Hope you like it..

Time Sync Issue on Virtualized Domain Controllers VM on Hyper-V and VMware

September 22, 2014 at 10:26 am 1 comment

Dear Folks

Recently we noticed that our Domain Controller(VM) was throwing the Wrong time and forcing all the other servers and the client pc’s the wrong time.

Hence we started digging the problem by initially finding the source for our Domain Controller Clock it was found out by using the below command

w32tm /query status

Source: VM IC Time Synchronization Provider

This means the source is the Hyper-V Guest Integration Time Service.and in turn our Hyper-V server was having the wrong time.

Therefore what we did  is we disabled the  “Hyper-V Time Synchronization Service” via services. thereafter we ran the command mentioned above  and the source became

Source: Local CMOS Clock

Then we set the local clock on DC to the correct time and  noticed that all our servers and client started taking the time from the Domain Controller correctly.

So as a practice I would advice to do the same when your  DC is sittings as a VM on any Hypervisor to avoid time sync issues.

Update:1

As per the new recommendation Microsoft is saying to keep the Time Synchronization service enabled and make the below registry entry on the virtualized PDC emulator

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0

and add an external source.

Update:2

On the PDC Emulator role  server type the below command to check the communication between the NTP server.

w32tm /stripchart /computer:<target> /samples:<n> /dataonly

Then if it is working fine change the NTP as below;

w32tm /config /manualpeerlist:<peers> /syncfromflags:manual /reliable:yes /update

VMware

As per the VMware recommendation

– Keep the VM Tools Time Synchronization Disabled (By Default)

– Configure the ESXi host to use an external time source(Router / Switch / Public Server)

– Configure the PDC emulator for the external time source same as ESXi Host.

 

I would like to mention the few commands below which will be useful when dealing NTP issues on Windows;

To Stop/Start NTP
—————–
net stop w32time
net start w32time

To Remove and Install the service
———————————-
w32tm /unregister
w32tm /register

To Configure the PDC to use an external source:
———————————————–
w32tm /config /maunalpeerlist:”fortigate.test.com.sa” /syncfromflags:manual /reliable:yes /update

To Query the status
——————-
w32tm /query /status
w32tm /query /configuration (The output must shows the Type as NTP instead of NTDS5)

To force the time
—————–
w32tm /resync /rediscover
w32tm /config /update

To find the configuration
————————-
w32tm /query /configuration

To check the locaol NTP source
—————————–
w32tm /query /source

To manually check the time source
———————————
w32tm /stripchart /computer:fortigate.test.com.sa /samples:5 /dataonly

 

To force the member server to sync with the domain controllers available in the domain

w32tm /config /syncfromflags:domhier /update (If the NTP service is disabled make it to manual mode).

Entry filed under: Windows.