How to change time source from Local CMOS Clock to NTP server

In this article, we’ll explore how to change the time source from the Local CMOS Clock to an NTP server. Keeping accurate time on your devices is essential for network security, data integrity, and system functionality. Switching to an NTP server helps maintain precise synchronization across systems, allowing them to function efficiently and securely. This guide will walk you through each step to make this change smoothly and ensure your systems remain in sync.

Read more:

Kiến trúc của Active Directory

Hướng dẫn Demote (Remove) Domain Controller Server

1. Issue

Some of my Windows 10 machines in the Active Directory (AD) domain were off by a few minutes compared to the Domain Controller. After running the command w32tm /query /status, I discovered that the time source on these machines was set to the local CMOS clock instead of syncing with the Domain Controller.

2. Cause

I tried the standard methods to update the client to sync time from the Domain Controller, including running:

w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time

However, none of these methods worked.

After running DCDIAG on the Domain Controller, I found that the server wasn’t advertising itself as a time source. Upon further investigation, I noticed that the Domain Controller VM was configured to use time synchronization with the Hyper-V Host. This was the primary cause of the time synchronization issue.

3. Solution

To resolve the issue, I followed these steps:

  1. Disable time integration services with the Hyper-V Host on the Domain Controller VM.
  2. Reconfigure the NTP settings on the Domain Controller holding the PDC (Primary Domain Controller) role using the following commands:
w32tm /config /manualpeerlist:time2.google.com /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time

3.1 Syncing Time on Client Machines

After reconfiguring the Domain Controller, the client machines in the AD domain should automatically check in and sync time with the Domain Controller. If you don’t want to wait for the automatic sync, you can manually sync the time on the client machines by following these steps:

  1. Remote Desktop into the domain client machine(s).
  2. Run the following commands:
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time

#Verify the time settings on the client machine using these commands:

w32tm /query /status
w32tm /query /configuration

4. Conclusion

Accurate time synchronization between machines in an Active Directory domain and the Domain Controller is crucial for ensuring system integrity and security. This issue can be resolved by adjusting the NTP settings on the Domain Controller and ensuring it advertises itself as a reliable time source for client machines.

Using w32tm commands allows for easy checking and troubleshooting of time synchronization issues in a Windows Server environment.

Read more:

Network Policy Server là gì? Thành phần, kiến trúc

Cài đặt và cấu hình DHCP Server – Hướng dẫn từng bước

 

Nguyễn Tiến Trường

Mình viết về những điều nhỏ nhặt trong cuộc sống, Viết về câu chuyện những ngày không có em