In this article, we’ll explore how to change the time source from the Local CMOS Clock to an NTP server. Keeping accurate time on your devices is essential for network security, data integrity, and system functionality. Switching to an NTP server helps maintain precise synchronization across systems, allowing them to function efficiently and securely. This guide will walk you through each step to make this change smoothly and ensure your systems remain in sync.
Read more:
1. Issue
Some of my Windows 10 machines in the Active Directory (AD) domain were off by a few minutes compared to the Domain Controller. After running the command w32tm /query /status
, I discovered that the time source on these machines was set to the local CMOS clock instead of syncing with the Domain Controller.
2. Cause
I tried the standard methods to update the client to sync time from the Domain Controller, including running:
w32tm /config /syncfromflags:domhier /update net stop w32time net start w32time
However, none of these methods worked.
After running DCDIAG on the Domain Controller, I found that the server wasn’t advertising itself as a time source. Upon further investigation, I noticed that the Domain Controller VM was configured to use time synchronization with the Hyper-V Host. This was the primary cause of the time synchronization issue.
3. Solution
To resolve the issue, I followed these steps:
- Disable time integration services with the Hyper-V Host on the Domain Controller VM.
- Reconfigure the NTP settings on the Domain Controller holding the PDC (Primary Domain Controller) role using the following commands:
w32tm /config /manualpeerlist:time2.google.com /syncfromflags:manual /reliable:yes /update net stop w32time net start w32time
3.1 Syncing Time on Client Machines
After reconfiguring the Domain Controller, the client machines in the AD domain should automatically check in and sync time with the Domain Controller. If you don’t want to wait for the automatic sync, you can manually sync the time on the client machines by following these steps:
- Remote Desktop into the domain client machine(s).
- Run the following commands:
w32tm /config /syncfromflags:domhier /update net stop w32time net start w32time #Verify the time settings on the client machine using these commands: w32tm /query /status w32tm /query /configuration
4. Conclusion
Accurate time synchronization between machines in an Active Directory domain and the Domain Controller is crucial for ensuring system integrity and security. This issue can be resolved by adjusting the NTP settings on the Domain Controller and ensuring it advertises itself as a reliable time source for client machines.
Using w32tm
commands allows for easy checking and troubleshooting of time synchronization issues in a Windows Server environment.
Read more: