Synchronizing the Time on Windows XP and Vista with the Internet
by, 06-24-2007 at 08:05 PM (54124 Views)
I noticed today that the clock on my Windows XP computer was five minutes slow. I always know the correct time because I have one of those “atomic clocks” hanging on my wall that synchronizes itself to WWV every night. My wall clock's time also matched the correct “Verizon time” displayed by my cell phone. The strange thing was that my Windows XP computer was also configured to synchronize its own clock with an Internet time server maintained by NIST. So why did my Windows XP computer loose five minute?
To check the time synchronization settings on Windows XP, I double-clicked on the clock in my system tray and selected the Internet Time tab on the Date and Time Properties window. The “Automatically synchronize with an Internet time server” box was checked and time.nist.gov was set as the time server. I clicked the “Update Now” button and, after 15 seconds, the error message “An error occurred while Windows was synchronizing with time.nist.gov” was displayed. My computer was not having problems communicating with any other Internet hosts, so what happened to the Internet's most reliable time server?
Clicking on the time server combo box, I selected the only other choice listed, time.windows.com , but this selection also threw the same error message. I realized that I needed to find the address of another time server, and preferably one maintained by NIST. After a short, Google-aided journey, I found the NIST Internet Time Servers Web page, which contains a healthy listing of 16 time servers–including the now silent time.nist.gov .
The next trick was to use RegEdit.exe to find the place in the Windows registry where the listing of time servers for the Date and Time Properties windows was stored. Under Windows XP and Vista, this registry key is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\DateTime\Servers ; you will need administrator access to add additional servers to this list. If you are too impatient or inexperienced to edit the registry yourself, save the following listing to a file named TimeServers.reg and run it to automatically add the entries to the registry:
I added all of the NIST time servers to my registry and, with no reboot required, the Internet Time tab now displayed every public NIST time server. I chose time-a.nist.gov , clicked the Update Now button, and almost instantly a message was displayed indicating that a successful time synchronization had occurred. The clock in my system tray was now displaying the correct, “atomic clock” time. (Vista comes preconfigured with the additional time servers time-a.nist.gov, time-b.nist.gov , and time-nw.nist.gov , so no registry editing is necessary for Vista users.)Code:Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DateTime\\Servers] @="3" "1"="time.windows.com" "2"="time.nist.gov" "3"="time-a.nist.gov" "4"="time-b.nist.gov" "5"="time-a.timefreq.bldrdoc.gov" "6"="time-b.timefreq.bldrdoc.gov" "7"="time-c.timefreq.bldrdoc.gov" "8"="utcnist.colorado.edu" "9"="time-nw.nist.gov" "10"="nist1.symmetricom.com" "11"="nist1-dc.WiTime.net" "12"="nist1-ny.WiTime.net" "13"="nist1-sj.WiTime.net" "14"="nist1.aol-ca.symmetricom.com" "15"="nist1.aol-va.symmetricom.com" "16"="nist1.columbiacountyga.gov" "17"="nist.expertsmi.com"
Now, back to my original question of “what happened to time.nist.gov ?”. The official answer I found on the NIST Web site itself:
Starting on 14 April 2007 the server time.nist.gov will no longer respond to requests for time in the TIME format (as defined in RFC-868). These requests are generated by a number of different programs including DATE, RDATE, and other programs that connect to the time server using tcp or udp port 37. All of the other NIST servers (except for time-nw.nist.gov) will continue to respond to requests to either tcp or udp port 37 for time in the format specified in RFC-868.
RFC-868 is the old Time Protocol first used on the Internet over 25 years ago, and has been largely replaced by the Network Time Protocol (NTP). If you have any computers that are relying on RFC-868 for time synchronization and not NTP (as Windows apparently is), check to make sure that your computers are not pointed to time.nist.gov for their time server, or you may find that time is slipping away from your computers too.
For Further Reference
June 25th, 2007 on 11:31 am
What's up with the port 37 stuff?
Windows has always used the standard NTP on port 123 UDP.
June 25th, 2007 on 3:30 pm
Please check your reg file (above) – the backslashes are missing and hence it won't work. (The correct syntax is given below.) Thanks for the info, however!
James D. Murray
June 25th, 2007 on 3:46 pm
Port 37 is used by the Time Protocol defined in RFC-868.
