Time Sync Issue on Virtualized Domain Controllers VM on Hyper-V and VMware
September 22, 2014 at 10:26 am 1 comment
Dear Folks
Recently we noticed that our Domain Controller(VM) was throwing the Wrong time and forcing all the other servers and the client pc’s the wrong time.
Hence we started digging the problem by initially finding the source for our Domain Controller Clock it was found out by using the below command
w32tm /query status
Source: VM IC Time Synchronization Provider
This means the source is the Hyper-V Guest Integration Time Service.and in turn our Hyper-V server was having the wrong time.
Therefore what we did is we disabled the “Hyper-V Time Synchronization Service” via services. thereafter we ran the command mentioned above and the source became
Source: Local CMOS Clock
Then we set the local clock on DC to the correct time and noticed that all our servers and client started taking the time from the Domain Controller correctly.
So as a practice I would advice to do the same when your DC is sittings as a VM on any Hypervisor to avoid time sync issues.
Update:1
As per the new recommendation Microsoft is saying to keep the Time Synchronization service enabled and make the below registry entry on the virtualized PDC emulator
reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0
and add an external source.
Update:2
On the PDC Emulator role server type the below command to check the communication between the NTP server.
w32tm /stripchart /computer:<target> /samples:<n> /dataonly
Then if it is working fine change the NTP as below;
w32tm /config /manualpeerlist:<peers> /syncfromflags:manual /reliable:yes /update
VMware
As per the VMware recommendation
– Keep the VM Tools Time Synchronization Disabled (By Default)
– Configure the ESXi host to use an external time source(Router / Switch / Public Server)
– Configure the PDC emulator for the external time source same as ESXi Host.
I would like to mention the few commands below which will be useful when dealing NTP issues on Windows;
To Stop/Start NTP
—————–
net stop w32time
net start w32time
To Remove and Install the service
———————————-
w32tm /unregister
w32tm /register
To Configure the PDC to use an external source:
———————————————–
w32tm /config /maunalpeerlist:”fortigate.test.com.sa” /syncfromflags:manual /reliable:yes /update
To Query the status
——————-
w32tm /query /status
w32tm /query /configuration (The output must shows the Type as NTP instead of NTDS5)
To force the time
—————–
w32tm /resync /rediscover
w32tm /config /update
To find the configuration
————————-
w32tm /query /configuration
To check the locaol NTP source
—————————–
w32tm /query /source
To manually check the time source
———————————
w32tm /stripchart /computer:fortigate.test.com.sa /samples:5 /dataonly
To force the member server to sync with the domain controllers available in the domain
w32tm /config /syncfromflags:domhier /update (If the NTP service is disabled make it to manual mode).Entry filed under: Windows.
1.
Obat Maag | May 26, 2015 at 12:22 pm
Way cool! Some very valid points! I appreciate you penning this article and the rest of the site is also really good.