Windows domains have a very important requirement: the time must be +/- 5 minutes within the correct time otherwise things get a little crazy. Exchange servers stop sending & receiving email, Outlook won’t connect, you have trouble joining new PCs to the domain and that just a few. Maintaining the proper time is imperative if you want a non-troublesome domain. When time is off, Kerberos has a tea party with mad hatter, Dormouse and March Hare.
As we have virtualized more and more of our server, two issues commonly appear that are related to time. The first is time drift where time in a VM drifts at constant rate because they cannot duplicate time accurate like a mainboard oscillator can. The second is that if we set a VM to obtain the time from the hardware host, it creates a conflict. The host member server wants to update it’s time from the VM’s flawed time keeping method while at the same time providing the DC virtual machine with it’s own flawed time as a result of obtaining it from the VM.
Some large companies can afford an extra physical DC/PDC to keep track of time however smaller installations may have purely virtualized VM. In these instances, it’s best to set the DC to obtain time from an NTP server in order to keep time steady.
If you have multiple DC’s, it’s important to identify which one is the time server. To do this, execute the following command from and elevated command prompt, on any member server or workstation within your domain.
w32tm /query /source
w32tm /query /peers
This will display the name of the PDC emulator, which holds the time server role.
In Hyper-V manager, locate the virtual machine PDC Emulator and uncheck the time synchronization from the integration services.
Next, log into the PDC emulator and run the following command from an elevated command prompt.
w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update
You can replace time.windows.com with your favorite time server service such as pool.ntp.org or if you prefer, leave it as is. This command will set the PDC to use the MS NTP service as the external time server. When you have finished executing the command, restart the w32tm service.
restart-service w32time
To check that the PDC emulator is set to the external time source, run the following command from the PDC emulator using an elevated command prompt.
w32tm /query /source
