I have a performance lab running behind a firewall, so none of the machines in the lab has internet access. All machines in the lab are part of a domain with the domain controller also present inside the lab. The problem is that some server's time are drifting heavily.
Some background info:
The DC is Win Server 2K3 Enterprise SP2.
- 9 machines are running Server 2K3 Standard. (These are all within 1 minute, so not a
problem) - 3 machines are Win Server 2K8 R2 Standard (These are
Physical Servers) – (These vary by between 1 and 6 minutes and never
sync up again) - 6 Machines are Win Server 2K8 R2 Core (These are Hyper-V hosts) (Some also Vary)
- On those 6 machines we host 1 instance of Win 2K8 R2 Standard on each.(These vary by between 1 and 6 minutes and never sync up again)
- 1 machine running win 2K8 R2 Enterprise
acting as the SCVMM.(6 minutes out and never sync up again)
From the above, it seems the issue is with the 2008 servers.
I found the following:
How to configure an authoritative time server in Windows Server [to use an internal hardware clock]
http://support.microsoft.com/kb/816042
From here I have installed "Microsoft Fix it 50394" on PT-DC01 (The domain controller)
I also found:
How to configure an authoritative time server in Windows Server
http://support.microsoft.com/kb/816042
From here I have installed "Microsoft Fix it 50395" on SSVMM (A Server in the environment) with the following settings:
- NtpServer: pt-dc01.pt.local,0x1
- SpecialPollInterval: 900 (15 minutes*)
- MaxPosPhaseCorrection: 3600 (1 Hour*)
- MaxNegPhaseCorrection: 3600 (1 Hour*)
* Excluding anything in brackets obviously.
I’ve also restarted the Windows Time Service on both servers. I’ve done only these two servers to prove that it works first. The problem is that it doesn’t seem to: At time of writing SSVMM’s time was 12:10 and PT-DC01’s time was 12:04.
I checked in the registry and none of these values have changed so I manually updated the NtpServer and also left the MaxPosPhaseCorrection and MaxNegPhaseCorrection at 0xffffffff which means they will always update.
Restarting the servers had no effect.
c:\>w32tm /resync /nowait
had no effect
I also ran the following commands from http://www.zimbio.com/open+source+consulting/articles/193/Troubleshooting+w32tm+issues
w32tm /config /manualpeerlist:"pt-dc01.pt.local",0×1 /syncfromflags:MANUAL
w32tm /config /update
net stop w32time
net start w32time
w32tm /resync /nowait
pause
Also with no effect. I also tried it with 0x8 instead of 0x1 in the first line.
Any help would be much appreciated.
Best Answer
All domain members should automatically sync their time with the domain controller that they authenticated against last. Those DCs will, in turn, sync from the DC with the PDC Emulator role on it. There's no need to get crazy with configuring this unless you have a real reason to. It's all default settings.