Windows Server 2016 正確的時間Windows Server 2016 Accurate Time

適用於:Windows Server 2016Applies To: Windows Server 2016

簡介Introduction

Windows Server 2016 同步處理時間精確度已經大幅,改善維持向前全 NTP 較舊的 Windows 版本的相容性。Time synchronization accuracy in Windows Server 2016 has been improved substantially, while maintaining full backwards NTP compatibility with older Windows versions. 您可以在合理操作條件維護 1 ms 正確性 UTC-10 或 Windows Server 2016 和 Windows 10 年度更新版網域成員更好。Under reasonable operating conditions you can maintain a 1 ms accuracy with respect to UTC or better for Windows Server 2016 and Windows 10 Anniversary Update domain members. 下列白皮書討論這些主題與相關讓正確的時間:The following whitepaper discusses these topics as they relate to enabling accurate time:

  • 改進Improvements
  • 測量Measurements
  • 最佳做法Best Practices

重要

Windows 2016 正確時間文章參考增補可以下載在此An addendum referenced by the Windows 2016 Accurate Time article can be downloaded here. 本文件會提供我們的測試及度量單位方法有關更多詳細資料。This document provides more details about our testing and measurement methodologies.

注意

快速概述,看看這個高階概觀視訊在https://aka.ms/WS2016TimeVideoFor a quick overview, take a look at this high level overview video at https://aka.ms/WS2016TimeVideo.

概觀Overview

Windows 時間服務是使用外掛程式模型 client 和伺服器的時間同步處理提供者的元件。The Windows Time service is a component which uses a plug-in model for client and server time synchronization providers. 在 Windows 上,有兩個建 client 提供者,有可用的也 3 廠商增益集,以及。There are two built-in client providers on Windows, and there are also 3rd party plugins available as well. 一個提供者使用NTP (RFC 1305)MS-NTP來同步處理本機系統時間 NTP 和/或 MS-NTP 相容參考伺服器。One provider uses NTP (RFC 1305) or MS-NTP to synchronize the local system time to an NTP and/or MS-NTP compliant reference server. 其他提供者是 HYPER-V 和同步處理至 HYPER-V 主機虛擬電腦 (VM)。The other provider is for Hyper-V and synchronizes virtual machines (VM) to the Hyper-V host. 當多個提供者存在時,Windows 將會挑選最佳的提供者,第一次,使用組織層級後面根延遲起始,然後時間時差。When multiple providers exist, Windows will pick the best provider, using stratum level first, followed by root delay dispersion and then time offset.

注意

Windows 時間提供者增益集模型是記載 TechNet 在The windows time provider plugin model is documented on TechNet.

網域和獨立設定以不同方式運作。Domain and Standalone configurations work differently.

  • 網域成員使用安全 NTP 通訊協定,以確保的安全性與的時間參考的真確性使用驗證。Domain members use a secure NTP protocol, which uses authentication to ensure the security and authenticity of the time reference. 由網域階層和評分系統時鐘主要網域成員同步。Domain members synchronize with a master clock determined by the domain hierarchy and a scoring system. 在網域中,還有階層時間 stratums,讓每個俠指向家長俠更加準確的時間組織層的層級。In a domain, there is a hierarchical layer of time stratums, whereby each DC points to a parent DC with a more accurate time stratum. 階層解析 PDC 或根、 樹系 DC DC GTIMESERV 網域旗標,代表告訴您一個好時間伺服器的網域。The hierarchy resolves to the PDC or a DC in the root forest, or a DC with the GTIMESERV domain flag, which denotes a Good Time Server for the domain. 查看指定本機可靠時間服務使用 GTIMESERV一節。See the Specify a Local Reliable Time Service Using GTIMESERV section below.

  • 獨立電腦設定預設為使用 time.windows.com。Standalone machines are configured to use time.windows.com by default. 此名稱解析 isp,應該要指向 Microsoft 擁有資源。This name is resolved by your ISP, which should point to a Microsoft owned resource. 所有遠端位於的時間參考網路中斷,例如可能會導致同步處理。Like all remotely located time references, network outages, may prevent synchronization. 網路流量載入和對稱網路路徑可能降低同步處理時間準確度。Network traffic loads and asymmetrical network paths may reduce the accuracy of the time synchronization. 1 ms 正確性,您無法依賴遠端時間來源。For 1 ms accuracy, you can’t depend on a remote time sources.

HYPER-V 來賓將會有可以選擇在至少兩個 Windows 時間提供者,因為的主機時間和 NTP,您可能會看到不同的行為,與網域或獨立來賓以執行。Since Hyper-V guests will have at least two Windows Time providers to choose from, the host time and NTP, you might see different behaviors with either Domain or Standalone when running as a guest.

注意

如網域階層和評分系統的相關詳細資訊,請查看"What's Windows 時間服務 」?.For more information about the domain hierarchy and scoring system, see the “What is Windows Time Service?”.

注意

組織層的概念用於 NTP 和 HYPER-V 提供者,且其表示階層時鐘位置。Stratum is a concept used in both the NTP and Hyper-V providers, and its value indicates the clocks location in the hierarchy. 保留組織 1 層的最高層級時鐘],和階層 0 保留被視為精確的硬體,而且少或不延遲關聯。Stratum 1 is reserved for the highest level clock, and stratum 0 is reserved for the hardware assumed to be accurate and has little or no delay associated with it. 組織層 2 詢問真人專員組織 1 層的伺服器,階層 3 到階層 2 等等。Stratum 2 talk to stratum 1 servers, stratum 3 to stratum 2 and so on. 而較低的組織層通常表示更加準確的時鐘,就可以找到不一致。While a lower stratum often indicates a more accurate clock, it is possible to find discrepancies. 同時,W32time 只接受階層 15 從或下方的時間。Also, W32time only accepts time from stratum 15 or below. 若要查看的 client 階層,使用w32tm /query /statusTo see the stratum of a client, use w32tm /query /status.

三個重要因素Three Critical Factors

在每個案例中為正確的時間,您有三個重要比例:In every case for accurate time, there are three critical factors:

  1. 實心來源時鐘-來源時鐘在您的網域需求穩定且準確。Solid Source Clock - The source clock in your domain needs to be stable and accurate. 這通常表示安裝 GPS 裝置或指向到階層 1 來源,考慮 #3。This usually means installing a GPS device or pointing to a Stratum 1 source, taking #3 into account. 會,如果您有兩個的水,而且您在嘗試測量相較於到另一個的高度類比,您的準確度是最好的作法如果來源拉梅斯是非常穩定,不移動。The analogy goes, if you have two boats on the water, and you are trying to measure the altitude of one compared to the other, your accuracy is best if the source boat is very stable and not moving. 相同的時間會,如果您的來源時鐘無法穩定,然後整個鏈結同步時鐘的影響,放大每個階段。The same goes for time, and if your source clock isn’t stable, then the entire chain of synchronized clocks is affected and magnified at each stage. 它也必須存取,因為中斷連接中的會干擾同步處理時間。It also must be accessible, because disruptions in the connection will interfere with time synchronization. 而且最後必須安全。And finally it must be secure. 如果維護參考不正確的時間,或由惡意派對、 您可能會顯示您的網域型時間攻擊。If the time reference is not properly maintained, or operated by a potentially malicious party, you could exposes your domain to time based attacks.
  2. 穩定 client 時鐘-穩定 client 時鐘確保 oscillator 的自然積雪是 containable。Stable client clock - A stable client clocks assures that the natural drift of the oscillator is containable. NTP 條件和訓練您本機電腦的時鐘使用多個範例潛在多個 NTP 伺服器。NTP uses multiple samples from potentially multiple NTP servers to condition and discipline your local computers clock. 它不步驟時間會變更,但而不速度變慢或 NTP 要求之間加速的方法的正確時間快速本機時鐘和保持準確。It does not step the time changes, but rather slows or speeds up the local clock that that you approach the accurate time quickly and stay accurate between NTP requests. 不過,如果 client 電腦時鐘 oscillator 不穩定,就會發生空行調整更多變動,然後 Windows 用來條件時鐘演算法無法正確運作。However, if the client computer clock’s oscillator is not stable, then more fluctuations in between adjustments can occur and the algorithms Windows uses to condition the clock don’t work accurately. 有時候,可能需要韌體更新的正確時間。In some cases, firmware updates might be needed for accurate time.
  3. 對稱式 NTP 通訊-很重要的 NTP 通訊連接是對稱。Symmetrical NTP communication - It is critical that the connection for NTP communication is symmetrical. NTP 調整時間假設網路修補程式是對稱用於計算。NTP uses calculations to adjust the time that assume the network patch is symmetrical. 如果路徑 NTP 封包需要移至伺服器需要在不同的一段時間,以返回、 正確性會受到影響。If the path the NTP packet takes going to the server takes a different amount of time to return, the accuracy is affected. 例如,路徑可能會變更因為變更拓撲網路或傳送到裝置有不同的介面速度封包。For example, the path could change due to changes in network topology, or packets being routed through devices that have different interface speeds.

電池供電的裝置的行動裝置版,可移植,您必須考慮不同策略。For battery powered devices, both mobile and portable, you must consider different strategies. 根據我們的建議,會 secure 一秒,與時鐘更新的頻率相關聯的時鐘需要保留正確的時間。As per our recommendation, keeping accurate time requires the clock to be disciplined once a second, which correlates to the Clock Update Frequency. 這些設定將會使用更多電池電力的非預期和可能會干擾省電模式可在 Windows 中,這類裝置。These settings will consume more battery power than expected and can interfere with power saving modes available in Windows for such devices. 電池供電的裝置也已停止所有應用程式,會干擾訓練時鐘和維護正確的時間 W32time 的能力,某些電源模式。Battery powered devices also have certain power modes which stop all applications from running, which interferes with W32time’s ability to discipline the clock and maintain accurate time. 此外,在行動裝置版裝置時鐘可能無法非常準確開始。Additionally, clocks in mobile devices may not be very accurate to begin with. 環境環境條件影響時鐘的正確性和行動裝置版的裝置可以從環境條件移動到下一步,可能會干擾持續時間精確的能力。Ambient environmental conditions affect clock accuracy and a mobile device can move from one ambient condition to the next which may interfere with its ability to keep time accurately. 因此,Microsoft 不建議您在高正確性設定的設定可移植電池供電的裝置。Therefore, Microsoft does not recommend that you set up battery powered portable devices with high accuracy settings.

