Service & Support. How do you configure time synchronization using the NTP procedure (without SICLOCK) for small PCS 7 plants?



Similar documents
1 Synchronizing Windows computers

95 Methodist Hill Drive Suite 500 Rochester, New York 14623

Configuration of Microsoft Time Server

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Changing Your Cameleon Server IP

ACTIVE DIRECTORY DEPLOYMENT

XStream Remote Control: Configuring DCOM Connectivity

Service & Support. How do you create a communication of RDP with an Industrial Thin Client SIMATIC ITC? Thin Client.

Service & Support. How can you establish a connection between an S PLC and SIMATIC NET OPC? S PLC, SIMATIC NET OPC.

Service & Support. How do you create a communication of VNC with an Industrial Thin Client SIMATIC ITC? Thin Client.

WinCC Options. Redundancy. Manual C79000-G8263-C142-01

freesshd SFTP Server on Windows

Service & Support. How can you establish a connection between a S PLC and SIMATIC NET OPC? S PLC, SIMATIC NET OPC.

GE Healthcare Life Sciences UNICORN Administration and Technical Manual

Downloading and Using the NIST Time Program

SARANGSoft WinBackup Business v2.5 Client Installation Guide

Troubleshooting Guide

FAQ Communication over IE

TROUBLESHOOTING INCORRECT REPORTING OF THE WHO CHANGED PARAMETER

FAQ Communication over IE

1 crossover cable. the PCs. network

Microsoft XP Professional Remote Desktop Connection

Installation Guide - Client. Rev 1.5.0

RSA Security Analytics

Lab A: Deploying and Managing Software by Using Group Policy Answer Key

Administrator s Guide

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Windows 7 Hula POS Server Installation Guide

Automation License Manager

PROCESS AUTOMATION PLANNING AND INTEGRATION INFORMATION LB8106* Integration in Siemens SIMATIC PCS 7

NETWRIX CHANGE NOTIFIER

Lab - Configure a Windows 7 Firewall

Magaya Software Installation Guide

CONFIGURING TARGET ACTIVE DIRECTORY DOMAIN FOR AUDIT BY NETWRIX AUDITOR

Setting up your laptop to print to the student lounge printer

Accounting Manager. User Guide A31003-P1030-U

How To Install Outlook Addin On A 32 Bit Computer

Printing Options. Netgear FR114P Print Server Installation for Windows XP

DriveLock Quick Start Guide

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Yale Software Library

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Maintaining the Content Server

Please check for updates to make sure you install the most recent version of our software.

Windows XP Home Network Setup: Step-by-Step

Windows Firewall must be enabled on each host to allow Remote Administration. This option is not enabled by default

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Password Policy Enforcer

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Docufide Client Installation Guide for Windows

How to Obtain an OPC License--5. Creating a System Code 5 Entering an Authorization Code 6. Getting Started with SNMP Editor--7

Network Setup Instructions

NVMS User Manual

Connecting the DG-102S VoIP Gateway to your network

Geotech AEMS Data Centre User Guide

SSL VPN Support Guide

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

Administrator s Guide

Diamond II v2.3 Service Pack 4 Installation Manual

Scan to SMB(PC) Set up Guide

Integrating LANGuardian with Active Directory

Using DC Agent for Transparent User Identification

Releasing blocked in Data Security

Configure SPLM 2012 on Windows 7 Laptop

Web-Access Security Solution

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

WinCC Runtime Professional Readme SIMATIC HMI. WinCC V11 SP1. Readme WinCC Runtime Professional. Special considerations for Windows 7.

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

How to configure MAC authentication on a ProCurve switch

Using Logon Agent for Transparent User Identification

SUMMARY Moderate-High: Requires Visual Basic For Applications (VBA) skills, network file services skills and interoperability skills.

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

2010 Ing. Punzenberger COPA-DATA GmbH. All rights reserved.

Optimization in a Secure Windows Environment

File Management Utility User Guide

Appendix F: Instructions for Downloading Microsoft Access Runtime

VoIP Intercom and Cisco Call Manager Server Setup Guide

FlexSim LAN License Server

Instructions for transferring the SINUMERIK HMI to an external screen

OPC Server Machine Configuration

WinCC. Communication Manual. Manual 2. This manual is part of the documentation package with the order number: 6AV6392-1CA05-0AB0 C79000-G8276-C156-01

XMap 7 Administration Guide. Last updated on 12/13/2009

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Siemens AG LOGO! App V1.0.0 LOGO! Edition 03/2013. Manual. Answers for industry.

