I always follow this guide when I set up time sync for a domain controller that has the PDC-Emulator role:
http://support.microsoft.com/kb/816042/en-us
I always wondered why I have to set announceflags to value 5. It’s quite simple actually. If you look at this (stolen from Technet):
AnnounceFlags
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
This entry controls whether this computer is marked as a reliable time server. A computer is not marked as reliable unless it is also marked as a time server.
|
• |
0×00 Not a time server |
|
• |
0×01 Always time server |
|
• |
0×02 Automatic time server |
|
• |
0×04 Always reliable time server |
|
• |
0×08 Automatic reliable time server |
The default value for domain members is 10. The default value for stand-alone clients and servers is 10.
A value of 5 means 0×04 + 0×01. In common words “Always time server” + Always reliable time server”.
The default value of 10 means 0×02 + 0×08. (Automatic time server + Automatic reliable time server.
1 comment
Sam Liddicott
August 11, 2010 at 9:53 am (UTC 2) Link to this comment
And don’t set “Always reliable time server” unless you can justify that decision NOW in the face of a future unknown catastrophe.
You probably can’t unless you really know what it means, so don’t set it.