James D. Murray
June 25th, 2007 on 3:52 pm
Al, thanks for pointing out the missing backslashes. I forgot to double-backslash for WordPress publishing.
June 25th, 2007 on 6:11 pm
JD – To the best of my understanding Windows (under W2K at least) used the Simple Network Time Protocol (SNTP RFC – 1769 and 2030) which relied in most cases on broadcasts, and if desired could be configured to use multicast. However, under W2K3 and WXP (at least SP2, not sure about earlier) Windows has used NTP. I used to see it trying to cross my firewall all the time, and had to make a registry edit to make sure my clients only synched with my Domain Controllers and not Windows time servers or nist.gov time servers.
Which states in part:
The Windows Time service uses the Network Time Protocol (NTP) to help synchronize time across a network. NTP is an Internet time protocol that includes the discipline algorithms necessary for synchronizing clocks. NTP is a more accurate time protocol than the Simple Network Time Protocol (SNTP) that is used in some versions of Windows; however W32Time continues to support SNTP to enable backward compatibility with computers running SNTP-based time services, such as Windows 2000.
So again I am wondering because you've got me curious, where did you find that Windows currently uses the Time Protocol as defined in 868? Is this like a combo meal where it somehow ties together with NTP like fries with a burger?
Thanks! Oh, almost forgot, thanks for the reg file, worked like a charm!
James D. Murray
June 26th, 2007 on 9:22 am
Mark, I've verified using Wireshark that Windows XP is sending an NTP message when the “Update Now” button is clicked. This is good news in that Windows XP (and Vista) is, in fact, using NTP. However, time.nist.gov is still not responding, leading me to believe that this time server is temporarily out of service for all time synchronization requests. Pointing instead to time-a.nist.gov or time-b.nist.gov still looks like a necessary thing to do.
July 3rd, 2007 on 8:08 pm
Excellent article, Mr. Murray. I, too have my home PC set to acquire the time automatically. I haven't checked it in awhile, so if it's off, I will definately be paying Regedit a visit! Thanks!
July 9th, 2007 on 7:24 pm
You can force Windows 2000 to use NTP should you wish to.
You should open a firewall rule for UDP port 123 to the broadcast address (192.168.x.255) if you've got more than 1 computer updating its time to a NTP server. Just thought it was worth a mention.
July 11th, 2007 on 4:08 am
In XP you don't need to edit the registry to add a time server.
Double click the time in the bottom right of the screen to bring up the Date and Time properties window, select the Internet Time tab, edit the Server field and click the Apply button to add the new server to the pull-down list of servers.
August 7th, 2007 on 6:09 pm
Looks like there is a problem with all of the listed sites:
time.nist.gov – Through wireshark it is NTP (port 123) and it responds however XP Time/Date page still shows an error.
time-a.nist.gov – Through wireshark it is NTP (port 123) and it responds however XP Time/Date page still shows an error that it is receiving duplicate packets. Wireshark verifies this.
time-b.nist.gov – Through wireshark it is NTP (port 123) and it responds however XP Time/Date page still shows an error that it is receiving duplicate packets. Wireshark verifies this.
There is an issue and I have not found any help in TechNet about this. Any ideas?
Also, be advised, that having your time correct is very, very important if you are using site-to-site VPN or client-to-site VPN. In the later case you must point your laptop users to a public NTP server otherwise they cannot verify NTP before connecting to the VPN and, if they are even a minute off, they may not connect properly or at all.
James D. Murray
August 8th, 2007 on 8:26 am
I just checked and both time-a.nist.gov and time-b.nist.gov are working for me, and time.nist.gov is not responding as expected. It's possible that these hosts were down for a while due to problems or maintenance.
September 15th, 2007 on 4:32 pm
I would also like to add that if the the clock is 15 hours of from the time it will not update.
December 3rd, 2007 on 8:38 pm
I have been having the SAME problem as everyone else….THANKFULLY some good soul on another page figured out what was wrong.
Im 99% sure the problem is with McAfee firewall, HERE is how you fix it quickly and easily:
For anyone else pulling their hair out, open McAfee.
Go to the Advanced menu if you aren't already there.
Click on the Configure box.
On the left, click on Internet & Network.
Now click the second grey row that says Firewall protection is enabled. Click Advanced…
On the left, click System Services.
