Time synchronization

I’m having difficulty in synchronizing my clock in Win XP to a time server. Does the Comodo firewall intercept NTP packets? Do I have to configure something to allow this? I’ve tried several time servers and there are errors with all of them.

You can get rid of those time servers using adequate low-latency ones
Get the correct ones by selecting those in your geolocation

To change default windows time server refer to this Microsoft page titled “Microsoft Windows XP - Change the clock synchronization server”

I had the same problem. I added a new server to time server list and the problem was gone. It’s not linked with CFP. I believe it happend to me after some windows update.

Here is how to add a time server.

The server I’ve added:

Hello dave2002. There has been several time server problems of late, but I found out long ago that by choosing a time server pool, this problem goes away.
Try changing the time server to one of the following:

Good luck.

Lee (B)

Oct 15, 2007

I have reviewed this thread and tried all suggestions without success, under XP SP2.

Prior to installing Firewall Pro, I could receive time/date updates from seven sites regularly, named in HKLM/…/DateTime/Servers.
Afterwards, all sites return an error, … always.
Similarly, with the suggested x.us.pool.ntp.org sites, where x = zero - 3!

Can Comodo Support inform us of the Windows component/s which negotiate the Date/Time updates, so we can enable them in the Component Monitor?
Better yet – what is the best solution?

Jack E Martinelli former MS MVP 2001-06 for Win 9X & XP Oct 15, 2007 END

OK, here’s what to do. I just tried this myself because I was also getting an error trying to synchronize with a time server as can be seen in the first image.

To start with go here and download IPNetInfo. You need this utility to determine what the IP address is with the time server you propose to connect to. Run the program (it’s a stand-alone utility, so no installation required) and type in the name of the desired time server. Checkmark the option “Convert host names to IP addresses” as shown in the second image and then click OK.
Double click the result to get the window shown in the third image which shows the IP adress of the time server. In this particular example, I added nl.pool.ntp.org to the HKLM…etc., key and so the IP address is

Now all you have to do is to open Network Monitor and add the rule which will be your IP as Source, as Destination IP and UDP Port 123 for both IN/OUT. Reboot and then attempt a sychronization with the Internet Time menu and you should see the result as illustrated in the fourth image. :slight_smile:

[attachment deleted by admin]

It’s been pointed out to me that reverse DNS is not always the same and therefore there are a couple of inconsistincies in my examples. So this post is just to clarify the position.

First of all, not all members will have a fixed IP address. While the example I gave works for private IP addresses which you’ll have if you’ve got a router (I’ve included a screenshot of my own setup), some members will be on dial-up and will therefore have a dynamic IP address i.e. one that changes every time you logon. In that particular case, you should use “Any” as the source IP instead of a static one.

On the subject of a time server’s IP, it won’t always be the same by virtue of the fact that as the word “pool” suggests, there will probably be more than one time server within that pool. The difficulty here is that the one you choose may be offline at that particular moment in time. I may have been lucky in choosing one which was online at the time I ran my tests in that respect.

If you want to be absolutely certain that your time server is going to work, you can always stick to the default one provided by Microsoft. In that particular case, you need to create a rule allowing UDP in/out on port #123 for this IP address: The server is located in Redmond, Washington. This does imply of course that Microsoft knows when go online every day, but I suppose we just have to get used to them peering over our shoulders all the time.
You can also use the other default IP for time.nist.gov in which case create the rule for IP: That server is located in the National Center for Atmospheric Research in Boulder, Colorado.

[attachment deleted by admin]

I don’t know if anybody else has this problem, but in fOrTy_7’s post here the URL to tweakxp loads a blank page for me. So I thought it might be helpful to post an illustration of how to add a time server to the Registry.

  1. Copy the time server location to the clipboard. For example, highlight 0.north-america.pool.ntp.org then right click the highlight and choose “Copy” from the menu.
  2. Go to Start → Run, type: regedit and click OK.
  3. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DateTime\Servers.
  4. Right click anywhere in the right hand pane and choose New → String. You’ll see the value appear as “New Value #1”.
  5. Type: 4 and click anywhere outside the field to change it to a “4” as shown in the screenshot.
  6. Right the new value and choose “Modify”.
  7. In the blank field called “Value data”, right click and choose “Paste” to paste the location you copied to the clipboard earlier.
  8. Close the registry editor and reboot. Then double click the clock in systray, go to Internet Time and you’ll find your new time server in the context menu.

