Domain Controller time won't sync with NTP server

Question

I'm having a problem with a domain controller which won't sync with a time server.

I've tried everything I can think of and I've already googled many fixes, but nothing seems to work.

This is a HyperV virtual machine which is a domain controller for the domain. I've set 'Time synchronisation' disabled on the hyperv intergration services.

I've set the time server as follows...

 w32tm /config /manualpeerlist:"0.uk.pool.ntp.org,0x1 1.uk.pool.ntp.org,0x1 2.uk.pool.ntp.org,0x1 3.uk.pool.ntp.org,0x1"
 w32tm /config /reliable:yes
 net stop w32time && net start w32time

The time is still not in sync.

If i then do...

 w32tm /query /source

I get 'Local CMOS Clock'

I've run easyfix 50394 from Microsoft, but that made no difference.

I've checked the reg values as per This page as well; they are correct.

i've checked the firewall - I'm not blocking any outbound traffic at all, so there should be no issue talking to the ntp server, Infact I used bytefusions's ntpquery tool to ensure that pool.ntp.org and 0.uk.pool.ntp.org are contactable etc... They are.

If I run w32tm /resync /rediscover I get...

Can anyone help? I'

score 3 · Answer 1 · answered May 28 '20 at 14:29

Figured I'd add another solution that I encountered.

We have time servers that will not accept an NTP peering connection. They only accept NTP client requests. The Windows 2019 Domain Controller will not automatically try client mode and seems to insist on peering mode. Adding 0x8 to the flags in the manualpeers list fixes this. I.e. change 0x1 to 0x9.

score 3 · Answer 2 · answered Jul 19 '18 at 12:00

3

"For virtual machines that are configured as domain controllers, it is recommended that you disable time synchronization between the host system and guest operating system acting as a domain controller."

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd363553(v=ws.10)

answered Jul 19 '18 at 12:00

Greg Askew

35,880
5
54
82

1

I have done this already in the HyperV intergration services, which is where that article refers. – John Jul 19 '18 at 12:02

score 2 · Answer 3 · answered Jul 19 '18 at 12:25

2

Try running the following from an elevated command prompt. Once completed wait several minutes to see the changes take affect.

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /config /manualpeerlist:"0.uk.pool.ntp.org,0x1 1.uk.pool.ntp.org,0x1 2.uk.pool.ntp.org,0x1 3.uk.pool.ntp.org,0x1"
w32tm /config /reliable:yes
w32tm /config /update

answered Jul 19 '18 at 12:25

joeqwerty

109,901
6
81
172

All of the commands entered and 'successful', however the time hasnt changed - Its been about 15 minutes since I did it – John Jul 19 '18 at 13:06

score 2 · Answer 4 · answered Jul 19 '18 at 15:35

This command is one of the most finicky Windows command line tools that I've ever encountered. Try this, making sure that the manualpeerlist is the last parameter on its line, and include the syncfromflags setting.

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /config /syncfromflags:manual /reliable:yes /manualpeerlist:"0.uk.pool.ntp.org,0x1 1.uk.pool.ntp.org,0x1 2.uk.pool.ntp.org,0x1 3.uk.pool.ntp.org,0x1" 
w32tm /config /update

Domain Controller time won't sync with NTP server

4 Answers4