How To Configure the Simple Network Time Protocol (SNTP) on ISA Server


This step-by-step article describes how to configure the Simple Network Time Protocol (SNTP) with an authoritative time server on a Windows 2000-based domain controller that is running Internet Security and Acceleration (ISA) Server. To configure SNTP on an ISA Server-based computer, you must:

  • Configure the necessary packet filters in ISA Server for SNTP communication.
  • Configure SNTP to use an Internet-based time server.
  • Synchronize the system time with the time server.

Configure and Turn On ISA Server Packet Filters

  1. In the ISA Server management tool, expand the management nodes that are beneath your server name.
  2. Expand the Access Policy branch to view the list of access policies.
  3. Right-click IP Packet Filters, point to New, and then click Filter to start the New IP Packet Filter Wizard.
  4. Type a descriptive name for the filter (such as SNTP Allow Filter), and then click Next.
  5. Click Allow packet transmission as the Filter Mode, and then click Next.
  6. Click Custom as the filter type, and then click Next.
  7. On the Filter Settings page, click UDP for the IP protocol, click Send receive for the direction, All ports as the local port, click Fixed port as the remote port, use port 123 as the remote port number, and then click Next.
  8. Keep the default settings by clicking Next through the next two wizard pages, and then click Finish at the Completing The New IP Packet Filter Wizard page.

Configure SNTP to Use a Time Server

  1. At a command prompt, type net time \\server NetBIOS name /setsntp:NTP server name or NTP server list and then press ENTER, where server NetBIOS name is the UNC identifier for the SBS Server and NTP server name or NTP server list is an Internet time server. You can use the Net Time tool to designate an external time source. Note that even though the net time /? command returns a syntax that specifies that you can designate an "NTP Server List", Microsoft recommends that you only list one DNS name or IP address at a time. W32Time only recognizes the first DNS name or IP address that is listed, and listing more than one might return an error. To set multiple time servers, separate each time server name with a space. If you use multiple time servers, you must enclose the list in quotation marks. The list may contain IP addresses or DNS names.
For additional information about Internet time servers, click the article number below to view the article in the Microsoft Knowledge Base:

262680 A List of the Simple Network Time Protocol Time Servers That Are Available on the Internet

Synchronize the System Time with a Time Server

  1. At a command prompt, type net stop w32time, and then press ENTER to stop the Windows Time service.
  2. Synchronize the system time with the time server by using the w32tm -once command.
  3. Check the output of the command for a successful setting of the system time. In the following example, the time was intentionally set incorrectly at 6 minutes past the hour:

    W32Time: BEGIN:SetTimeNow
    W32Time: Time 5/28/2002 15:11:58:324
    W32Time: *****SetSystemTime()*****
    W32Time: END Line 1258
    W32Time: Time was 06min 54.906s
    W32Time: Time is 11min 58.324s
    W32Time: Error -303418ms
  4. Use the net start w32time command to start the Windows Time service.


You can also configure the Windows 2000 Time service to synchronize with a time server at set intervals. For more information about how to do so, type w32tm -?, press ENTER, and then view help for the "period" option.


247321 W32tm Command Generates Error Messages When Run on a Windows 2000 Domain Controller
216734 How to Configure an Authoritative Time Server in Windows 2000
312534 Forest Root Domain Controllers May Display System Events 54 and 64

ID articol: 323621 - Ultima examinare: 14 mai 2007 - Revizie: 1