritative time server in Windows XP

___________________________________________________________________________________________________________

816043  (http://support.microsoft.com/kb/816043/ ) How to turn on debug logging in the Windows Time service

884776  (http://support.microsoft.com/kb/884776/ ) Configuring the Windows Time service against a large time offset

321708  (http://support.microsoft.com/kb/321708/ ) How to use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000

216734  (http://support.microsoft.com/kb/216734/ ) How to configure an authoritative time server in Windows 2000

Note Manually-specified time sources are not authenticated unless a specific time provider is written for them, and these time sources are therefore vulnerable to attacks. Also, if a computer synchronizes with a manually-specified source instead of its authenticating domain controller, the two computers might be out of synchronization. This scenario causes Kerberos authentication to fail and could also cause other actions that require network authentication to fail, such as printing or file sharing. If only the forest root is configured to synchronize with an external source, all other computers within the forest remain synchronized with each other. This configuration makes replay attacks difficult.

As I attempted to state in my original post, the problem I'm trying to solve is configuring a Windows 7 workgroup member to act as an NTP server and consider itself to be a reliable time source for the rest of the workgroup.  The responses to my post have been oriented to configuring the NTP clients, which I already understand how to do.  The system that I want to be the NTP server is reporting Event ID 36 from Time-Service, saying that "The time service has not synchronized the system time for [thousands of] seconds because none of the time service providers provided a usable time stamp. The time service is no longer synchronized and cannot provide the time to other clients or update the system clock."  I have configured the NTP Server to not attempt to be an NTP client.

What sequence of commands can I issue to tell my Windows 7 NTP server to use its own CMOS clock as a reliable time source?  KB article 816042 implies that it is only necessary to update one registry value by setting the W32Time\Config\AnnounceFlags to 0xA and restarting the Time Service.  I have confirmed multiple times that this is NOT sufficient.

Thanks to everyone on this thread for your assistance.

Windows non-DCs and client operating systems do not provide a time server service out of the box, but the Time service can be configured to do so.

If you want a machine, whether a server or client machine, to be a time source for the workgroup, you can either configure your workstation's time service, (http://support.microsoft.com/kb/307897 ) or use a 3rd party time service on it, then configure your workgroup clients to sync with this machine's time service.

After you've installed the third party time service on the server or client machine, then on the workgroup (non-AD joined) workstations, run the following to sync with the workgroup's time server:
 w32tm /config /syncfromflags:manual /manualpeerlist:<workgroupServerOrClientIpAddress>

Here are some examples of third party time service software:
 
NTP Client Software (Windows):
 http://www.endruntechnologies.com/ntp-client.htm#windows
 
Timing Software Solutions
 http://www.zti-telecom.com/EN/Timing_Products_Software.html
 
Time service software list of links:
http://support.ntp.org/bin/view/Main/ExternalTimeRelatedLinks

Hi,

I'm trying to solve is configuring a Windows 7 workgroup member to act as an NTP server and consider itself to be a reliable time source for the rest of the workgroup.

Its not possible, NTP server should only be PDC role owner, you can not configure a Windows 7 workgroup member to act as an NTP server.

What sequence of commands can I issue to tell my Windows 7 NTP server to use its own CMOS clock as a reliable time source?  KB article 816042 implies that it is only necessary to update one registry value by setting the W32Time\Config\AnnounceFlags to 0xA and restarting the Time Service.  I have confirmed multiple times that this is NOT sufficient.

Did you check my previous post, synchronize Time in a workgroup environment or with a non-Windows time server:
http://blogs.technet.com/b/bulentozkir/archive/2011/05/20/synchronize-time-in-a-workgroup-environment-or-with-a-non-windows-time-server.aspx

Oh, ye of little faith.  Heed the timeless adage "Can't never did anything."  KB article 307897, as suggested by Ace Fekay, provided the most helpful clue to resolving this issue.  Changing the AnnounceFlags to 5 allowed my Windows 7 NTP Server box to advertise itself as a good time source, and the clients are now able to sync with it.  Since I generally hack the registry with regedit, I'll confirm the sequence of w32tm commands that are needed on the NTP server to get it in the desired state, since that info doesn't seem to be available anywhere in the microsoft.com site or elsewhere that I can find.  I'm also using customized settings for UpdateInterval (0x168) and SpecialPollInterval (0x3C) on the NTP clients, and this is allowing the time to stay within .002 seconds according to w32tm /stripchart.

