Howto – Configure Windows Time Service

Apropos:

Configuring windows time in an active directory domain from zero to hero.

In a domain environment the master clock is hosted on the domain controller which holds the PDC emulator role.  This domain controller synchronizes it’s time from an external time source

All other domain controllers and workstations utilize the domain hierarchy to locate their time source.

Resetting and restoring the entire domain time synchronisation hierarchy consists of the following steps:

1. Reset the windows time service on the domain controller that holds the PDC emulator and reconfigure the pdc emulator with an external time source.

2. Reset the time service on any domain member server and reconfigure them to follow the domain hierarchy

3. If necessary, reset any workstations and reconfigure them to follow the domain hierarchy.

NOTE: It’s important to note, if your domain controllers are hosted on virtual infrastructure, it’s necessary to disable part of the virtual time provider, failing to do so will render your domain time synchronisation invalid.

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0

1. Reset the windows time service on the domain controller that holds the PDC emulator and reconfigure the pdc emulator with an external time source.

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0
net stop w32Time
w32tm /unregister
w32tm /register
net start w32time
W32tm /config /manualpeerlist:pool.ntp.org,0x1 /syncfromflags:manual /reliable:yes /update
net stop w32time & net start w32time & W32tm /resync /rediscover

2. Reset the time service on any domain member server and reconfigure them to follow the domain hierarchy

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0
net stop w32Time
w32tm /unregister
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /reliable:yes /update
net stop w32time & net start w32time & W32tm /resync /rediscover

3. If necessary, reset any workstations and reconfigure them to follow the domain hierarchy.

net stop w32Time
w32tm /unregister
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update
net stop w32time & net start w32time & W32tm /resync /rediscover

How to check the time service current status:

w32tm /query /status /verbose

How to force a time sync:

w32tm /resync /force

How to verify a specific time server:

w32tm /monitor /computers:10.1.1.101

How to compare the time of the local computer with another time source:

w32tm /stripchart /computer:10.1.1.1 /samples:1 /dataonly
Advertisement

Published by

Ronny Van den Broeck

I'm a network and system engineer for more than 20 years now. During this period I became a pro in hunting down one's and zero's, with an eager mindset to help people accomplish the same or abstract them away from the matrix.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s