WestermoConnect User Guide. VPNeFree Service

Host Installation on a Terminal Server

C o v e r. Thin Client Application Options. SIMATIC Thin Client s FAQ h April 2009 e et. Service & Support. Answers for industry.

Exercise Safe Commands and Audit Trail

28 What s New in IGSS V9. Speaker Notes INSIGHT AND OVERVIEW

Contents 1. Introduction 2. Security Considerations 3. Installation 4. Configuration 5. Uninstallation 6. Automated Bulk Enrollment 7.

Camera Management Tool User Manual

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

Sophos Endpoint Security and Control standalone startup guide

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

Appendix E. Captioning Manager system requirements. Installing the Captioning Manager

Service & Support. How Can You Have Diagnostics Data of IPCs Displayed in WinCC? WinCC, IPC and DiagMonitor. FAQ July Answers for industry.

Windows XP Chinese Character Support Installation Instruction

Software Version 5.1 November, Xerox Device Agent User Guide

enicq 5 System Administrator s Guide

Transcription:

Cover sheet How do you configure time synchronization using the NTP procedure (without SICLOCK) for small PCS 7 plants? SIMATIC PCS 7 FAQ March 2013 Service & Support Answers for industry.

Question This entry originates from the Siemens Industry Online Support. The conditions of use specified there apply (http://www.siemens.com/terms_of_use). Go to the following link to download this document. http://support.automation.siemens.com/ww/view/en/61931975 Caution The functions and solutions described in this article confine themselves predominantly to the realization of the automation task. Furthermore, please take into account that corresponding protective measures have to be taken in the context of Industrial Security when connecting your equipment to other parts of the plant, the enterprise network or the internet. Further information can be found in Entry ID:!50203404!. http://support.automation.siemens.com/ww/view/en/50203404 Question How do you configure time synchronization using the NTP procedure (without SICLOCK) for small PCS 7 plants? Answer In order to implement time synchronization in a PCS 7 plant it is always recommended to use a central plant clock (as described in the manual SIMATIC Process Control System PCS 7 Time synchronization (V8.0) ). Generally, it is also possible to synchronize a small PCS 7 plant (e.g. test configuration) with operating system means. To do so, please see the following instruction. 2 V 1.2, Entry ID: 61931975

Contents Contents 1 Introduction... 4 2 Time Synchronization Using the NTP Procedure... 5 2.1 General configuration... 5 2.2 Configuration of the NTP Server (PC 1a)... 5 2.3 Configuration of a Redundant NTP Server (PC 1b)... 8 2.4 Configuration of the NTP Client... 10 2.5 Resetting the W32time Service... 11 2.6 Configuration of an AS for the NTP Procedure... 11 2.7 Configuration of IE Switches... 11 3 Diagnostics... 13 3.1 Checking the Time Synchronization... 13 3.2 NCM S7 Diagnostics... 13 4 Additional Information... 16 V 1.2, Entry ID: 61931975 3

1 Introduction 1 Introduction This document includes instructions for configuring time synchronization in small PCS7 plants without an external time receiver (DCF77 -> SICLOCK, for example) and without Domain Controller (DC). Detailed information on the topic of "Time Synchronization" is available in the following documents: SIMATIC Process Control System PCS 7 Time synchronization (V8.0) SIMATIC Process Control System PCS 7 PCS 7 Readme V8.0 including Update 1 The procedures described in this entry and the screenshots were created on the basis of Windows 7 / Windows Server 2008 R2, but are also applicable for Windows XP SP3 / Windows Server 2003 (R2). 4 V 1.2, Entry ID: 61931975

