hello, I set ntp-server for win7 pro over gpo: Enable Windows ntp client and configure ntp client with dns name and sync all. After gpupdate /force or even reboot the new config is not applied to the time settings if I check them. The timeserver is still "time.windows.com". Somehow the new ntp-server is not used. Can someone help? Thx, hugo

HugoWin7 wrote: hello, I set ntp-server for win7 pro over gpo: Enable Windows ntp client and configure ntp client with dns name and sync all. After gpupdate /force or even reboot the new config is not applied to the time settings if I check them. The timeserver is still "time.windows.com". Somehow the new ntp-server is not used. Can someone help? Thx, hugo Can you please elaborate your exact GPO settings for the Windows NTP client? There is more to configure than just the DNS name of your timeserver. And are the settings applied? Did you check the RSOP for a given PC? Wolfgang

computer configuration -> admin templates -> system -> windows time service -> time providers Enable Windows NTP Client: Enabled Configure Windows NTP Client: Enabled ntpserver: ntp.certum.pl type: ntp rest is default -- Restart Going to Date and Time -> Internet Time The computer is still "set to automatically synchronize with 'times.windows.com'"

HugoWin7 wrote: computer configuration -> admin templates -> system -> windows time service -> time providers Enable Windows NTP Client: Enabled Configure Windows NTP Client: Enabled ntpserver: ntp.certum.pl type: ntp rest is default -- Restart Going to Date and Time -> Internet Time The computer is still "set to automatically synchronize with 'times.windows.com'"   And what does the rsop tool show? Enter rsop.msc into the search field over the start buttton - this should start the Resulting Set Of Policies mmc.snapin, which shows you which policies are applied. Wolfgang

hello, attached the nowhere documented 0x09 flags to the dns. don't know what that means... . the gpo is definitely applied. also checking with rsop. The problem is that if you set the ntp over gpo it always shows "set to automatically synchronize with 'times.windows.com'", even if the pc syncronizes with some other ntp-server. Nice!!! This means that I my gpos are actually working, only that the time display is nonsense. thx, hugo

HugoWin7 wrote: hello, attached the nowhere documented 0x09 flags to the dns. don't know what that means... . the gpo is definitely applied. also checking with rsop. The problem is that if you set the ntp over gpo it always shows "set to automatically synchronize with 'times.windows.com'", even if the pc syncronizes with some other ntp-server. Nice!!! This means that I my gpos are actually working, only that the time display is nonsense. thx, hugo   Yes, this seems to be a bug - probably after applying SP1 because I never saw this before, but just now discovered it on my non domain-member PCs, too. But you should see, with which server the last successful sync happened, too and the time when the next sync is going to happen, just below the wrong reference to time.windows.com. The 0x9 flag is a combination of 0x1 for DNS entries instead of IP-addresses (and sticking to the special poll interval defined in the NTP-Client section of the registry)) and 0x8 for using standard NTP-client mode requests instead of symmetric active mode packets (which are set via 0x4 instead of 0x8 and should -if ever - only be used on servers). Wolfgang

hello, thx for the bug info. Do I have to open incoming/outgoing ports for the firewall on ntp? there are contradicting blogs on this issue. hugo

HugoWin7 wrote: hello, thx for the bug info. Do I have to open incoming/outgoing ports for the firewall on ntp? there are contradicting blogs on this issue. hugo Of course you need an outgoing stateful exemption for NTP, but if you have the Windows Firewall configured in standard mode (i.e. outgoing connections are always allowed, if initiated by allowed programs and services on the PC) there is no need for an explicit rule - only if the firewall is set to block all outgoing traffic it not specifically allowed, you will need an exemption for NTP outgoing (utp port 123). Wolfgang