Check the box next to Network Time Protocol Port 123. Click Apply, then OK.
Then follow the synchronization steps as usual (only it's best to enter another website than the junk ones they have listed).
This worked! THANK God!
James D. Murray
December 12th, 2007 on 10:36 am
I wonder why the McAfee firewall didn't automatically open the port when it was installed. My only guess is that the Windows network time service wasn't running on that computer when McAfee firewall was installed, therefore it left the port closed. However, when the service was later started, the McAfee firewall should have popped-up a box indicating that the was trying to connect to the specified network time server.
I would suggest sending an email to McAfee's tech support describing this problem and solution and let us know what they say about it.
January 15th, 2008 on 9:11 am
Thanks, Nick — It was McAfee. I'm using the free McAfee software that comes with Comcast. This has been bothering me for years. Yes, McAfee should have the default set to ON.
James Murray — you should consider putting a Note about this fix at the top of your page. I almost didn't read down this far. (esp. since Vista is more prevalent, and NTP isn't as likely to be the cause).
June 26th, 2008 on 12:31 pm
I had the same probem with the XP firewall
Opening the Firewall settings you go to Advanced, then ICMP and Settings. Then you check the appropriate checkbox (2nd from the top, I have a Danish version and prefer not to translate ).
That worked for me.
November 2nd, 2008 on 3:07 pm
I tried to do it the easy way, but my “TimeServers.Reg” didn't seem to work for some reason.
I think it's because of that Backslash thing Al (Above comments) talked about, so what backslashes is the Reg (Above) missing?
November 15th, 2008 on 11:32 pm
I tried what Nick said–and it STILL doesn't work.
January 19th, 2009 on 11:29 am
Just change all the double slashes after HKEY_LOCAL_MACHINE into single slashes. Works.
February 14th, 2009 on 1:16 pm
McAfee was the culprit for me as well – Thanks Nick for the detailed instructions and for the initiator + other participants of the discussion.
February 22nd, 2009 on 3:26 am
I was having this very same problem when contacting any of the servers I could fine.
When I disabled the Windows Firewall, all of the locations started to work. I figured out the ports for the time.windows.com site, but still can't get the *.nist.gov sites working.
White having time.windows.com is good, best would be to have all the various servers available to me. I tried TCP and UDP port 123 (as well as several other ports) to no avail, though.
One thought was to enable the application to be an exception. Does anyone know of the application's name for the purpose of the Windows Firewall exception list?
The other possibility is to add ports one at a time till it works (TCP & UDP) and then start deleting ports and see if / when it stops working. This would take a long time.
BTW, I'm using Windows XP Pro x64, though, that shouldn't make a difference. OH!! Another thought …..
What about a program that could show me what port the program is trying to use (unsuccessfully)?
April 12th, 2009 on 2:07 pm
Thanks Nick, McAfee was the culprit for me too.
May 28th, 2011 on 4:38 pm
Please help me:
In May 29 2011, I found my windows vista clock set to Nov 18 2008; so I fixed to the real date.
I wonder how this is related to automatic time setting errors?:
Then my outlook express stop working, it does not open and a error windows reads:
“Cannot start Microsoft Office Outlook. Cannot open th Outlook window. The set of folders cannot be opened. Errors have been detected in the file C:\Users\Rod\AppData\Local\Microsoft\Outlook\R.L.p st. Quit Outlook and all mail-enabled applications, and use the inbox repair tool (Scanpst.exe) to diagnose and repair errors in the file. For more information about the Inbox repair tool, see help.”
I cannot change any setting in outlook, creating a new .pst because outlook it self does not even open.
August 15th, 2011 on 3:34 pm
Thanks for this, I've been having major problems getting my clock to sync. I've tried everything. My Netgear UDP port 123 is open, as is my Windows Firewall. Nothing seemed to work. But thanks to Dimitris for pointing out that if your clock is out by 15 hours it will never sync.
I manually adjusted my clock to around the right time, then tried to sync again with time.nist.gov and it worked.
I'm using Windows Vista Home Premium SP2 on a Dell Inspiron 531 desktop.
Unfortunately my clock keeps losing time so I'm guessing my CMOS battery could be flat?
August 30th, 2011 on 8:35 pm
Rod and Jai, off the top it appears your CMOS battery is flat.
Total Trackbacks 0