Windows time services ensure that your entire server and clients in an organization that are running the Microsoft operating system use a common and the correct time. The domain controller holding the primary domain controller (PDC) emulator role (in the forest root domain) is considered the default authoritative time source for the whole forest. Only this specific domain controller should have an external time source set. Check whether the server you are configuring NTP provider is a PDC emulator (FSMO Role) To check that run below command. This will provide you a list of fsmo role holders.
netdom query fsmo
Log on to the server and follow below steps to configure the server to update its time with an external time source. If your domain server is a Virtual Machine make sure to remove its time synchronization settings from syncing with the guest operating system.
To do this on VMWare ESX go to Virtual Machine Properties -> Options, remove Synchronize guest time with host setting.
On Hyper-V go to the Virtual Machine settings and remove Time Synchronization settings from Integration Services.
Note: Make sure that port 135 (UDP) is in a listening status and not blocked by any Firewall.
You can use below command to get the current NTP Source.
w32tm /query /source
Below command will set the time source as time.windows.com
w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update
Run w32tm /config /update
Restart w32time service.
Restart-Service w32time
Execute below command to get the peer list.
w32tm /query /peers
Let’s check the NTP Source again.. As shown in below screenshot NTP source is changed to time.windows.com.
w32tm /query /source
If you want to add multiple NTP servers type below command, separate NTP servers by a space.
w32tm /config /manualpeerlist:”0.us.pool.ntp.org time.windows.com” /syncfromflags:manual /reliable:yes /update
Check peer list again.
w32tm /query /peers
Run below command to manual sync the time with the assigned NTP server.
w32tm /resync /rediscover
Use below command to view the NTP configuration.
w32tm /query /configuration
You can verify the NTP server settings by viewing below registry entries. The value of Type should be “NTP“
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
You can also check this by running below command.
w32tm /query /configuration | Select-String ‘type’
Check the event viewer System Event ID 35 (Time-Service)
Revert back to normal Settings
If you want to revert the time server computer back as a normal member run below command.
w32tm.exe /config /syncfromflags:Domhier /reliable:NO /update
Restart the service and check the source.
Restart-Service w32time
w32tm /query /source
See the registry value.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Optional Commands
For completely remove all time settings from the registry run below command:
w32tm /unregister
For re-create the registry settings run below command:
w32tm /register
Leave a Reply