2 Time Synchronization Using the NTP Procedure 2 Time Synchronization Using the NTP Procedure All the PC stations of a PCS 7 plant can be synchronized using the NTP procedure. With the NTP procedure the network components fetch the time cyclically and actively from an NTP server. In plants without a central plant clock it is recommended to implement a redundant OS server pair (in this example PC 1a and redundant PC 1b). A NTP server is configured through the settings of the Group Policy Objects (GPOs) and WinCC Time Synchronization at the respective PC station. This procedure is described step-by-step in the following chapters. In the case of failure of the NTP server which is configured on a non-redundant PC, a project-specific solution must be organized (synchronization over the internet or another NTP server, for example). 2.1 General configuration The service Windows Time (name of service W32time ) has to be started. The Startup type has to be Automatic (Delayed Start). In Windows Firewall create a new Inbound Rule that allows incoming connections on port 123 2.2 Configuration of the NTP Server (PC 1a) Proceed as follows to configure a PC station (PC 1a) as NTP server and thus synchronize other PC stations with it. 1. Log on as a user with administrator rights. 2. Open the Windows command line by clicking "Start > Run..." or with the key combination "Windows key + R". 3. Enter the command "gpedit.msc" in the "Open" input field. 4. In the tree view you select the folder "Policies for local computer > Computer configuration > Administrative templates > System > Windows Time Service". For Windows XP: "Policies for local computer > Computer configuration > Administrative templates > System > Windows Time Service". 5. In the detail window you double-click the "Global Configuration Settings" object. The "Global Configuration Settings" dialog opens. V 1.2, Entry ID: 61931975 5

2 Time Synchronization Using the NTP Procedure 6. Activate the "Enabled" option. Figure 2-1 7. Make the following settings. Table 2-1 Field Value FrequencyCorrectRate 3 HoldPeriod 4 LargePhaseOffset 50000000 MaxAllowedPhaseOffset 3 MaxNegPhaseCorrection 4294967295 (max. value) (*) MaxPosPhaseCorrection 4294967295 (max. value) (*) PhaseCorrectRate 2 PollAdjustFactor 5 SpikeWatchPeriod 60 UpdateInterval 60 AnnounceFlags 5 6 V 1.2, Entry ID: 61931975

2 Time Synchronization Using the NTP Procedure Field EventLogFlags 2 LocalClockDispersion 10 MaxPollInterval 10 MinPollInterval 10 Value (*) In Windows XP and 2003 you can enter the value 0. The maximum value is set automatically after you hit the lower arrow key. 8. Leave all the other values in the standard settings. 9. Click on the "OK" button. 10. In the tree view of the "Editor for local group policies" you select the folder "Policies for local computer > Computer configuration > Administrative templates > System > Windows Time Service > Time Providers". The associated objects are displayed in the detail window. For Windows XP: "Policies for local computer > Computer configuration > Administrative templates > System > Windows Time Service". 11. Make the following settings. Table 2-2 Object Enable Windows NTP Client Configure Windows NTP Client Enable Windows NTP Server Setting Double-click the object and enable the "Disabled" option. Double-click the object and enable the "Disabled" option. Double-click the object and enable the "Enabled" option. 12. Start the Windows input prompt as administrator. For this you click "Start" in the taskbar and enter "cmd" in the "Search programs and files" field. The search now displays the "cmd.exe" program as a result. Start the program with "Right-click > Run as administrator". 13. In the Window prompt you enter the following commands (replace "IP Address Server1" and "IP Address Server2" with the IP addresses of the two servers and please note the space in front of the secon IP Address): w32tm /config /manualpeerlist:"<ip Address Server1>,0x1 <IP Address Server2>,0x1 /syncfromflags:manual /reliable:yes /update Example: w32tm /config /manualpeerlist:"192.168.178.201,0x1192.168.178.202,0x1 /syncfromflags:manual /reliable:yes /update V 1.2, Entry ID: 61931975 7

2 Time Synchronization Using the NTP Procedure 14. After changing the NTP service (W32time is the service, W32tm is the application for the service) you must restart it. You do this by restarting the computer. Alternatively you can execute the commands below in the input prompt: gpupdate /force w32tm /config /update To stop and start the service: 1. net stop w32time 2. net start w32time 2.3 Configuration of a Redundant NTP Server (PC 1b) Proceed as follows to configure a PC station (PC 1b) as a redundant NTP server: 1. Perform the steps 1 to 6 as in the section "Configuration of the NTP Server (PC 1a)". 2. Make the following settings in the "Global Configuration Settings" dialog. Table 2-3 Field Value FrequencyCorrectRate 3 HoldPeriod 4 LargePhaseOffset 50000000 MaxAllowedPhaseOffset 3 MaxNegPhaseCorrection 4294967295 (max. value) MaxPosPhaseCorrection 4294967295 (max. value) PhaseCorrectRate 2 PollAdjustFactor 5 SpikeWatchPeriod 60 UpdateInterval 60 AnnounceFlags 10 EventLogFlags 2 LocalClockDispersion 10 MaxPollInterval 10 MinPollInterval 10 3. Leave all the other values in the standard settings. 4. Click the "OK" button. 5. In the tree view of the "Editor for local group policies" you select the folder "Policies for local computer > Computer configuration > Administrative templates > System > Windows Time Service > Time Providers". The associated objects are displayed in the detail window. 6. Make the following settings. 8 V 1.2, Entry ID: 61931975

