Setting up a Local / Internal NTP Server to allow time synchronization

Issue

When external internet access is not possible an alternative NTP Server is required to allow ES and AS to by time synchronized onsite.

Product Line

EcoStruxure Building Operation

Environment

• Enterprise Server / Automation Server on closed network

• Eg Windows 7

Cause

AS will not synchronize the time with a local NTP such as Windows 7 (32 or 64 bit) without it first being configured.

Even then, increasing Cyber Security features within EBO means that the use of a 3rd Party NTP is becoming a much better option.

Resolution

Preferred Solution

The very best option for the latest versions of EBO would be to investigate. Meinberg NTP which is a third party NTP server that runs on the Win7 or Win10 OS and provides NTP by synchronizing with four or more Internet clocks and is a trusted time source in NTP.  It is not an officially supported PSS tool, but it does fix the issue of the ES/AS not trusting the time.  

Windows 7  Config

If you still wish to attempt the Windows 7 NTP option first the procedure to setup is as follows:   

1. In the 'Services' window (part of Administrative Tools) Stop the 'Windows Time' service if already running. The 'Startup Type' could be set as Manual or Automatic depending on the user needs.
2. In the Registry Editor following changes to be made under the Key
   • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time:
   • ** Config -> AnnounceFlags = 5.
   • **
   • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer -> Enabled = 1.
3. Start the 'Windows Time' service in the 'Services' window(part of Administrative Tools).
   Note: NTP uses UDP Port 123
   Below is a Wireshark capture using filter udp.port == 123 indicating the “Leap indicator” bits are 11, meaning “clock unsynchronized”.
   

NOTE: The NTP client in the AS may ignore the time sent by the NTP server if the root dispersion is greater than 'X' seconds (unknown at this time). See Automation Servers ignore time sync message sent from Windows NTP server that uses local internal cl... for information on how to determine whether this is a problem at the site and how to resolve it.

Note: Test Lab results show that once validated and synchronized, the AS asks the time from the NTP about every 17 minutes.

Two enhancements have been requested for a future release:

1. Workstation gets an alarm if the NTP is not a valid reply
2. A tick box setting in Workstation so the ES/AS can accept an invalidated reply(time)