• There is a dedicated page for public NTP servers.
• There is a dedicated page to Infoblox NTP.

DO NOT use burst or iburst against public NTP servers unless they are announced they accept it (e.g. don't use it against *.ntp.org servers). More details here.

DO NOT configure your system to use leap-smearing NTP servers as well as non-leap-smearing NTP servers at the same time. e.g. do not combine Google NTP with Cloudflare NTP. See here.

Try to use sources with a low poll time.

NTP overview from an NTP author and there is a best practice guide here.

• IANA's page on timezones
• List of Timezones
• List of Timezone Abbreviations

You can query NTP in AWS at this IP

169.254.169.123

The 169.254.169.123 clock smooths out leap seconds over a period of time (commonly called leap smearing) which makes it easy for your applications to deal with leap seconds.

REMEMBER It is important to note that W32Time will only actively synchronize with one time source at a time, even though you are able to list more than one time source. (source)

Most NTP implementations would poll all the servers to choose the best sample, but as of Server 2008, Windows doesn't.

You can test NTP manually using Windows using the following command (where 192.168.1.1 is the IP of the NTP server).

w32tm /stripchart /dataonly /computer:192.168.1.1

Resynchronize the clock

w32tm /resync

Show current timezone settings

w32tm /tz

List external NTP servers (peers)

w32tm /query /peers

or

w32tm /query /peers /verbose

net stop w32time

net start w32time

w32tm /config /manualpeerlist:0.uk.pool.ntp.org,1.uk.pool.ntp.org,2.uk.pool.ntp.org,3.uk.pool.ntp.org,0x1 /syncfromflags:MANUAL /reliable:yes /update 

sudo date -s "22 JUN 2020 13:11:30"

Check status of NTP on Ubuntu 16.04+

timedatectl status

If NTP is not on, try the following command

sudo timedatectl set-ntp on

ntpstat

ntpq -pn

ntpq -p

-p prints peers and -n means it will print IP and not FQDN

The * character is used to mark which peer you are currently synced to. The + character is used to mark candidate peers. The - character is used to mark peers being ignored (because they are so far out of the agreed time pool).

From here.

Reference ID (refid) is a 32-bit code identifying the particular server or reference clock. The interpretation depends on the value in the stratum field.

For packet stratum 0 (unspecified or invalid), this is a four-character ASCII [RFC1345] string, called the “kiss code”, used for debugging and monitoring purposes.

For stratum 1 (reference clock), this is a four-octet, left-justified, zero-padded ASCII string assigned to the reference clock. The authoritative list of Reference Identifiers is maintained by IANA; however, any string beginning with the ASCII character “X” is reserved for unregistered experimentation and development. The identifiers in the list below have been used as ASCII identifiers:

Using the burst option against a public server is considered abuse. Do not use this option with public NTP servers. Use it only for applications within your own organization.

Burst and iBurst are only relevant if the NTP Servers you are synchronising to actually support these features, if not they can be switched off.

The 'burst' option is used to increase the average quality of time offset statistics. At every poll interval, when the NTP server responds, the system will send a burst of up to eight packets instead of the usual one packet. For use with the server command to improve the average quality of the time-offset calculations as well as accurately measure jitter with long poll intervals.

The 'iburst' option is used to improve the time taken for initial synchronization. When the NTP server is unreachable, the NTP client sends a burst of eight packets instead of the usual one packet and then shorten the time until the first sync. The packet spacing is normally 2 seconds. The iburst mode continues to send frequent NTP queries until the server responds and time synchronization starts. After the first minute, the iburst mode typically synchronizes the clock so that queries need to be sent at intervals of 64 seconds or more.

Microsoft only support Simple Network Time Protocol (sntp) which is compatible with NTP clients but does not offer all the functionality of NTP (including Burst and iBurst). Microsoft servers will just ignore the burst and iburst options.

If you need to put in the full MD5 or SHA1 hash but only have a keystring, you can generate the hash in PowerShell.

$stringAsStream = [System.IO.MemoryStream]::new() $writer = [System.IO.StreamWriter]::new($stringAsStream) $writer.write("ThisIsMyKeyString") $writer.Flush() $stringAsStream.Position = 0 Get-FileHash -InputStream $stringAsStream - Algorithm xxx| Select-Object Hash