N.B. In step #5 above, the actual number you need to type will depend on how many time servers are already listed in the Registry. Make the appropriate adjustment if you’ve got more, or less than three.

[attachment deleted by admin]


Here’s a more reliable way of doing it. Go to this site and then in the paragraph called “Searching for a time server” near the top, click the link to “Websearch” (I can’t link to it directly unfortunately). This will take you to a page with three synchronization links. Click any of them, for example, the one to: “Servers Synchronized by CDMA”. This will take you to a list of five time servers, three of which are open access. Click any of those and you’ll get the location and IP address of the server.

Since these are all either educational, scientific or governmental institutions, they’re more likely to be online 24/7/365.

Oct 17, 2007

Thank you, Soya and Zito for your prompt and useful replies.
Also, I am new to this forum and apologize if I have inadvertently stepped on anyone’s toes.

I am still unable to sync with the typical ntp servers, DESPITE the fact that w32time.dll is ALLOWED in the Component Monitor and that I have created a new rule to ALLOW UDP inbound from anywhere on Port 123. Previously, TCP/UDP was permited OUTBOUND anywhere, and still is.

I am simply not familar enough with TCP/IP procedure, nor with the structure of the Comodo firewall to know how to proceed to the solution. I frequently change my broadband IP address so Zito’s solution is not so good for me.

I am very curious as to why this problem is occurring. All twelve available time servers fail now.
Any advice would be most appreciated. END

Hi jemartin,

Could you give me the details of a couple of servers you can’t sync to and I’ll test them on my system.


i set my clock mostly by tv, as you hence time is relative,

did you ask your isp if they provide a time?


PS: a synch trough net isnot atomar in digit???

your problem is that windows looses time, theres some on google which auto adjust task delay.

and time servers, nice backdoor :slight_smile:

Looking back thru the postings, I don’t see this question having been asked: what’s in the CFP logs? (Activity → Logs) If something is being blocked, it’s probably being logged.

I just exported my logs for the past 30 days to test your theory, but couldn’t find any indication in there which would show that a time server was being blocked.

Oct 18, 2007

Well, after rebooting this AM, all is well with the MS DateTime Synchronization under XP SP2!
Following my actions as reported previously, I have done nothing differently except REBOOT.

Perhaps, this is my unexpected answer.
After enabling the UDP inbound on port 123, all seems well now, with several NTP servers replying successfuly to the request, including the x.us.pool.ntp.org sites.

Txs to all who responded to my appeals.
(Wonder what will happen tomorrow!)

Jack E Martinelli END


good point that a reboot makes new rules work!

how often that point forgotten …

might a feature to have a apply button in comodo.


Absense of a log entry would be an indication that the problem isn’t with CFP, but somewhere along the packet route. A confirming test would be to create an “allow&log” rule, to catch and log outbound NTP traffic on UDP port 123. If packets are logged going out, then the question becomes: do the packets actually get to the remote time server, or any time server for that matter.

If the packets are not logged going out, then there is an application question: is the program actually running (at least, far enough) to produce a time server query? Then there is cause to eyeball the Event Log ( Start → Run → Eventvwr.msc ) for any hints as to problems.

Microsoft states that all firewalls, both personal and corporate block the connection to time servers by default. I tested it on my other PC which doesn’t have the Comodo firewall installed (it’s an NVIDIA nForce4 motherboard which has a built-in hardware firewall). But the same problem occured until I created a rule to allow the connection.

Incidentally, have you tried synchronizing it yourself? Theoretically, you should also see the same error message I illustrated earlier (below to save you looking for it) regardless of which time server you choose. EV doesn’t log anything by the way. Once you’ve added the rule to allow outbound communication on port 123, the time will synchronize correctly.

[attachment deleted by admin]

The dayjob LAN environment here is not the normal home style NAT-router setup. It’s an office-like setup, two layers deep behind routers, firewalls, and an in-house NTP server sitting on the LAN router. I can’t run the same kinds of tests, unfortunately.


this no real help just a limerick, often if a time server dont work more, it isnt more trustfull or got over the nice hug control.


use a timesynch software and do that manually, why need automated, beneath the problems stated here.

i use a timeserver once in summer-offtime and once in winter-backtime

in general dont need any ntp a income door, but all need now, make your mind

your mobo have a excellent RTC but none was able to write a good call function.

leech a good internal clock meter, then youre happy, because the problem is some other i wont discuss here.

and i dont think its good reset the internal clock all minute, that hammers on all mobo?