為何很重要的時間?Why is time important?

有許多不同的原因,您可能需要正確的時間。There are many different reasons you might need accurate time. 適用於 Windows 的一般案例是正確性的 Kerberos,需要 5 分鐘 client 之間伺服器。The typical case for Windows is Kerberos, which requires 5 minutes of accuracy between the client and server. 但是,有許多其他區域受到時間正確性包括:However, there are many other areas that can be affected by time accuracy including:

  • 政府法規像:Government Regulations like:
    • 在美國 FINRA 的 50 ms 準確度。50 ms accuracy for FINRA in the US
    • 1 ms ESMA (MiFID II) 歐盟中。1 ms ESMA (MiFID II) in the EU.
  • 密碼編譯演算法Cryptography Algorithms
  • 例如換貨叢集/SQL 和文件好處分散式的系統Distributed systems like Cluster/SQL/Exchange and Document DBs
  • 比特幣交易 Blockchain 架構Blockchain framework for bitcoin transactions
  • 分散式的登和威脅分析Distributed Logs and Threat Analysis
  • 廣告複寫AD Replication
  • PCI (付款卡片 Industry) 目前 1 第二個正確性PCI (Payment Card Industry), currently 1 second accuracy

Windows Server 2016 的改進Windows Server 2016 Improvements

Windows 時間服務和 NTPWindows Time Service and NTP

Windows Server 2016 已經改進用來修正時間和條件時鐘與 UTC-10 同步處理本機的演算法。Windows Server 2016 has improved the algorithms it uses to correct time and condition the local clock to synchronize with UTC. NTP 使用 4 值計算時間時差,根據時間戳記 client 要求日回應和伺服器要求回應。NTP uses 4 values to calculate the time offset, based on the timestamps of the client request/response and server request/response. 不過的網路都是吵,而且有突然在 NTP 網路塞車,以及其他因素影響延遲網路,因為資料。However, networks are noisy, and there can be spikes in the data from NTP due to network congestion and other factors that affect network latency. Windows 2016 演算法平均出使用幾種不同的技術,會導致穩定和準確時鐘此雜音。Windows 2016 algorithms average out this noise using a number of different techniques which results in a stable and accurate clock. 此外,來源我們會使用正確的時間參考改進的 API,讓我們更高的解析度。Additionally, the source we use for accurate time references an improved API which gives us better resolution. 這些改進我們目前無法達到 1 ms 正確性有關 UTC 跨網域。With these improvements we are able to achieve 1 ms accuracy with regards to UTC across a domain.

Hyper-vHyper-V

Windows 2016 已改善 HYPER-V TimeSync 服務。Windows 2016 has improved the Hyper-V TimeSync service. 改進上 VM [開始] 畫面或 VM 還原中斷延遲修正 w32time 提供的範例包括更加準確的初始時間。Improvements include more accurate initial time on VM start or VM restore and interrupt latency correction for samples provided to w32time. 這項改良功能可讓我們的單元 10µs RMS、(根表示平方,這表示差異),以的主機保持在 50µs,甚至在載入 75%的電腦上。This improvement allows us to stay with-in 10µs of the host with an RMS, (Root Mean Squared, which indicates variance), of 50µs, even on a machine with 75% load.

注意

查看這篇文章HYPER-V 架構如需詳細資訊。See this article on Hyper-V architecture for more information.

注意

載入建立使用 prime95 基準使用平衡設定檔。Load was created using prime95 benchmark using balanced profile.

此外,主機報告 guest 組織層級也更清楚。Additionally, the stratum level that the Host reports to the guest is more transparent. 先前主機會顯示為 2,無論正確性修正的階層。Previously the Host would present a fixed stratum of 2, regardless of its accuracy. Windows Server 2016 中的變更,以主機報告階層大於主機階層,導致的 virtual 來賓更好的時間。With the changes in Windows Server 2016, the host reports a stratum one greater than the host stratum, which results in better time for virtual guests. 主機組織層是透過一般的方式根據其原始檔時間 w32time 來判斷。The host stratum is determined by w32time through normal means based on its source time. Windows 2016 最精確時鐘],而非預設為主機,將會尋找來賓加入網域。Domain joined Windows 2016 guests will find the most accurate clock, rather than defaulting to the host. 基於這個原因,我們建議您手動停用 HYPER-V 時間提供設定參與 Windows 2012R2 和下方網域的電腦是。It was for this reason that we advised to manually disable Hyper-V Time Provider setting for machines participating in a domain in Windows 2012R2 and below.

監視Monitoring

已新增效能監視器。Performance monitor counters have been added. 這些基準,可讓您監視和疑難排解時間準確度。These allow you to baseline, monitor, and troubleshoot time accuracy. 這些計數器包括:These counters include:

計數器Counter 描述Description
計算時差時間Computed Time Offset 計算 W32Time 服務毫秒位移系統時鐘和選擇的時間來源,之間絕對時間。The absolute time offset between the system clock and the chosen time source, as computed by W32Time Service in microseconds. 新的有效範例可使用時,會更新計算的時間時間時差範例所示。When a new valid sample is available, the computed time is updated with the time offset indicated by the sample. 這是本機時鐘的實際時間時差。This is the actual time offset of the local clock. W32time 初始使用此時差時鐘修正,並需要套用至本機時鐘剩餘的時間時差更新計算的時間空行範例。W32time initiates clock correction using this offset and updates the computed time in between samples with the remaining time offset that needs to be applied to the local clock. 可以使用此效能計數器低輪詢間隔追蹤時鐘正確性 (例如: 256 秒或較少),並尋找想要的時鐘正確性限制小於計數器值。Clock accuracy can be tracked using this performance counter with a low polling interval (eg:256 seconds or less) and looking for the counter value to be smaller than the desired clock accuracy limit.
時鐘頻率調整Clock Frequency Adjustment 本機系統時鐘由 W32Time billion 每個部分絕對時鐘頻率調整。The absolute clock frequency adjustment made to the local system clock by W32Time in parts per billion. 這個計數器協助視覺化來 W32time 正在執行的動作。This counter helps visualize the actions being taken by W32time.
NTP 往返延遲NTP Roundtrip Delay 在收到來自伺服器的回應毫秒 NTP Client 遇到的最新來回延遲。Most recent round-trip delay experienced by the NTP Client in receiving a response from the server in microseconds. 這是次經過 NTP client 之間傳輸到 NTP 伺服器要求和有效的回應收到來自伺服器上。This is the time elapsed on the NTP client between transmitting a request to the NTP server and receiving a valid response from the server. 這個計數器協助描述 NTP client 遇到的延遲。This counter helps characterize the delays experienced by the NTP client. 變大或不同往返可以新增雜音 NTP 時間計算,依序可能會影響透過 NTP 同步處理時間準確度。Larger or varying roundtrips can add noise to NTP time computations, which in turn may affect the accuracy of time synchronization through NTP.
NTP Client 來源計數NTP Client Source Count 使用中的 [由 NTP Client NTP 的時間來源數目。Active number of NTP Time sources being used by the NTP Client. 這是計數的作用中的不同的回應此 client 的要求的時間伺服器的 IP 位址。This is a count of active, distinct IP addresses of time servers that are responding to this client’s requests. 放大或縮小比設定等,根據 DNS 解析度等名稱與目前的範圍功能,可能會這個號碼。This number may be larger or smaller than the configured peers, depending on DNS resolution of peer names and current reach-ability.
伺服器 NTP 收到的要求NTP Server Incoming Requests 要求 NTP (要求/秒) 伺服器接收到的號碼。Number of requests received by the NTP Server (Requests/Sec).
NTP 伺服器傳出回應NTP Server Outgoing Responses 要求回答 NTP 伺服器 (回應/秒) 數目。Number of requests answered by NTP Server (Responses/Sec).

第一次 3 計數器為目標,以取得疑難排解正確性問題案例。The first 3 counters target scenarios for troubleshooting accuracy issues. 疑難排解時間正確性和 NTP 區段下,在最佳做法,有更多詳細資料。The Troubleshooting Time Accuracy and NTP section below, under Best Practices, has more detail. 最後一次 3 計數器 NTP 伺服器案例實體鍵盤保護蓋,並會很有幫助時判斷基準與載入您目前的效能。The last 3 counters cover NTP server scenarios and are helpful when determine the load and baselining your current performance.

每個環境組態更新Configuration Updates per Environment

下列告訴您的變更,在舊版 Windows 2016 之間的預設設定為每個角色。The following describes the changes in default configuration between Windows 2016 and previous versions for each Role. Windows Server 2016 和 Windows 10 年度 Update(build 14393) 的設定是現在獨特的原因有會顯示為不同的欄。The settings for Windows Server 2016 and Windows 10 Anniversary Update(build 14393), are now unique which is why there are shown as separate columns.