Glad to hear that article was helpful, despite my following post saying otherwise.

Also, I have tried the same but no luck.

Agreed with Ace and Abhijit.

The fastest, easiest method of configuring your Windows PC to be an NTP Server appears to be through a registry update.  Save the text below which is in Courier font to a REG file, then merge the REG file on the system which will be your NTP Server.  Restart the w32time service through the command line or via Control Panel => Services, and insure that the Windows Time service is configured for Automatic start.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config]

"AnnounceFlags"=dword:00000005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Parameters]

"Type"="NoSync"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient]

"Enabled"=dword:00000000

"SpecialPollTimeRemaining"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer]

"Enabled"=dword:00000001

<-------End of REG file------->

The w32tm command does not provide all the options needed to enable NTP Server functionality on your computer.  The following command updates the AnnounceFlags value and the Type value, but you have to set the rest of the values by editing the registry or manipulating the Local Security Policy.

w32tm /config /update /syncfromflags:NO /reliable:YES

After implementing the changes specified above, your system should report the following when you run "w32tm /query /status":

Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source name:  "LOCL")
Last Successful Sync Time: MM/DD/YYYY HH:MM:SS
Source: Local CMOS Clock
Poll Interval: 10 (1024s)

Hope this helps other folks who find themselves with similar requirements.

Thanks for clarifying the steps involved. It will definitely help others! :-)

Here's another wrinkle in the NTP functionality that is not well documented.

By default, Windows 7 and Windows Server 2008 systems automatically stop some of the services if the computer is not joined to a domain.  The Windows Time service is one of these services.  To enable the Windows Time service to start automatically and not get stopped immediately, you must alter the trigger settings for the service.  The first and third commands listed below in bold display the trigger settings; the second command revises the triggers.  This modification should be applied to the NTP server as well as the NTP clients.

C:\>sc qtriggerinfo w32time

[SC] QueryServiceConfig2 SUCCESS

SERVICE_NAME: w32time

        START SERVICE

          DOMAIN JOINED STATUS         : 1ce20aba-9851-4421-9430-1ddeb766e809 [DOMAIN JOINED]

        STOP SERVICE

          DOMAIN JOINED STATUS         : ddaf516e-58c2-4866-9574-c3b615d42ea1 [NOT DOMAIN JOINED]

C:\>sc triggerinfo w32time start/networkon stop/networkoff

[SC] ChangeServiceConfig2 SUCCESS

C:\>sc qtriggerinfo w32time

[SC] QueryServiceConfig2 SUCCESS

SERVICE_NAME: w32time

        START SERVICE

          IP ADDRESS AVAILABILITY      : 4f27f2de-14e2-430b-a549-7cd48cbc8245 [FIRST IP ADDRESS AVAILABLE]

        STOP SERVICE

          IP ADDRESS AVAILABILITY      : cc4ba62a-162e-4648-847a-b6bdf993e335 [NO IP ADDRESS AVAILABLE]

You can use special software for synchronization, for example ClockSynchro. Network may be not connected ro internet. Contains ClockSynchroServer and CkockSynchroClient. This program is easy to install and use.
On Windows 7 you must run ClockSynchroClient with adminisrtrator permitions ("Run as Administrator")

WebSite: http://clocksynchro.com

• Edited by Roman Gorniy Tuesday, September 17, 2013 11:01 AM

Thank you for including this information.  I ran into the problem of the time service stopping immediately after startup on the time server.  My first approach was to create a scheduled task that executed the following command every hour:

C:\Windows\system32\net.exe start w32time

It works, but it is not the best solution, so I went back to this thread and read through all of the posts, not just the solution above.  I found this post and it resolved the rest of the problem.  Everyone reading this thread needs to know that this is also part of the solution.