Active Directory Time Synchronization Problems with Hyper-V

One of my customers contacted me today with an issue where the time on all of their servers was off by about 8 minutes or so. My first thought was “which Active Directory domain controller is their authoritative time server?” and “I’ll update the time on it manually and then set it up to synchronize from an Internet time server”.

By default, the authoritative time server for your organization is the server that holds the PDC Emulator FSMO role in the forest root domain. You can run “netdom /query fsmo” from a machine in the forest root domain to determine which DC this role is running on. Each domain has a PDC Emulator, but you want the one in the forest root domain.

Once I had this information, I manually adjusted the time on that domain controller, but within 5 seconds the time changed back to being about 8 minutes or so off. I stopped the windows time service (w32time) thinking that would keep the time from updating automatically, but I experienced the same problem again.

The server was synchronizing its time from the “VM IC Time Synchronization Provider” based on the results of running “w32tm /query /status” from the command line of the DC:

This meant the domain controller that was hosting the PDC Emulator FSMO role for the forest root domain was running as a guest operating system on top of a Hyper-V virtualization server, and it was synchronizing its time from the Hyper-V host OS which was indeed about 8 minutes off. A quick time adjustment to the Hyper-V host OS and the time was correct, at least for now. To keep the guest operating system from synchronizing its time from the host operating system, I went into Hyper-V Manager and disabled the “Time synchronization” Service under “Management>Integration Services”:

Once complete, I ran “w32tm /resync /rediscover” on the domain controller:

If this command fails, check to make sure you have access to the Internet:

I then ran “w32tm /query /status” on the domain controller:

Now the source to synchronize its time from was “Local CMOS Clock” which is the default.

I have read the best practices for configuring an authoritative time server which states that it is recommended to use a hardware source for the time instead of a time server on the Internet, but unless you have some type of Atomic Clock hardware to synchronize from, or you just enjoy manually adjusting the time on your server, I recommend synchronizing the time from an Internet time server.

I followed the “Configuring the Windows Time service to use an external time source” procedure found in Microsoft Knowledge Base Article 816042.

Once everything was configured based on this article, I restarted the Windows Time Service (w32Time), ran “w32tm /resync /rediscover”, and then “w32tm /query /status” which showed the server was now synchronizing it’s time from an Internet time server:

µ

24 Comments

  1. PTZ Camera

    I am so happy to read this. This is the kind of info that needs to be given and not the random misinformation that is at the other blogs. Appreciate your sharing this beneficial content.

    Reply
  2. Eldora Bonker

    Quite a beautiful website. I built mine and i was looking for some ideas and you gave me a few. The website was developed by you?

    Cheers

    Reply
  3. Nicolei

    REALLY helped alot. Thanx 🙂

    Reply
  4. Ken Christensen

    Helped me alot, thanks for sharing!

    Reply
  5. matt

    thank you so much have been trying to fix this issue for days now !

    Reply
  6. chazalihusni

    this helped me..
    thanks for sharing 😀

    Reply
  7. Marco

    Thnk you for sharing this information!

    Reply
  8. Abelardo

    I have been wrestling with this for hours. Thanks a lot,you solved my problem!

    Reply
  9. vijaykommireddi

    Thanks……

    Reply
  10. Tiago

    Isto Resolveu pra mim. This fix worked for me.

    Reply
  11. Matt

    Just as a reminder that totally disabling time sync will prevent you from recovering the domain controller properly if it is suspended (i.e. the hyper-v host is restarted) as it will not know how much time has passed.

    MS recommend that you partially disable time sync by entering the following command on all domain controller guests:
    reg add HKLMSYSTEMCurrentControlSetServicesW32TimeTimeProvidersVMICTimeProvider /v Enabled /t reg_dword /d 0

    This will allow the hyper-v time service to properly handle Gues OS suspends, etc. while allowing normal time updates without the huper-v time source.

    Reply
  12. Alan Hannan

    You nailed it. Thanks. Bookmarking this site to look for answers here first!

    Reply
  13. IKnow

    Thanks, very good indication, helped me a lot.

    Reply
  14. Kurt

    I have a PDC running on ESXI and I cant get the source to change from Local CMOS Clock to anything else and /rediscover gives the error no time data was available. Any Ideas Please?:

    C:UsersAdministrator>w32tm /query /status
    Source: Local CMOS Clock
    Poll Interval: 6 (64s)

    C:UsersAdministrator>w32tm /resync /rediscover
    Sending resync command to local computer
    The computer did not resync because no time data was available.

    Thanks,

    Reply
  15. Uwe

    Thank you,
    It’s so simple when you know the parameters and the correct order.

    Reply
  16. William

    Thank you, Easy step by step how 2’s, locations, . . . . .just plane simple and straight to the point. Thanks again.

    Reply
  17. Vijay

    Its very helpful worked for me.Thanks…Vijay

    Reply
  18. mazu

    Thank you, it worked just fine…
    Wonderful website.

    Reply
  19. Shailesh M

    Thank you! Good article!

    Reply
  20. Michael Eastaugh

    The MS artcile helped. Changing the type from the default NT5DS to NTP fixed for me. Thanks

    Reply
  21. Bogi Lenvig

    Thank you, this saved my day 🙂

    Reply
  22. Alexander Sudworth

    Thanks alot really helpful 😀

    Reply
  23. Eli

    Extremely helpful article

    Reply

Leave a Reply

%d bloggers like this: