13

I usually sync my time on any windows based system with internet time.

To do this...

Adjust date/time, then click the Internet Time tab, and Synchronize with an internet time server.

However that tab is missing from my Windows 2008 R2 Server. How is it possible to do an internet time sync or restore this missing tab?

JL.
  • 1,283
  • 10
  • 22
  • 35

3 Answers3

16

If it is a domain member, it will sync time from the Domain Controllers, which in turn sync from the server that holds the PDC Emulator role.

The server that holds the PDC Emulator FSMO role can have its time source set to sync from an external source with the following command:

w32tm /config /manualpeerlist:ServerToSyncFrom /syncfromflags:manual /reliable:yes /update

ServerToSyncFrom should be a reliable ntp time source, probably something from pool.ntp.org.

Then stop and restart the w32time service and you're good to go.

Edit: You should only do this on the PDC Emulator, though it will work on other servers. This will ensure that all time in the domain is in sync. If the clocks between the Kerberos KDC and the clients are out of sync by too much, any Kerberos tickets issues will be considered invalid (I believe 5 minutes is the threshold.) You don't want this to happen, because it will break SSO for file shares, printing and other nicely integrated magic that people take for granted.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • Good answer... It's important to remember this - if the server is a member of a domain then it's more important in many ways that its time is synced with the rest of the domain than it is to ensure the time is correct on that server. Of course, its also a good idea to ensure the time is correct too... But a working server with a clock that's 15 mins slow is nearly always going to be more useful than one nobody can access that has the correct time. – Rob Moir Sep 20 '10 at 14:33
  • @Robert - Right, I wasn't suggesting using this to sync member servers, just to sync the PDC Emulator role holder. I'll update to clarify. – MDMarra Sep 20 '10 at 14:35
  • Small correction, a domain member won't always sync from the PDC Emulator, but rather its closest DC. This may or may not be the PDC Emulator. – ThatGraemeGuy Sep 20 '10 at 14:36
  • @Graeme - Good catch, answer updated. – MDMarra Sep 20 '10 at 14:38
  • Sorry if it sounds like I was sniping, Mark, I know what you meant and thought it was a great answer... though clarification is always good. As a point of interest, I've found Mac clients and servers in a Windows domain especially sensitive to time slip... weird how that happens. – Rob Moir Sep 20 '10 at 16:31
  • @Robert - No you were right. Time is a critical part of SSO integration for Windows services, it's good to be explicit in answers involving domain-wide changes to time. – MDMarra Sep 20 '10 at 17:25
8

If the server (or any Windows computer) is joined to a domain it will synchronize it's time automatically from the domain, and the Internet Time tab will disappear.

Chris S
  • 77,945
  • 11
  • 124
  • 216
3

Here is the Microsoft TechNet official info on how to update the clock on a domain controller

https://technet.microsoft.com/en-us/library/cc784553(v=ws.10).aspx

This is what worked for me:

w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL
w32tm /config /update
w32tm /resync
Agustin Garzon
  • 181
  • 1
  • 1
  • 6
  • Thanks, this worked for me. Worth noting that it took about a minute after `w32tm /resync` for the time to actually change. I then had to manually run `w32tm /resync` on the backup DC and domain members to sync them with the PDC. – EM0 Mar 05 '18 at 12:50