角色Role 設定Setting Windows Server 2016Windows Server 2016 Windows 10 版本 1607Windows 10 Version 1607 Windows Server 2012 R2Windows Server 2012 R2
Windows Server 2008 R2Windows Server 2008 R2
Windows 10Windows 10
獨立日 Nano ServerStandalone/Nano Server
時間伺服器Time Server time.windows.comtime.windows.com NANA time.windows.comtime.windows.com
輪詢頻率Polling Frequency 64 位 1024 秒64 - 1024 seconds NANA 一個星期了一次Once a week
時鐘更新的頻率Clock Update Frequency 第二個一次Once a second NANA 一小時Once a hour
獨立 ClientStandalone Client
時間伺服器Time Server NANA time.windows.comtime.windows.com time.windows.comtime.windows.com
輪詢頻率Polling Frequency NANA 一天Once a day 一個星期了一次Once a week
時鐘更新的頻率Clock Update Frequency NANA 一天Once a day 一個星期了一次Once a week
網域控制站Domain Controller
時間伺服器Time Server GTIMESERV PDC 日PDC/GTIMESERV NANA GTIMESERV PDC 日PDC/GTIMESERV
輪詢頻率Polling Frequency 64-1024 秒數64 -1024 seconds NANA 1024-32768 秒1024 - 32768 seconds
時鐘更新的頻率Clock Update Frequency 一天Once a day NANA 一個星期了一次Once a week
網域成員伺服器Domain Member Server
時間伺服器Time Server DCDC NANA DCDC
輪詢頻率Polling Frequency 64-1024 秒數64 -1024 seconds NANA 1024-32768 秒1024 - 32768 seconds
時鐘更新的頻率Clock Update Frequency 第二個一次Once a second NANA 在每個 5 分鐘Once every 5 minutes
網域成員 ClientDomain Member Client
時間伺服器Time Server NANA DCDC DCDC
輪詢頻率Polling Frequency NANA 1204-32768 秒1204 - 32768 seconds 1024-32768 秒1024 - 32768 seconds
時鐘更新的頻率Clock Update Frequency NANA 在每個 5 分鐘Once every 5 minutes 在每個 5 分鐘Once every 5 minutes
HYPER-V 來賓Hyper-V Guest
時間伺服器Time Server 選擇最佳的選項,根據主機與的時間伺服器的組織層Chooses best option based on stratum of Host and Time server 選擇最佳的選項,根據主機與的時間伺服器的組織層Chooses best option based on stratum of Host and Time server 預設為主機Defaults to Host
輪詢頻率Polling Frequency 根據上方的角色Based on Role above 根據上方的角色Based on Role above 根據上方的角色Based on Role above
時鐘更新的頻率Clock Update Frequency 根據上方的角色Based on Role above 根據上方的角色Based on Role above 根據上方的角色Based on Role above

注意

適用於 Linux HYPER-V 中,請查看允許 Linux 使用 HYPER-V 主機時間一節。For Linux in Hyper-V, see the Allowing Linux to use Hyper-V Host Time section below.

影響提升的輪詢及時鐘更新的頻率Impact of increased polling and clock update frequency

為了提供更多正確的時間,可讓我們經常進行微調增加輪詢的頻率及時鐘更新的預設值。In order to provide more accurate time, the defaults for polling frequencies and clock updates are increased which allow us to make small adjustments more frequently. 這會讓更多 UDP 日 NTP 流量、 不過,這些封包小,您應該會有一些很或不會影響到寬頻連結。This will cause more UDP/NTP traffic, however, these packets are small so there should be very little or no impact over broadband links. 好處,不過,是這次應該會更多種的硬體及環境較佳。The benefit, however, is that time should be better on a wider variety of hardware and environments.

電池備份裝置的頻繁輪詢可能會造成問題。For battery backed devices, increasing the polling frequency can cause issues. 電池裝置無法儲存時間時關閉。Battery devices don’t store the time while turned off. 當他們繼續時,它可能需要時鐘常用的修正。When they resume, it may require frequent corrections to the clock. 輪詢頻繁會導致變得不穩定的時鐘,您也可以使用更多電力。Increasing the polling frequency will cause the clock to become unstable and could also use more power. Microsoft 建議您不要變更預設 client 的設定。Microsoft recommends you do not change the client default settings.

網域控制站應該受影響最小即使有公式提升更新從 NTP AD 網域中的效果。Domain Controllers should be minimally impacted even with the multiplied effect of the increased updates from NTP Clients in an AD Domain. NTP 有較小資源消耗相較於其他通訊協定與臨界的影響。NTP has a much smaller resource consumption as compared to other protocols and a marginal impact. 您將能更到之前 Windows Server 2016 提高的設定會受到限制其他網域功能。You are more likely to reach limits for other domain functionality before being impacted by the increased settings for Windows Server 2016. Active Directory 會使用安全 NTP,這通常會以較不精確比簡單 NTP 同步處理時間,但我們已經確認它將會縮放用兩戶端階層 PDC 原位。Active Directory does use secure NTP, which tends to sync time less accurately than simple NTP, but we’ve verified it will scale up to clients two stratum away from the PDC.

保守計劃,為您應該會保留 100 NTP 要求核心每秒。As a conservative plan, you should reserve 100 NTP requests per second per core. 例如,組成 4 網域控制站的 4 個核心網域中,您應該可以服務 1600 NTP 要求秒。For instance, a domain made up of 4 DCs with 4 cores each, you should be able to serve 1600 NTP requests per second. 如果您已經設定同步處理時間在每個 64 秒到 10 k 戶端要求隨著時間收到一致,您會看到 [64 10000 日或約 160 要求秒分散在所有的網域控制站。If you have 10k clients configured to sync time once every 64 seconds, and the requests are received uniformly over time, you would see 10,000/64 or around 160 requests/second, spread across all DCs. 這個落輕鬆我們 1600 NTP 秒要求此範例中為基礎。This falls easily within our 1600 NTP requests/sec based on this example. 這些都是保守計劃的建議,當然有大型相依性在您的網路,處理器速度和載入,如往常,基準並測試您的環境中。These are conservative planning recommendations and of course have a large dependency on your network, processor speeds and loads, so as always baseline and test in your environments.

也很重要,請注意,如果您的網域控制站執行,仍的 CPU 載入,超過 40%,這將會幾乎歷經各種暴風雨雜音加入 NTP 回應會影響您的時間準確度在您的網域。It is also important to note that if your DCs are running with a considerable CPU load, greater than 40%, this will almost certainly add noise to NTP responses and affect your time accuracy in your domain. 同樣地,您必須測試結果實際了解您的環境中。Again, you need to test in your environment to understand the actual results.

時間正確性度量單位Time Accuracy Measurements

方法Methodology

若要針對 Windows Server 2016 測量時間正確性,我們使用各種不同的工具,方法環境。To measure the time accuracy for Windows Server 2016, we used a variety of tools, methods and environments. 您可以使用這些技術測量和調整您的環境並判斷正確性結果是否符合您需求。You can use these techniques to measure and tune your environment and determine if the accuracy results meet your requirements.

我們網域來源時鐘所組成 GPS 硬體兩部高精確 NTP 伺服器。Our domain source clock consisted of two high precision NTP servers with GPS hardware. 我們也會使用不同參考測試電腦的度量單位,這也是從不同的製造商所安裝的高精確式 GPS 硬體。We also used a separate reference test machine for measurements, which also had high precision GPS hardware installed from a different manufacturer. 部分的測試,您將需要使用做為您的網域時鐘來源除了參考準確且可靠的時鐘來源。For some of the testing, you will need an accurate and reliable clock source to use as a reference in addition to your domain clock source.

我們用來測量正確性實體和虛擬電腦的四個不同的方法。We used four different methods to measure accuracy with both physical and virtual machines. 多個方法提供獨立的方式來驗證結果。Multiple methods provided independent means to validate the results.

  1. 測量本機時鐘],這由 w32tm 條件,針對我們有另一個 GPS 硬體的參考測試電腦。Measure the local clock, that is conditioned by w32tm, against our reference test machine which has separate GPS hardware.
  2. 測量 NTP ping 從 NTP 伺服器 W32tm 」 stripchart 」 用來Measure NTP pings from the NTP server to clients using W32tm “stripchart”
  3. 測量 NTP ping 從 client NTP 伺服器使用 W32tm 」 stripchart 」Measure NTP pings from the client to the NTP server using W32tm “stripchart”
  4. 測量 HYPER-V 結果的使用時間戳記計數器 (TSC) guest 主機。Measure Hyper-V results from the host to the guest using the Time Stamp Counter (TSC). 這兩個磁碟分割中這個計數器共用之間的磁碟分割和系統時間。This counter is shared between both partitions and the system time in both partitions. 我們計算主機和 client 時間的差在一樣。We calculated the difference of the host time and the client time in the virtual machine. 然後我們會使用 TSC 時鐘後的度量單位不會發生在此同時,請插入來賓,從主機時間。Then we use the TSC clock to interpolate the host time from the guest, since the measurements don’t happen at the same time. 同時,我們會使用延遲和延遲 TSV 時鐘隔離 API 中。Also, we use the TSV clock factor out delays and latency in the API.

W32tm 建,但我們在我們測試期間所使用的其他工具會為您的測試及使用開放原始碼適用於 Microsoft 在 GitHub 存放庫。W32tm is built-in, but the other tools we used during our testing are available for the Microsoft repository on GitHub as open source for your testing and usage. 在存放庫 WIKI 有如何使用工具來執行測量的詳細資訊。The WIKI on the repository has more information describing how to use the tools to do measurements.

https://github.com/Microsoft/Windows-Time-Calibration-Toolshttps://github.com/Microsoft/Windows-Time-Calibration-Tools

測試結果顯示,以下是我們的測試環境的所做的度量單位子集。The test results shown below are a subset of measurements we made in one of the test environments. 它們闡述正確性維護時間階層和結尾的時間階層子女網域 client 的開頭。They illustrate the accuracy maintained at the start of the time hierarchy, and child domain client at the end of the time hierarchy. 這是相較於在 2012 根據拓撲相同電腦進行比較。This is compared to the same machines in a 2012 based topology for comparison.