2 Time Synchronization Using the NTP Procedure Table 2-4 Object Enable Windows NTP Client Configure Windows NTP Client Enable Windows NTP Server Setting Double-click the object and enable the "Enabled" option. Double-click the object and enable the "Enabled" option. Settings see chapter 2.4, step 9. Double-click the object and enable the "Enabled" option. 7. Start the Windows input prompt as administrator (chapter 2.2, step 12). 8. In the Window prompt you enter the following commands (replace "IP Address Server1" and "IP Address Server2" with the IP addresses of the two servers): w32tm /config /manualpeerlist:"<ip Address Server1>,0x1 <IP Address Server2>,0x1 /syncfromflags:manual /reliable:yes /update 9. After changing the NTP service (W32time is the service, W32tm is the application for the service) you must restart it. You do this by restarting the computer. Alternatively you can execute the commands below in the input prompt: gpupdate /force w32tm /config /update w32tm /resync To stop and start the service: 1. net stop w32time 2. net start w32time V 1.2, Entry ID: 61931975 9

2 Time Synchronization Using the NTP Procedure 2.4 Configuration of the NTP Client Proceed as follows to configure your local computer as NTP Client. 1. Log on as a user with administrator rights. 2. Enter the command "gpedit.msc" in the Windows command line. 3. In the tree view of the editor you mark the folder "Policies for local computer > Computer configuration > Administrative templates > System > Windows Time Service > Time Providers". 4. In the detail window of the editor you double-click the "Enable Windows NTP Client" object. 5. Enable the "Enabled" option. 6. Click the "OK" button. 7. In the detail window you double-click the "Configure Windows NTP Client" object. 8. Enable the "Enabled" option. 9. Make the following settings In the "NtpServer" input field you enter the IP address of the NTP server: "<IP Address Server1>,0x9" (for example 192.168.178.201,0x9). For redundant servers you enter in addition the IP address of the second NTP server separated by a space: "<IP Address Server1>,0x9 <IP Address Server2>,0x9" (for example 192.168.178.201,0x9 192.168.178.202,0x9). Select the "NTP" entry from the "Type" drop-down list. Enter the value "60" in the "SpecialPollInterval input field. 10. Click the "OK" button. 11. Start the Windows input prompt as administrator (chapter 2.2, step 12). 12. In the Window prompt you enter the following commands (replace "IP Address Server1" and "IP Address Server2" with the IP addresses of the two servers): w32tm /config /manualpeerlist:"<ip Address Server1>,0x1 <IP Address Server2>,0x1 /syncfromflags:manual /update Example: w32tm /config /manualpeerlist:"192.168.178.201,0x1192.168.178.202,0x1 /syncfromflags:manual /reliable:yes /update 10 V 1.2, Entry ID: 61931975

2 Time Synchronization Using the NTP Procedure 13. After changing the NTP service (W32time is the service, W32tm is the application for the service) you must restart it. You do this by restarting the computer. Alternatively you can execute the commands below in the input prompt: gpupdate /force w32tm /config /update w32tm /resync To stop and start the service: 1. net stop w32time 2. net start w32time 2.5 Resetting the W32time Service Proceed as follows to reset the W32time service. Start the Windows input prompt as administrator (chapter 2.2, step 12) and execute the following command: 1. w32tm /config /update 2. net stop w32time 3. w32tm /unregister 4. w32tm /register 5. net start w32time 2.6 Configuration of an AS for the NTP Procedure Information about how to configure an AS for the NTP procedure is available in the manual "SIMATIC Process Control System PCS 7 Time Synchronization (V8.0)". The automation system in this case is configured as time master for the time synchronization. 2.7 Configuration of IE Switches IE switches (depending on the type used) provide the option of synchronizing the system time with external clocks. Entries in the Event Log table are given a uniform time stamp throughout the plant. In this way events can be sorted chronologically, which helps find the cause of failures faster. Please refer to the product-specific manuals for information about enabling and disabling synchronization of the IE switch system time over an SNTP server in the network. V 1.2, Entry ID: 61931975 11

