NTP Synchronization with Microsoft DC
As a best practice, we should always synchronize our network gear with a trusted time source. There is a special case, when we have a Windows Domain Controller and want to use it as NTP source.
After reading some documentation, I found that the Microsoft implementation of NTP is not fully NTP RFC compatible, something like SNTP. Due to this there is one parameter on the register configuration of the Server that does not allow a Cisco router or switch to synchronize properly. Cisco gear will always inform us that it has a insane invalid time source.
Fix is pretty straightforward and we have 2 choices:
- Change the LocalClockDispersion parameter on the windows box and then restart the service.
This key can be found at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\LocalClockDispersion
and must be changed from 10 to 0. We can do it with the regedt32 utility or by command executing the following:
w32tm /config /LocalClockDispersion:0
And finally restarting the service, also from the command line:
net stop w32time && net start w32time
- The other way is very simple as well, we only need to use the max distance paramenter in the NTP configuration on the router.
Both ways achieve desired result. Perform synchronization with our network DC. Decision about using the first or the second one is up to you.