拓撲Topology

如需比較,我們測試的 Windows Server 2012R2 與 Windows Server 2016 根據拓撲。For comparison, we tested both a Windows Server 2012R2 and Windows Server 2016 based topology. 這兩個拓撲包含兩個實體的 HYPER-V 主機上安裝 GPS 時鐘硬體參考 Windows Server 2016 的電腦。Both topologies consist of two physical Hyper-V host machines that reference a Windows Server 2016 machine with GPS clock hardware installed. 每個主機執行 3 加入網域 windows 來賓,這根據下列拓撲排列。Each host runs 3 domain joined windows guests, which are arranged according to the following topology. 行代表時間階層,以及使用通訊協定日傳輸。The lines represent the time hierarchy, and the protocol/transport that is used.

Windows 時間

Windows 時間

圖形結果概觀Graphical Results Overview

下列兩個圖形代表根據上述拓撲網域中的兩個特定成員時間準確度。The following two graphs represent the time accuracy for two specific members in a domain based on the topology above. 每個圖形顯示 2016年結果顯示和 Windows Server 2012R2 的視覺示範改進。Each graph displays both the Windows Server 2012R2 and 2016 results overlaid, which demonstrates the improvements visually. 正確性是測量的位在主機相較於來賓電腦。The accuracy was measure from with-in the guest machine compared to the host. 表示我們已完成的測試整組子集圖形資料,並顯示的最佳和最差的案例。The graphical data represents a subset of the entire set of tests we’ve done and shows the best case and worst case scenarios.

Windows 時間

根網域 PDC 的效能Performance of the Root Domain PDC

根 PDC 同步處理至 HYPER-V 主機 (使用 VMIC) 也就是 Windows Server 2016 GPS 硬體準確且穩定證明。The Root PDC is synchronized to the Hyper-V host (using VMIC) which is a Windows Server 2016 with GPS hardware that is proven to be both accurate and stable. 這是嚴重 1 ms 正確性,會顯示為遺漏灰色區域的需求。This is a critical requirement for 1 ms accuracy, which is shown as the green shaded area.

Windows 時間

子女網域 Client 的效能Performance of the Child Domain Client

子女網域 Client 已連接到子女網域 PDC 的根 PDC 進行通訊。The Child Domain Client is attached to a Child Domain PDC which communicates to the Root PDC. 時間也可在 1 ms 需求。It time is also within the 1 ms requirement.

Windows 時間

測試左上方Long Distance Test

下表比較 1 virtual 網路躍點 」 來與 Windows Server 2016 6 實體網路躍點。The following chart compares 1 virtual network hop to 6 physical network hops with Windows Server 2016. 有兩個圖表是覆蓋彼此透明度顯示重疊的資料。Two charts are overlaid on each other with transparency to show overlapping data. 增加躍表示更高版本延遲和較大的時間偏差。Increasing network hops mean higher latency, and larger time deviations. 圖表是放大和如此 1 ms 範圍中,由遺漏] 區域中,會放大。The chart is magnified and so the 1 ms bounds, represented by the green area, is larger. 您可以看到是仍在 1 ms 使用多個躍點。As you can see, the time is still within 1 ms with multiple hops. 它會負面移,這證明了網路為中心不對稱。It’s negatively shifted, which demonstrates a network asymmetry. 當然,每個網路不同,且測量許多環境因素而定。Of course, every network is different, and measurements depend on a multitude of environmental factors.

Windows 時間

<a Name=BestPractices>準確 timekeeping 最佳做法<a Name=BestPractices>Best Practices for accurate timekeeping

實心來源時鐘Solid Source Clock

只有一樣來源時鐘與進行同步電腦的時間。A machines time is only as good as the source clock it synchronizes with. 為了實現 1 ms 的正確性,您將需要 GPS 硬體或時間應用裝置為主要來源時鐘您參考您網路上。In order to achieve 1 ms of accuracy, you’ll need GPS hardware or a time appliance on your network you reference as the master source clock. 使用預設的 time.windows.com,可能無法提供穩定與當地的時間來源。Using the default of time.windows.com, may not provide a stable and local time source. 此外,當您遠離來源時鐘、 網路影響準確度。Additionally, as you get further away from the source clock, the network affects the accuracy. 有一個主要來源時鐘中每個資料中心] 是必要的最佳準確度。Having a master source clock in each data center is required for the best accuracy.

硬體 GPS] 選項Hardware GPS Options

有各種不同的正確時間提供硬體方案。There are various hardware solutions that can offer accurate time. 一般而言,方案今天根據 GPS 天線。In general, solutions today are based on GPS antennas. 也有電台及使用專用的行撥號數據機方案。There are also radio and dial-up modem solutions using dedicated lines. 它們連接到您的網路為應用裝置,或是插入電腦的執行個體透過 PCIe 或 USB 裝置的 Windows。They attach to your network as either an appliance, or plug into a PC, for instance Windows via a PCIe or USB device. 其他不同選項將會提供的正確性、 的不同層級,如往常,結果而定您的環境。Different options will deliver different levels of accuracy, and as always, results depend on your environment. 變數影響的正確性,包括 GPS 可用性、 網路穩定性和載入和電腦的硬體。Variables which affect accuracy include GPS availability, network stability and load, and PC Hardware. 這些是所有重要因素時選擇來源時鐘],如我們之前聲明中所,是穩定和正確時間的需求。These are all important factors when choosing a source clock, which as we stated, is a requirement for stable and accurate time.

網域和同步處理時間Domain and Synchronizing Time

網域成員使用網域層判斷的電腦同步處理時間使用做為來源。Domain members use the domain hierarchy to determine which machine they use as a source to synchronize time. 每個網域成員找到另一部電腦同步的並將它儲存為的時鐘來源。Each domain member will find another machine to sync with and save it as it’s clock source. 每種類型的網域成員時鐘來源尋找同步處理時間才能依照一組規則。Each type of domain member follows a different set of rules in order to find a clock source for time synchronization. 在 [樹系根 PDC 是所有網域預設時鐘來源。The PDC in the Forest Root is the default clock source for all Domains. 以下列出的不同的角色,以及高層級描述尋找來源的方式:Listed below are different roles and high level description for how they find a source:

  • 使用 PDC 角色網域控制站– 這台電腦是網域的授權的時間來源。Domain Controller with PDC role – This machine is the authoritative time source for a domain. 它會網域中有提供最正確時間,必須以外於同步 DC 父系網域中的其中GTIMESERV的角色支援。It will have the most accurate time available in the domain, and must sync with a DC in the parent domain, except in cases where GTIMESERV role is enabled.
  • 任何其他網域控制站– 這台電腦做為的時間來源戶端和成員網域中的伺服器。Any other Domain Controller – This machine will act as a time source for clients and member servers in the domain. DC 可以 PDC 的自己網域,或其家長網域中的任何俠同步。A DC can sync with the PDC of its own domain, or any DC in its parent domain.
  • 戶端/成員伺服器] – 這台電腦可以同步的任何俠或自己網域,或俠 PDC PDC 家長網域中的。Clients/Member Servers – This machine can sync with any DC or PDC of its own domain, or a DC or PDC in the parent domain.

根據可用的候選項目,要尋找的最佳的時間來源使用評分系統。Based on the available candidates, a scoring system is used to find the best time source. 系統會考慮的時間來源及的相對位置的可靠性。This system takes into account the reliability of the time source and its relative location. 此選項出現時之後與的時間何時開始服務。This happens once when the time is service started. 如果您需要有進一步控制如何同步處理時間,您可以在特定位置新增對的時機伺服器,或新增冗餘。If you need to have finer control of how time synchronizes, you can add good time servers in specific locations or add redundancy. 查看指定本機可靠時間服務使用 GTIMESERV區段,如需詳細資訊。See the Specify a Local Reliable Time Service Using GTIMESERV section for more information.

作業系統混合的環境 (Win2012R2 和 Win2008R2)Mixed OS Environments (Win2012R2 and Win2008R2)

時所需的最佳正確性純真 Windows Server 2016 網域環境,仍有權益在混合的環境中。While a pure Windows Server 2016 Domain environment is required for the best accuracy, there are still benefits in a mixed environment. 部署 Windows Server 2016 HYPER-V Windows 2012 網域中將前提來賓,因為我們上述,但僅限如果來賓也是 Windows Server 2016 的改良功能。Deploying Windows Server 2016 Hyper-V in a Windows 2012 domain will benefit the guests because of the improvements we mentioned above, but only if the guests are also Windows Server 2016. Windows Server 2016 PDC,將無法提供更加準確的時間,因為它將會改進的演算法更穩定的來源。A Windows Server 2016 PDC, will be able to deliver more accurate time because of the improved algorithms it will be a more stable source. 以取代您 PDC 可能不是選項,您可以改用新增與 Windows Server 2016 DC GTIMESERV相簿設定為在您的網域正確性升級的。As replacing your PDC might not be an option, you can instead add a Windows Server 2016 DC with the GTIMESERV roll set which would be an upgrade in accuracy for your domain. Windows Server 2016 DC 可以下游時間戶端以提供更好的時間,不過,只有來源 NTP 時間一樣。A Windows Server 2016 DC can deliver better time to downstream time clients, however, it’s only as good as its source NTP time.

還,如上述,時鐘輪詢並重新整理頻率經過修改以 Windows Server 2016。Also as stated above, the clock polling and refresh frequencies have been modified with Windows Server 2016. 這些可以手動變更您的舊版 Dc 或透過群組原則套用。These can be changed manually to your down-level DCs or applied via group policy. 我們尚未測試這些設定,而這些應該也中 Win2008R2 Win2012R2 行為,以及提供一些權益。While we haven’t tested these configurations, they should behave well in Win2008R2 and Win2012R2 and deliver some benefits.

