question

ComputerGladiator avatar image
0 Votes"
ComputerGladiator asked DSPatrick answered

Windows time server not in sync with other devices

Our management team is frustrated with the server time and all other time devices in the office because they are not all synchronized. Windows Time server seems to be 5-7 minutes ahead than cell providers for example. Is there a way to sync with these providers? Appreciate any advice.

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

By default a virtual machine gets time from hypervisor via integration services. Sounds like you'll want to turn off (uncheck) Time synchronization in integration services. If the host were Hyper-V you can do that here.
109565-image.png





--please don't forget to upvote and Accept as answer if the reply is helpful--




image.png (62.2 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I turned off Time Synchronization on the VMs and ran the steps above successfully. Should I run the same on my secondary DC?
Thanks

0 Votes 0 ·

All other domain controllers sync with PDCe so on them you can do;

w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration

--please don't forget to upvote and Accept as answer if the reply is helpful--


0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

Some general info
- All domain members should use NT5DS domain time.
- Desktops and member servers sync with any domain controller.
- Domain controllers sync with PDC emulator (one per domain)
- PDC emulator in child domain can sync with any domain controller in parent domain.
- PDC emulator in parent domain syncs with either a hardware clock or possibly an external source.
https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

On the PDCe

some to choose from
https://tf.nist.gov/tf-cgi/servers.cgi

w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /manualpeerlist:<ntp ip address> /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration

--please don't forget to upvote and Accept as answer if the reply is helpful--






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

In our environment (which has been reliable thus far), I configure all Domain Controllers to synchronize their time with an external source.

I use the w32tm command, you have to run it twice, one to set the config, and one to commit the change.

At a command prompt:

  1. First, modify the config; You are telling the windows time service here to sync from a manual peer list, and that the server specified is reliable. In my case I use pool.ntp.org - this is a pool of free NTP servers on the internet.

w32tm /config /syncfromflags:MANUAL /manualpeerlist:pool.ntp.org /reliable:YES

Then run a second command to notify the windows time service that the config has changed and to commit it.

w32tm /config /update


Once this is done on all domain controllers, their time will be "synchronized" to the same time source (and an accurate one at that). By default, all member servers and computers look to the closest domain controller for their time updates. This should keep ALL your PCs up to date. You can also point other devices (routers, switches, WAPs, etc) to your domain controllers as an NTP source.

Hope this information can help you

Best wishes

Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ComputerGladiator avatar image
0 Votes"
ComputerGladiator answered

Hi, I ran a /query /source command and it shows VM IC Time Synchronization Provider. I have a Domain controller on a VM and a second DC as a stand alone. I don't understand the significance of this provider. Should this be removed? Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Welcome to share your current situation if there are any updates.

Please feel free to let us know if you need further assistance.


Best Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Welcome to share your current situation if there are any updates.

Please feel free to let us know if you need further assistance.


Best Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Welcome to share your current situation if there are any updates.

Please feel free to let us know if you need further assistance.


Best Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.