Windows 2016 Domain Controller and Hyper-V Time Sync Issues

 

Timing issues on a Domain controller can be a bit of a pain. This is more so the case I have found in Windows Server 2016  running in a MS Hyper V Environment as by default out of the Box Time synchronization is enabled ‘out of the box’ now there are various arguments that The HyperV Server should set the time and DC’s  & Other VMs work from that. Personally, I prefer the  Domain controller to be the epicenter of time keeping

This guide explains how to to do the following

  1. Stop the Hyper V Server from doing the time synchronisation
  2. Set the time peers on the Domain controller to ntp.org servers
  3. Make the Domain Controller a reliable source for clients on the network
  4. Restart the service and communication with NTP
  5. Query and confirm peers

 

First of all, we can see that the Domain controller is getting its timing from the Hypervisor the following command shows us this

w32tm /query /source

1. Stop the Hyper V Server from doing the time synchronisation

So what we need to do first is Disable this in the Hyper V machine settings of our 2016 Domain controller

2.Set the time peers on the Domain controller to ntp.org servers

We now need to go onto the Domain Controller and run the following commands

w32tm /config /manualpeerlist:”0.uk.pool.ntp.org,0x1 1.uk.pool.ntp.org,0x1 2.uk.pool.ntp.org,0x1 3.uk.pool.ntp.org,0x1″ /syncfromflags:manual /reliable:yes /update

this configures the Domain controller to pick up its time from NTP servers out on the internet. this will ensure when we move to GMT from BST the time will be auto updated. note I had some issues here as on Server 2012 R2 previously the command was

w32tm /config /manualpeerlist:”0.uk.pool.ntp.org,0x1 1.uk.pool.ntp.org,0x1 2.uk.pool.ntp.org,0x1 3.uk.pool.ntp.org,0x1″

3. Make the Domain Controller a reliable source for clients on the network

w32tm /config /reliable:yes

This makes the Domain controller a reliable time source for the clients on the network

4. Restart the service and communication with NTP

net stop w32time
net start w32time

Restarts the time Server service which will re sync the time with ntp.org

5. Query and confirm peers

w32tm /query /peers

This command shows the peers that the DC is using to get its time from – In this instance the NTP Servers we set before

Now we should have a reliable time Synchronisation to the domain controller and the rest of the client machines. This may take a couple of hours to propagate and users will need to log out and back in again


Leave a Reply

Your email address will not be published. Required fields are marked *