Windows Server 2016 有多個問題保留正確的時間讓,會導致系統在進行調整之後會立即時間變動之前的版本。Versions before Windows Server 2016 had a multiple issues keeping accurate time keeping which resulted in the system time drifting immediately after an adjustment was made. 因為經常取得時間範例準確 NTP 來源和條件本機時鐘與資料會導致系統時鐘在較小積雪內取樣期間,導致更好的時間維持在舊版的作業系統版本中。Because of this, obtaining time samples from an accurate NTP source frequently and conditioning the local clock with the data leads to smaller drift in their system clocks in the intra-sampling period, resulting in better time keeping on down-level OS versions. 觀察到的最佳正確性是約 5 ms 當 Windows Server 2012R2 NTP Client、 高不正確設定,以設定同步準確 Windows 2016 NTP 伺服器的時間。The best observed accuracy was approximately 5 ms when a Windows Server 2012R2 NTP Client, configured with the high-accuracy settings, synchronized its time from an accurate Windows 2016 NTP server.

有關來賓網域控制站某些案例中,在 HYPER-V TimeSync 範例可中斷網域時間同步處理。In some scenarios involving guest domain controllers, Hyper-V TimeSync samples can disrupt domain time synchronization. 這應該不會再 Server 2016 來賓 Server 2016 HYPER-V 主機上執行的問題。This should no longer be an issue for Server 2016 guests running on Server 2016 Hyper-V hosts.

若要停用 HYPER-V TimeSync 服務無法提供以 w32time 範例,設定下列來賓機碼:To disable the Hyper-V TimeSync service from providing samples to w32time, set the following guest registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider 
"Enabled"=dword:00000000

讓使用 HYPER-V 主機時間 LinuxAllowing Linux to use Hyper-V Host Time

適用於 Linux 來賓 HYPER-V 中執行,通常是針對 NTP 伺服器同步處理時間使用的 NTP 精靈設定戶端。For Linux guests running in Hyper-V, clients are typically configured to use the NTP daemon for time synchronization against NTP servers. 如果 Linux distribution 支援 TimeSync 版本 4 通訊協定 Linux 來賓已支援 「 TimeSync 整合服務,它將會同步處理針對主機時間。If the Linux distribution supports the TimeSync version 4 protocol and the Linux guest has the TimeSync integration service enabled, then it will synchronize against the host time. 這可能會導致保留是否支援這兩種方法是一致的時間。This could lead to inconsistent time keeping if both methods are enabled.

若要同步專屬針對主機時,建議停用 NTP 時間同步處理被:To synchronize exclusively against the host time, it is recommended to disable NTP time synchronization by either:

  • 停用 ntp.conf 檔案中的任何 NTP 伺服器Disabling any NTP servers in the ntp.conf file
  • 或停用的 NTP 精靈or Disabling the NTP daemon

此設定,時間伺服器參數為這個主機。In this configuration, the Time Server parameter is this host. 它輪詢的頻率 5 秒,時鐘更新頻率也且 5 秒鐘。Its Polling Frequency is 5 seconds and the Clock Update Frequency is also 5 seconds.

若要同步到 NTP 專屬,建議停用來賓 TimeSync 整合服務。To synchronize exclusively over NTP, it is recommended to disable the TimeSync integration service in the guest.

注意

注意: Linux 來賓的正確時間支援需要最新上游 Linux 核心僅限支援的功能,它不常使用的所有 Linux distros 上尚未的項目。Note: Support for accurate time with Linux guests requires a feature that is only supported in the latest upstream Linux kernels and it isn’t something that’s widely available across all Linux distros yet. 請參考適用於 windows HYPER-V 支援 Linux 和 FreeBSD 虛擬機器的支援散發有關更多詳細資料。Please reference Supported Linux and FreeBSD virtual machines for Hyper-V on Windows for more details about support distributions.

指定本機可靠的時間服務使用 GTIMESERVSpecify a Local Reliable Time Service Using GTIMESERV

您可以指定一或多個網域控制站做精確的來源時鐘使用 GTIMESERV,好的時間伺服器,旗標。You can specify one or more domain controllers as accurate source clocks by using the GTIMESERV, Good Time Server, flags. 例如,配備 GPS 硬體特定網域控制站可以標示 GTIMESERV。For instance, specific domain controllers equipped with GPS hardware can be flagged as a GTIMESERV. 這可確保您的網域參考時鐘根據 GPS 硬體。This will insure your domain references a clock based on the GPS hardware.

注意

在 [找到詳細資訊網域旗標MS-ADTS 通訊協定的文件More information about domain flags can be found in the MS-ADTS protocol documentation.

TIMESERV 是另一個相關的網域服務旗標表示授權目前的電腦是否,它可以變更 DC 失去連接。TIMESERV is another related Domain Services Flag which indicates whether a machine is currently authoritative, which can change if a DC loses connection. 在這種狀態 DC 將 「 未知階層 「 透過 NTP 查詢時。A DC in this state will return “Unknown Stratum” when queried via NTP. 嘗試多次之後, 將 DC 登入系統事件時間服務事件 36。After trying multiple times, the DC will log System Event Time-Service Event 36.

如果您想要為 GTIMESERV 設定 DC,這可以使用下列命令,以手動方式來設定。If you want to configure a DC as a GTIMESERV, this can be configured manually using the following command. 在這種情形下 DC 做為主要時鐘使用另一部電腦。In this case the DC is using another machine(s) as the master clock. 這可能是應用裝置或專用的電腦。This could be an appliance or dedicated machine.

w32tm /config /manualpeerlist:”master_clock1,0x8 master_clock2,0x8” /syncfromflags:manual /reliable:yes /update

注意

如需詳細資訊,請查看設定 Windows 時間服務For more information, see Configure the Windows Time Service

如果 DC 已安裝的 GPS 硬體,您需要使用這些步驟來停用 NTP client 以及 NTP 伺服器。If the DC has the GPS hardware installed, you need to use these steps to disable the NTP client and enable the NTP server.

[開始],來停用 NTP Client 以及 NTP 伺服器使用這些登錄重要變更。Start by disabling the NTP Client and enable the NTP Server using these registry key changes.

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpClient /v Enabled /t REG_DWORD /d 0 /f

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpServer /v Enabled /t REG_DWORD /d 1 /f

接下來,重新開機 Windows 時間服務Next, restart the Windows Time Service

net stop w32time && net start w32time

最後,表示這部電腦已使用可靠的時間來源。Finally, you indicate that this machine has a reliable time source using.

w32tm /config /reliable:yes /update

若要查看已正確完成所做的變更,您可以執行下列命令,影響結果如下所示。To check that the changes have been done properly, you can run the following commands which affect the results shown below.

w32tm /query /configuration
值。Value 預期的設定Expected Setting
AnnounceFlagsAnnounceFlags 5 (本機)5 (Local)
NtpServerNtpServer (本機)(Local)
DllNameDllName C:\WINDOWS\SYSTEM32\w32time。DLL (本機)C:\WINDOWS\SYSTEM32\w32time.DLL (Local)
支援Enabled 1 (本機)1 (Local)
NtpClientNtpClient (本機)(Local)
w32tm /query /status /verbose
值。Value 預期的設定Expected Setting
組織層Stratum 1 (主要參考-syncd 廣播時鐘)1 (primary reference - syncd by radio clock)
ReferenceIdReferenceId 0x4C4F434C (來源名稱: 「 本機 」)0x4C4F434C (source name: "LOCAL")
來源Source 本機 CMOS 時鐘Local CMOS Clock
階段時差Phase Offset 0.0000000s0.0000000s
伺服器角色Server Role 576 (可靠的時間服務)576 (Reliable Time Service)

Windows Server 2016 上 3 派對 Virtual 平台Windows Server 2016 on 3rd Party Virtual Platforms

Windows 擬化檔案,預設 Hypervisor 時,提供時間負責。When Windows is virtualized, by default the Hypervisor is responsible for providing time. 但加入網域成員需要要同步的網域控制站的 Active Directory 正常運作。But domain joined members need to be sychronized with the Domain Controller in order for Active Directory to work properly. 最好來賓和任何 3 廠商 virtual 平台主機間的任何時間模擬停用。It is best to disable any time virtualization between the guest and the host of any 3rd party virtual platforms.

探索階層Discovering the Hierarchy

因為的時間階層主要時鐘來源,而且動態網域中交涉,您需要查詢狀態的時間來源,而且鏈結主要來源時鐘了解的出處電腦。Since the chain of time hierarchy to the master clock source is dynamic in a domain, and negotiated, you will need to query the status of a particular machine to understand it’s time source and chain to the master source clock. 這可協助診斷階段同步處理的問題。This can help diagnose time synchronization problems.

提供您想要進行疑難排解的特定 client;使用這個 w32tm 命令來了解它的時間來源是第一個步驟。Given you want to troubleshoot a specific client; the first step is to understand its time source by using this w32tm command.

w32tm /query /status

結果顯示其他項目之間的來源。The results display the Source among other things. 來源表示與您同步網域中的時間。The Source indicates with whom you synchronize time in the domain. 這是此電腦的時間階層的第一個步驟。This is the first step of this machines time hierarchy. 接著會使用上述來源項目,並使用 /StripChart 參數鏈結中找到的下一步的時間來源。Next use Source entry from above and use the /StripChart parameter to find the next time source in the chain.

w32tm /stripchart /computer:MySourceEntry /packetinfo /samples:1

也有很有用,下列命令列出每個找到指定網域中的網域控制站與列印可讓您判斷每個協力廠商的結果。Also useful, the following command lists each domain controller it can find in the specified domain and prints a result which lets you determine each partner. 這個命令,將會包含電腦,可以手動設定。This command will include machines that have been configured manually.

w32tm /monitor /domain:my_domain

使用清單,您可以透過網域結果沿著湖邊繪製,並階層為時間時差每個步驟以了解。Using the list, you can trace the results through the domain and understand the hierarchy as well as the time offset at each step. 找出點時間時差取得大幅糟位置,您可以找出根的正確時間。By locating the point where the time offset gets significantly worse, you can pinpoint the root of the incorrect time. 您可以嘗試了解為何當時是正確打開從w32tm 登入From there you can try to understand why that time is incorrect by turning on w32tm logging.

使用群組原則Using Group Policy

您可以使用群組原則來完成更嚴格準確度,例如,指派戶端使用特定 NTP 伺服器或控制如何舊版作業系統的設定時擬化檔案。You can use Group Policy to accomplish stricter accuracy by, for instance, assigning clients to use specific NTP servers or to control how down-level OS’s are configured when virtualized.
以下是可能案例和相關的群組原則設定的清單:Below is a list of possible scenarios and relevant Group Policy settings:

網域擬化檔案-以 Windows 2012R2 控制擬化檔案網域控制站,讓他們與他們網域同步處理時間,而非與 HYPER-V 主機,您可以停用這個登錄項目。Virtualized Domains - In order to control Virtualized Domain Controllers in Windows 2012R2 so that they synchronize time with their domain, rather than with the Hyper-V host, you can disable this registry entry. Pdc,您不想要為 HYPER-V 主機,將提供最穩定的時間來源,停用的項目。For the PDC, you don’t want to disable the entry as the Hyper-V host will deliver the most stable time source. 變更後重新開機 w32time 服務會要求登錄項目。The registry entry requires that you restart the w32time service after it is changed.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider]
"Enabled"=dword:00000000

正確性機密載入-時間正確性機密工作負載,您可以設定群組的電腦設定的 NTP 伺服器,任何相關的使用時間設定,例如輪詢和時鐘更新的頻率。Accuracy Sensitive Loads - For time accuracy sensitive workloads, you could configure groups of machines to set the NTP servers and any related time settings, such as polling and clock update frequency. 這通常會由網域,但更多的控制,您可以針對特定電腦直接指向主要時鐘。This is normally handled by the domain, but for more control you could target specific machines to point directly to the master clock.

群組原則設定Group Policy Setting 新值。New Value
NtpServerNtpServer ClockMasterName 0x8ClockMasterName,0x8
MinPollIntervalMinPollInterval 6 – 64 秒6 – 64 seconds
MaxPollIntervalMaxPollInterval 66
UpdateIntervalUpdateInterval 100 – 第二個每一次100 – Once per second
EventLogFlagsEventLogFlags 3-所有特殊時間登入3 – All special time logging

注意

NtpServer 和 EventLogFlags 設定位於 System\Widows 時間 Service\Time 提供者使用的 Windows 設定 NTP Client 設定。The NtpServer and EventLogFlags settings are located under System\Widows Time Service\Time Providers using the Configure Windows NTP Client settings. 其他 3 位於 System\Windows 時間服務使用全球設定。The other 3 are located under System\Windows Time Service using the Global Configuration settings.

遠端正確性機密載入遠端– 適用於執行個體零售和付款信用卡 Industry (PCI) 分支網域中的系統,Windows 會使用目前的網站資訊,並尋找 [本機 DC,除非另有手動 NTP DC 定位的時間來源的設定。Remote Accuracy Sensitive Loads Remote – For systems in branch domains for instance Retail and the Payment Credit Industry (PCI), Windows uses the current site information and DC Locator to find a local DC, unless there is a manual NTP time source configured. 此環境需要的正確性、 使用正確的時間來更快速地聚合 1 第二部分。This environment requires 1 second of accuracy, which uses faster convergence to the correct time. 此選項可讓向後移動時鐘 w32time 服務。This option allows the w32time service to move the clock backwards. 如果這是可接受並符合您需求,您可以建立下列原則。If this is acceptable and meets your requirements, you can create the following policy. 在任何環境] 中,以確保測試及基準您的網路。As with any environment, makes sure to test and baseline your network.

群組原則設定Group Policy Setting 新值。New Value
MaxAllowedPhaseOffsetMaxAllowedPhaseOffset 1 超過在第二個,是否為時鐘正確的時間。1, if more than on second, set clock to correct time.

MaxAllowedPhaseOffset 設定位於 System\Windows 時間服務使用全球設定。The MaxAllowedPhaseOffset setting is located under System\Windows Time Service using the Global Configuration settings.

注意

如需在群組原則和項目相關的資訊,請查看Windows 時間服務工具設定參考 TechNet 上的文章。For more information on group policy and related entries, see Windows Time Service Tools and Settings article on TechNet.

Azure 和 Windows IaaS 考量Azure and Windows IaaS considerations

Azure 一樣: Active Directory Domain ServicesAzure Virtual Machine: Active Directory Domain Services

執行 Active Directory Domain Services Azure VM 是否現有先部分 Active Directory 森林,然後 TimeSync(VMIC) 應該停用。If the Azure VM running Active Directory Domain Services is part of an existing on-premises Active Directory Forest, then TimeSync(VMIC), should be disabled. 這是為了讓所有網域控制站實體和 virtual,森林中的使用單一時間同步階層。This is to allow all DCs in the Forest, both physical and virtual, to use a single time sync hierarchy. 請參考最佳做法白皮書「 執行網域控制站在 HYPER-V 」Refer to the best practice whitepaper “Running Domain Controllers in Hyper-V”

Azure 一樣: 加入網域的電腦Azure Virtual Machine: Domain-joined machine

如果您主控也就是現有的 Active Directory 樹系加入網域的電腦,virtual 或實體,最好的做法是 TimeSync 來賓停用,並確保 W32Time 已進行同步處理與設定的時間型透過為網域控制站 = NTP5If you are hosting a machine which is domain joined to an existing Active Directory Forest, virtual or physical, the best practice is to disable TimeSync for the guest and ensure W32Time is configured to synchronize with its Domain Controller via configuring time for Type=NTP5

Azure 一樣: 獨立群組的電腦Azure Virtual Machine: Standalone workgroup machine

如果 Azure VM 未加入網域,也不是網域控制站,建議持續時間預設設定,並讓 VM 與主機同步處理。If the Azure VM is not joined to a domain, nor is it a Domain Controller, the recommendation is to keep the default time configuration and have the VM synchronize with the host.

Windows 應用程式要求正確的時間Windows Application Requiring Accurate Time

頻率 APITime Stamp API

有關 UTC,並不時間的經過正確性最大的程式應該使用GetSystemTimePreciseAsFileTime APIPrograms which require the greatest accuracy with regards to UTC, and not the passage of time, should use the GetSystemTimePreciseAsFileTime API. 這樣可確保您的應用程式可取得 Windows 時間服務會條件系統時間。This assures your application gets System Time, which is conditioned by the Windows Time service.

UDP 效能UDP Performance

如果您有連接埠篩選引擎的基底使用 UDP 通訊的交易,它的重要最小化延遲,有一些有關登錄項目,您可以使用它們來設定連接埠,以排除一系列應用程式。If you have an application that uses UDP communication for transactions and it’s important to minimize latency, there are some related registry entries you can use to configure a range of ports to be excluded from port the base filtering engine. 將提升兩個延遲並提高您處理能力。This will improve both the latency and increase your throughput. 不過,應該限於經驗系統管理員登錄的變更。However, changes to the registry should be limited to experienced administrators. 此外,這個因應措施排除連接埠防火牆受保護。Additionally, this work around excludes ports from being secured by the firewall. 查看下列的文章參考如需詳細資訊。See the article reference below for more information.

適用於 Windows Server 2012 和 Windows Server 2008,您必須先安裝 Hotfix。For Windows Server 2012 and Windows Server 2008, you will need to install a Hotfix first. 您可以參考此知識庫文章:當您在 Windows 8 和 Windows Server 2012 中執行多點收件者的應用程式的資料流遺失You can reference this KB article: Datagram loss when you run a multicast receiver application in Windows 8 and in Windows Server 2012

更新網路驅動程式Update Network Drivers

某些網路廠商有驅動程式更新,以改善效能有關延遲驅動程式和緩衝 UDP 封包。Some network vendors have driver updates which improve performance with regards to driver latency and buffering UDP packets. 請連絡您的網路廠商,看看是否有更新可協助 UDP 處理能力。Please contact your network vendor to see if there are updates to help with UDP throughput.

稽核進行登入Logging for Auditing Purposes

為遵守用時間追蹤法規您以手動方式可以保存 w32tm 登、 事件登和效能監視器資訊。To comply with time tracing regulations you can manually archive w32tm logs, event logs and performance monitor information. 之後,封存的資訊可以用於證明過的特定時間的相容性。Later, the archived information can be used to attest compliance at a specific time in the past. 下列因素用來指出準確度。The following factors are used to indicate the accuracy.

  1. 使用時間計算位移效能監視器計數器時鐘準確度。Clock accuracy using the Computed Time Offset performance monitor counter. 這會顯示的時鐘與中您想要準確度。This shows the clock with in the desired accuracy.
  2. 時鐘尋找 「 等回應從 「 w32tm 登入的來源。Clock source looking for “Peer Response from” in the w32tm logs. 下列訊息文字是 VMIC 描述的時間來源,下一步] 中的參考時鐘鏈結驗證的 IP 位址。Following the message text is the IP address or VMIC, which describes the time source and the next in chain of reference clocks to validate.
  3. 時鐘條件狀態使用 w32tm 登驗證的 「 ClockDispl 訓練: *SKEW*TIME* 」 會發生。Clock condition status using the w32tm logs to validate that “ClockDispl Discipline: *SKEW*TIME*” are occurring. 這表示該 w32tm 使用時間。This indicates that w32tm is active at the time.