2 Time Synchronization Using the NTP Procedure Note You must ensure that each network only contains one time master for providing the time. Separate message frame traffic between the networks. Use the switch to transfer only the time signals from the central plant clock to the relevant network. The function for separating message frame traffic is dependent on the components used for connecting the networks. For SCALANCE Switches (for example SCALANCE X414-3E) > Function Access Control For OSM /ESM > Function Port Lock Bidirectional communication is disabled if the corresponding function is activated. You can find further information and basics in the following sources: Manual SIMATIC Process Control System PCS 7 Time synchronization in the chapter Network environment of a PCS 7 plant SICLOCK web page, for example App_Note_0002.pdf Manual Industrial Communication; Industrial Ethernet Switches; SCALANCE X-300; SCALANCE X-400 Manual SIMATIC NET; Industrial Ethernet OSM/ESM; Industrial Ethernet OSM/ESM 12 V 1.2, Entry ID: 61931975

3 Diagnostics 3 Diagnostics 3.1 Checking the Time Synchronization Proceed as follows to check the time synchronization: 1. Start the Windows input prompt as administrator (chapter 2.2, step 12). 2. You can use the command below to query the time servers currently set. Windows 7: w32tm /query /configuration and w32tm /query /status Windows XP: net time /querysntp 3. Use the command below to display a diagram showing the time difference between the computer currently being used and the time server <computer name>. w32tm /stripchart /computer:<computername> Example: Command: w32tm /stripchart /computer:dc1 You now get the time difference between the computer currently being used and the domain controller "DC1". 3.2 NCM S7 Diagnostics You can call the NCM S7 Diagnostics with the command "Windows > SIMATIC -> STEP 7 -> NCM S7 -> Diagnostics". Alternatively you can also open the NCM S7 Diagnostics with the SIMATIC Manager. For this, in the pop-up menu of the IE CP you select the command "PLC -> Module status" and in the "General" tab you click the "Special diagnostics" button. V 1.2, Entry ID: 61931975 13

3 Diagnostics Figure 3-1 The configured NTP servers (max. 4) are displayed in the "NTP Server" area of the diagnostics dialog. The NTP servers are addressed by the CP and their reply messages evaluated. The NTP server with the greatest precision is chosen. This ensures that the station with the most precise time is synchronized. The NTP servers can have the following statuses: NTP master The display appears for the NTP server that has the greatest accuracy and which is selected by the CP as NTP server. Reachable The configured NTP server can be reached and also sends time-of-day messages. The time is not used for synchronizing the station. Not reachable The configured NTP server does not reply to the NTP queries sent. If all the configured NTP servers can be reached, but none of them is displayed as NTP master, this might be due to the following: The time of the NTP server is evaluated as imprecise. In the CP's firmware there are checks that are defined in the corresponding RFCs (Internet Standard). There are multiple time stamps in the NTP message. If an NTP server is not synchronized externally, this is noted accordingly in the time stamps in the messages. The consequence is that the time-of-day of these NTP servers is not accepted. If no NTP master is displayed among the reachable NTP servers, in addition, the "How often the sampling interval was exceeded" counter is increased by 1 after expiry of the sampling interval. 14 V 1.2, Entry ID: 61931975

3 Diagnostics Note All CPs that have a firmware version older than installed on the modules do not react to the reply message of an NTP server if the server does not have an evennumbered NTP version, V2.x or V4.x, for example. In this case, you must upgrade the module with the latest firmware version. All more recent modules that support time-of-day synchronization by means of NTP also accept reply messages from other NTP server versions. V 1.2, Entry ID: 61931975 15

4 Additional Information 4 Additional Information For more information, go to: Siemens: SIMATIC Process Control System PCS 7 Time synchronization (V8.0) SIMATIC Process Control System PCS 7 Time synchronization (V7.1) Microsoft: <http://technet.microsoft.com/en-us/library/cc773013%28ws.10%29.aspx> <http://support.microsoft.com/kb/816042> <http://technet.microsoft.com/en-us/library/cc773263(ws.10).aspx> 16 V 1.2, Entry ID: 61931975

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information