We have an NTP server that was setup with NTP keys. https://docs.ntpsec.org/latest/ntp_keys.html
We are trying to configure our domain controllers to use this NTP server as the authoritative time source. We can talk to the NTP server without keys fine but as soon as we enable keys on the NTP side, communication fails. Where can we specify a keys file/strings to allow Windows to talk to our NTP server using NTP keys? Thank you!
w32time is not compatible with ntpd's symmetric key implementation. Meinberg cites Microsoft MS-SNTP spec in which packets are either using MS netlogon based auth extension, or unauthenticated. ntpd gained experimental mssntp support, but no guarantee it will be available on your NTP server.
The goal of NTP auth is to reduce the risk of an impostor NTP server serving the wrong time. When this is difficult to implement, use alternative controls at the network level.
Assuming you wish to continue running your NTP servers on not-Windows, remove the keys and use unauthenticated. Domain controllers use it as an "internet" source. Protect the NTP server by restricting access to it. Use a private network for transport. Limit queries to allowed subnets with firewalls and possibly ntpd's restrict keyword.