事件登入Event Logging

若要取得完成故事,您也會需要事件登入資訊。To get the complete story, you will also need Event log information. 收集系統事件登入並篩選上時間伺服器、 Microsoft Windows 核心-開機、 Microsoft-Windows-核心-一般,您可以探索是否有變更時,例如,第三方其他影響。By collecting the System Event log, and filtering on Time-Server, Microsoft-Windows-Kernel-Boot, Microsoft-Windows-Kernel-General, you may be able to discover if there are other influences that have changed the time, for instance, third parties. 這些登可能需要排除外部干擾。These logs might be necessary to rule out external interference. 群組原則可能影響到的事件登寫入登入。Group policy can affect which event logs are written to the log. 使用群組原則看到上述的一節,以取得詳細資訊。See the section above on Using Group Policy for more details.

W32time 偵錯登入W32time Debug Logging

若要讓 w32tm 稽核用途,下列命令可讓所顯示的時鐘定期更新,並指出來源時鐘登入。To enable w32tm for auditing purposes, the following command enables logging that shows the periodic updates of the clock and indicates the source clock. 重新開機,可讓新的登入服務。Restart the service to enable the new logging.

如需詳細資訊,請查看如何關閉登入 Windows 時間服務偵錯在For more information, see How to turn on debug logging in the Windows Time Service.

w32tm /debug /enable /file:C:\Windows\Temp\w32time-test.log /size:10000000 /entries:0-73,103,107,110

效能的監視器Performance Monitor

Windows Server 2016 Windows 時間服務公開效能計數器用於收集稽核登入。The Windows Server 2016 Windows Time service exposes performance counters which can be used to collect logging for auditing. 這些可在本機或遠端電腦上,登入。These can be logged locally or remotely. 您可以在電腦的時間位移和來回延遲計數器記錄。You can record the Computer Time Offset and Round Trip delay counters.
與任何計數器,例如您可以從遠端監視它們,並建立使用 System Center Operations Manager 警示。And like any performance counter, you can monitor them remotely and create alerts using System Center Operations Manager. 例如,您可以使用警示時所需的正確性從時間位移 drifts 警示您。You can, for instance, use an alert to alarm you when the Time Offset drifts from the desired accuracy. 系統中心管理組件有更多的資訊。The System Center Management Pack has more information.

Windows 利用範例Windows Traceability Example

從 w32tm 登入檔案,您將會要驗證兩個項資訊。From w32tm log files you will want to validate two pieces of information. 首先,登入檔案目前條件時鐘的指示。The first is an indication that the log file is currently condition clock. 這證明,已成為您時鐘 Windows 時間服務容許爭議時間。This prove that your clock was being conditioned by the Windows Time Service at the disputed time.

151802 20:18:32.9821765s - ClockDispln Discipline: *SKEW*TIME* - PhCRR:223 CR:156250 UI:100 phcT:65 KPhO:14307
151802 20:18:33.9898460s - ClockDispln Discipline: *SKEW*TIME* - PhCRR:1 CR:156250 UI:100 phcT:64 KPhO:41
151802 20:18:44.1090410s - ClockDispln Discipline: *SKEW*TIME* - PhCRR:1 CR:156250 UI:100 phcT:65 KPhO:38

主要是您看到的訊息,這是年齡 w32time ClockDispln 訓練加上與您的系統時鐘互動。The main point is that you see messages prefixed with ClockDispln Discipline which is proof w32time is interacting with your system clock.

接下來,您需要登入找到上次的報告之前爭議報告做為參考時鐘目前正在使用的來源電腦的時間。Next you need to find the last report in the log before the disputed time which reports the source computer which is currently being used as the reference clock. 這可能是 IP 位址、 電腦名稱或 VMIC 提供者,表示它已同步的 HYPER-V 主機。This could be an IP address, computer name, or the VMIC provider, which indicates that it’s syncing with the Host for Hyper-V. 下列範例提供 10.197.216.105 IPv4 位址。The following example provides an IPv4 address of 10.197.216.105.

151802 20:18:54.6531515s - Response from peer 10.197.216.105,0x8 (ntp.m|0x8|0.0.0.0:123->10.197.216.105:123), ofs: +00.0012218s

既然您已經驗證參考時間鏈結中的第一次系統,您需要調查參考資料的時間來源登入檔案,並重複相同的步驟。Now that you’ve validated the first system in the reference time chain, you need to investigate the log file on reference time source and repeat the same steps. 直到像是 GPS 或已知的時間來源,例如 NIST 實體時鐘],以繼續。This continues until you get to a physical clock, like GPS or a known time source like NIST. 如果參考時鐘 GPS 硬體,然後從製造登也可能需要。If the reference clock is GPS hardware, then logs from the manufactured might also be required.

網路注意事項Network Considerations

NTP 通訊協定演算法對稱您網路上有相依性。The NTP protocol algorithms have a dependency on the Symmetry of your network. 當您增加躍數目的機率為中心不對稱增加。As your increase the number of network hops, the probability of asymmetry increases. 有,很難預測您特定的環境中將會看到精確度的類型。There for, it’s difficult to predict what types of accuracies you will see in your specific environments.

效能監視器和 Windows Server 2016 中的新 Windows 時間計數器可用於評估您的環境準確度和建立的基準。Performance Monitor and the new Windows Time counters in Windows Server 2016 can be used to assess your environments accuracy and create baselines. 此外,您可以執行疑難排解,來判斷時差目前的任何電腦上您的網路。Additionally, you can perform troubleshooting to determine the current offset of any machine on your network.

有兩個一般標準正確的時間在網路上。There are two general standards for accurate time over the network. PTP (精確度時間通訊協定-IEEE 1588) 網路基礎結構擁有更緊密需求,但通常可以提供子微秒準確度。PTP (Precision Time Protocol - IEEE 1588) has tighter requirements on network infrastructure but can often provide sub-microsecond accuracy. NTP (網路時間通訊協定 – RFC 1305) 上看起來各種不同的網路及的環境中,讓它變得更容易管理的運作方式。NTP (Network Time Protocol – RFC 1305) works on a larger variety of networks and environments, which makes it easier to manage.

Windows 預設非網域連接電腦的支援簡單 NTP (RFC2030)。Windows supports Simple NTP (RFC2030) by default for non-domain joined machines. 針對加入網域的電腦,我們會使用安全 NTP 稱為MS-SNTP,使用網域交涉可提供 RFC1305 RFC5905 中所述驗證 NTP 管理優點。For Domain joined machines, we use a secure NTP called MS-SNTP, which leverages domain negotiated secrets which provide a management advantage over Authenticated NTP described in RFC1305 and RFC5905.

網域與非網域結合通訊協定要求 UDP 連接埠 123。Both the domain and non-domain joined protocols requires UDP port 123. 如需 NTP 最佳做法的詳細資訊,請參考網路時間通訊協定最佳目前做法 IETF 草稿For more information about NTP best practices, refer to Network Time Protocol Best Current Practices IETF Draft.

為了硬體時鐘 (RTC)Reliable Hardware Clock (RTC)

Windows 會不步驟時間,除非特定範圍超過,但而扭曲時鐘。Windows does not step time, unless certain bounds are exceeded, but rather skews the clock. 這表示 w32tm 調整頻率時鐘的頻率,使用時鐘更新頻率設定,以在第二與 Windows Server 2016 的預設值。That means w32tm adjusts the frequency of the clock at a regular interval, using the Clock Update Frequency setting, which defaults to once a second with Windows Server 2016. 如果時鐘之後,它加速的頻率並繼續時,是否會變慢的頻率。If the clock is behind, it accelerates the frequency and if it’s ahead, it slows the frequency down. 不過,之間時鐘頻率調整當時硬體時鐘是控制。However, during that time between clock frequency adjustments, the hardware clock is in control. 如果有時鐘硬體與韌體的問題,在電腦上的時間可以變得較不精確。If there’s an issue with the firmware or the hardware clock, the time on the machine can become less accurate.

這是另一個原因,您需要測試及您的環境中的基準。This is another reason you need to test and baseline in your environment. 如果 」 計算時間位移 「 效能計數器不會在您的目標的正確性穩定,您可能想要驗證您的韌體是最新狀態。If the “Computed Time Offset” performance counter does not stabilize at the accuracy you are targeting, then you might want to verify your firmware is up to date. 與其他測試,您可以查看重複硬體重現相同的問題。As another test, you can see if duplicate hardware reproduce the same issue.

疑難排解時間正確性和 NTPTroubleshooting Time Accuracy and NTP

您可以使用發掘階層上面了解不正確的時間來源。You can use the Discovering the Hierarchy section above to understand the source of the inaccurate time. 查看時間時差、 階層時間位置出現其 NTP 來源最中找到點。Looking at the time offset, find the point in the hierarchy where time diverges the most from its NTP Source. 了解階層之後, 您會想要嘗試並了解為何該特定時間來源不會收到正確的時間。Once you understand the hierarchy, you’ll want to try and understand why that particular time source doesn’t receive accurate time.

將焦點放在不同時間使用的系統上,您可以使用這些工具下列以收集更多資訊,以協助您判斷這個問題並尋找解析度。Focusing on the system with divergent time, you can use these tools below to gather more information to help you determine the issue and to find a resolution. 下方,UpstreamClockSource 參考是時鐘發現使用 「 w32tm /config /status 」。The UpstreamClockSource reference below, is the clock discovered using “w32tm /config /status”.

