Configuring Windows ( Standalone / Domain Controller) NTP Server Steps

About this Post

Any Active Directory domain needs to be configured with external NTP server to maintain time sync across domain and not to have any issues in domain due to time sync issues. Most of the recent applications are very sensitive with time sync, couple of minutes difference in time sync will cause errors.

Many cases Domain Controllers are built as VM, But sync with host is not disabled. there are cases the domain time is keep changing and causing issues, this can be addressed with below listed tasks.

This post will explain the complete NTP server configuration and some useful commands and registry keys for troubleshooting as well.

How to disable VM time sync with Host

By default any VM built on VMWare or Hyper-V will sync time with Host. So there are chances that even if we sync time with external sources, Host time sync will take precedence.

Below methods will help to disable the time sync. Please note that this needs to be done only for NTP servers not for all the servers which will be joined to domain, Because any machine joined to AD domain will sync with AD.

Domain Controller hosted on VMWare infra:

From VSphere 6.x there is option to disable time sync when we edit the VM settings, But that will do only tools.synctime setting, so recommended to do all parameters listed below manually.

Domain Controller VM – Edit Settings – VM Options – Advanced – Configuration Parameters – Edit Configuration – Add Row (select)

Insert the parameter and value

tools.syncTime = “0”
time.synchronize.continue = “0”
time.synchronize.restore = “0”
time.synchronize.resume.disk = “0”
time.synchronize.shrink = “0”
time.synchronize.tools.startup = “0”
time.synchronize.tools.enable = “0”
time.synchronize.resume.host = “0”

This will completely disable the time sync with the ESXi Host.

Ref Article: https://kb.vmware.com/s/article/1189

Domain Controller hosted on Hyper-V

Run below line of command from Elevated command prompt on DC VM. this will disable from VM leval not at integration services level.

Below REG key will disable the Hyper-V time synchronization provider.

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0

Configuring Standalone or Domain Controller to sync time with external source

In an active directory environment Domain Controller holding PDC emulator will act as NTP server. There will be only one PDC emulator even if we have 100 Domain Controllers in the domain (abc.com).

In case of standalone windows server which is in work group not part of any domain, leave step 1 and follow steps 2-4, everything else stays the same like disable time sync with host and all. Standalone NTP server is used when there is no AD in place, like some environments will have separate networks for hardware management and they need NTP server.

1. Run below command on any Domain joined PC or Domain Controler to find PDC emulator.
netdom /query fsmo

2.Open elevated command prompt on the PDC emulator DC.

w32tm /config /manualpeerlist:“External NTP servers List” /syncfromflags:manual /reliable:yes /update

Example: w32tm.exe /config /manualpeerlist:”uk.pool.ntp.org” /syncfromflags:manual /reliable:yes /update

3.Configuring the NTP source as reliable

w32tm /config /reliable:yes

4. Stop and Stop the windows time service

net stop w32time && net start w32time

update the time on clients from domain

Run below two commands from the domain joined PC / servers to update the time with above configured NTP servers. This can be ran on additional domain controllers as well if required.

w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time

NTP useful commands

Force synchronizing the time with external time sources.
w32tm /resync /nowait

Verify the existing NTP configuration
w32tm /query /configuration

Verify the time sources
w32tm /query /source

Verify NTP peers
w32tm /query /peers

Display the NTP server Sync status
w32tm /query /status

Reset time service settings to default

Run below commands to reset the NTP or Time configuration on a server.

net stop w32time
w32tm /unregister
w32tm /register
net start w32time

Useful Registry values for NTP server settings

1. Key to find the poll interval with external sources.
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\
Reg Key: SpecialPollInterval
Recommended Value: 900
Type: REG_DWORD

2.Key to find the configured External NTP servers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\
Reg Key: NtpServer
Recommended Value:
pool.ntp.org,0x1
pool.ntp.org,0x1
pool.ntp.org,0x1
Type: REG_SZ

this key will be set when w32tm /config “/manualpeerlist: command is executed

3.Key to find the time source
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\
Reg Key:Type
Recommended Value: NTP
Type: REG_SZ

Siva Sankar

Siva Sankar works as Solution Architect in Abu Dhabi with primary focus on SDDC, Mobility, Virtualization, VDI, HCI and Network Virtualization products from VMWare, Citrix and Microsoft.

Leave a Reply

Your email address will not be published. Required fields are marked *

Show Buttons
Hide Buttons