  • 系統事件登System Event logs
  • 讓登入使用: w32tm 登-w32tm /debug 情況下 /file:C:\Windows\Temp\w32time-test.log /size:10000000 /entries:0-300Enable logging using: w32tm logs - w32tm /debug /enable /file:C:\Windows\Temp\w32time-test.log /size:10000000 /entries:0-300
  • w32Time 登錄 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Timew32Time Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
  • 本機網路追蹤Local network traces
  • 正在 (從本機或 UpstreamClockSource)Performance Counters (from the local machine or the UpstreamClockSource)
  • W32tm /stripchart /computer:UpstreamClockSourceW32tm /stripchart /computer:UpstreamClockSource
  • 了解延遲和躍點來源數目 PING UpstreamClockSourcePING UpstreamClockSource to understand latency and number of hops to Source
  • Tracert UpstreamClockSourceTracert UpstreamClockSource
問題Problem 症狀Symptoms 解析度Resolution
本機 TSC 時鐘不穩定。Local TSC clock is not stable. 使用實體電腦 – 效能同步時鐘穩定時鐘],但您仍然會看到每個 1-2 分鐘的時間的幾個 100us。Using Perfmon - Physical Computer – Sync clock stable clock, but you still see that every 1-2 minutes of several 100us. 更新韌體或驗證不同的硬體不會顯示相同的問題。Update Firmware or validate different hardware doesn’t display the same issue.
網路延遲Network Latency w32tm stripchart 顯示為超過 10 ms RoundTripDelay。w32tm stripchart displays a RoundTripDelay of more than 10 ms. 在延遲接受造成一樣大的來回時間,例如只是一個方向延遲 ½ 雜音。Variation in the delay cause noise as large as ½ of the round trip time, for instance a delay that is only in one direction.
UpstreamClockSource 為多個躍點,PING 所示。UpstreamClockSource is multiple hops, as indicated by PING. TTL 應該接近 128。TTL should be close to 128.

使用 Tracert 在每個躍點尋找延遲。Use Tracert to find the latency at each hop.
尋找更仔細地時鐘來源的時間。Find a closer clock source for time. 一個方案是安裝在同一個區段的來源時鐘或手動指向來源的地理位置靠近時鐘。One solution is to install a source clock on the same segment or manually point to source clock that is geographically closer. 加入網域案例中,GTimeServ 角色一部電腦。For a domain scenario, add a machine with the GTimeServ role.
不會可靠地瑞曲之戰 NTP 來源Unable to reliably reach the NTP source W32tm /stripchart 間歇性傳回 」 要求逾時]W32tm /stripchart intermittently returns “Request timed out” NTP 來源無法回應NTP Source isn’t responsive
NTP 來源無法回應NTP Source isn’t responsive 檢查效能計數器 NTP Client 來源計數、 NTP 伺服器傳入的要求,NTP 伺服器傳出回應,並判斷您使用相較於您的基準。Check Perfmon counters for NTP Client Source Count, NTP Server Incoming Requests, NTP Server Outgoing Responses and determine your usage as compared to your baselines. 使用伺服器效能計數器,判斷是否載入已變更您的基準對照。Using server performance counters, determine if load has changed in reference to your baselines.
有網路壅塞問題嗎?Are there network congestion issues?
未使用的最精確時鐘網域控制站Domain Controller not using the most accurate clock 變更拓撲或最近新增的主要時間時鐘中。Changes in the topology or recently added master time clock. w32tm /resync /rediscoverw32tm /resync /rediscover
變動 client 時鐘Client Clocks are drifting 服務時間事件 36 系統事件登入和/或文字登入檔案,描述: 「 NTP Client 的時間來源計數 「 計數器 1 前往 0Time-Service event 36 in System event log and/or text in log file describing that: "NTP Client Time Source Count" counter going from 1 to 0 疑難排解上游來源,並了解是否正在執行的效能問題。Troubleshoot the upstream source and understand if it’s running into performance issues.

設定基準時間Baselining Time

使您第一次,了解的效能和準確度您的網路,並比較基準未來發生問題時,設定基準很重要。Baselining is important so that you can first, understand the performance and accuracy of your network, and compare with the baseline in the future when problems occur. 您想要基準根 PDC 或任何電腦標示 GTIMESRV。You’ll want to baseline the root PDC or any machines marked with the GTIMESRV. 我們也建議您基準 PDC 每個森林中。We would also recommend you baseline the PDC in every forest. 最後挑選重要的網域控制站或電腦已有趣特性,例如距離或許多與高和基準這些。Finally pick any critical DCs or machines that have interesting characteristics, like distance or high loads and baseline those.

也很有幫助基礎 Windows Server 2016 與 2012 R2,不過您只需要 w32tm /stripchart 為比較,因為 Windows Server 2012R2 不會有計數器效能,您可以使用此工具。It is also useful to baseline Windows Server 2016 vs 2012 R2, however you only have w32tm /stripchart as a tool you can use to compare, since Windows Server 2012R2 doesn’t have performance counters. 您應該選擇相同的特性兩部電腦或升級電腦,並比較更新後的結果。You should pick two machines with the same characteristics, or upgrade a machine and compare the results after the update. Windows 時間度量單位增補有更多有關如何詳細的度量單位之間 2016年 2012年。The Windows Time Measurements addendum has more information on how to do detailed measurements between 2016 and 2012.

使用所有 w32time 效能計數器,至少一個星期了收集的資料。Using the all the w32time performance counters, collect data for at least a week. 這樣可確保您擁有的不同隨著時間網路中的參考及執行,以提供您的時間準確度能穩定信賴的。This will insure you have enough of a reference to account for various in the network over time and enough of a run to provide confidence that your time accuracy is stable.

NTP 伺服器冗餘NTP Server Redundancy

手動 NTP 伺服器設定與非網域中加入的電腦或 PDC 搭配使用,有一個以上的伺服器是告訴您一個好冗餘測量在可用性。For manual NTP Server configuration used with non-domain joined machines or the PDC, having more than one server is a good redundancy measure in case of availability. 它也可能會提供更好的正確性、 假設所有來源都精確與穩定。It might also give better accuracy, assuming the all the sources are accurate and stable. 不過,如果拓撲無法運作的設計,或不穩定的時間來源,結果正確性可能更糟,小心謹慎。However, if the topology is not well designed, or the time sources are not stable, the resulting accuracy could be worse so caution is advised. 伺服器 w32time 可以手動參考支援階段的上限是 10。The limit of supported time servers w32time can manually reference is 10.

閏秒Leap Seconds

地球旋轉期間變化時,造成 climatic 和 geological 事件。The earth’s rotation period varies over time, caused by climatic and geological events. 一般而言,可接受約一秒每隔幾年。Typically, the variation is about a second every couple of years. 只要從不可時間成長為大,已插入一秒 (向上或向下) 的校正,稱為 「 閏第二個。Whenever the variation from atomic time grows to large, a correction of one second (up or down) is inserted, called a leap second. 這是一種不同的永遠不會超過 0.9 秒。This is done in such a way that the difference never exceeds 0.9 seconds. 判斷且認為年之前真正需要修正此。This correction is determined and decided on years before it actually is needed. Windows Server 2016 之前 Microsoft 時間服務不知道閏秒鐘,,但依賴外部時間處理這些服務。Before Windows Server 2016, the Microsoft Time Service was not aware of leap seconds, but relied on the external time service to take care of this. 與 Windows Server 2016 的時間正確性,Microsoft 正常運作的更多適合用於閏第二個問題。With the increased time accuracy of Windows Server 2016, Microsoft is working on a more suitable solution for the leap second problem.

安全播種的時間Secure Time Seeding

W32time Server 2016 中的包含安全時間播種的功能。W32time in Server 2016 includes the Secure Time Seeding feature. 這項功能會判斷出 SSL 來自大約目前的時間。This feature determines the approximate current time from outgoing SSL connections. 此時間值用來監視本機系統時鐘和修正總錯誤。This time value is used to monitor the local system clock and correct any gross errors. 您可以朗讀更多有關功能的的這篇部落格文章You can read more about the feature in this blog post. 部署可靠的時間來源與包含監視時間位移也監控的電腦,您可以選擇不使用 [安全時間播種的功能,改為使用您現有的基礎結構。In deployments with a reliable time source(s) and well monitored machines that include monitoring for time offsets, you may choose to not use the Secure Time Seeding feature and rely on your existing infrastructure instead.

您可以停用的功能與下列步驟:You can disable the feature with these steps:

  1. 0 UtilizeSSLTimeData 登錄的設定值設特定電腦上:Set the UtilizeSSLTimeData registry configuration value to 0 on a specific machine:

    reg 新增 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time\Config /v UtilizeSslTimeData /t 呼叫完成 /d 0 /freg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time\Config /v UtilizeSslTimeData /t REG_DWORD /d 0 /f

  2. 如果因為某些原因立即重新開機,您可以通知 W32time 服務有關的組態更新。If you are unable to reboot the machine immediately due to some reason, you can notify W32time service about the configuration update. 這將會阻止階段監視和執法的時間資料收集從 SSL 連接。This stops time monitoring and enforcement based on time data collected from SSL connections.

    W32tm.exe /config /updateW32tm.exe /config /update

  3. 電腦重新開機一次可設定有效立即,也會造成停止 SSL 來自收集的任何資料的時間。Rebooting the machine makes the setting effective immediately and also causes it to stop collecting any time data from SSL connections. 第二部分非常小的負荷,而且不應該效能問題。The latter part has a very small overhead and should not be a perf concern.

  4. 若要將此設定套用到整部網域中,請將 UtilizeSSLTimeData 值設定為 0 W32time 群組原則設定中,並發行設定。To apply this setting in an entire domain, please set the UtilizeSSLTimeData value in W32time group policy setting to 0 and publish the setting. 設定取貨透過群組原則 Client,W32time 服務會收到通知,並時間監視與執法使用 SSL 時間資料,它將會停止。When the setting is picked up by a Group Policy Client, W32time service is notified and it will stop time monitoring and enforcement using SSL time data. 每一部電腦重新開機時,將會停止 SSL 時間資料收集。The SSL time data collection will stop when each machine reboots. 如果您的網域有膝上型電腦平板可移植纖薄和其他裝置,您可能想要排除這類的電腦,這項原則變更。If your domain has portable slim laptops/tablets and other devices, you may want to exclude such machines from this policy change. 這些裝置最後會面臨電池電力流失和需要安全時間播種功能要他們的使用時間。These devices will eventually face battery drain and need the Secure Time Seeding feature to bootstrap their time.