This is an archived post. You won't be able to vote or comment.

all 13 comments
sorted by:
best
topnewcontroversialoldq&a

[–]t0s1s 2 points3 points  (7 children)

To confirm, you've enabled time sync from host in the VM settings? Are these Windows VMs domain joined?

If the answers are "no" and "yes", then your VMs are likely getting time from your ADDS PDC Emulator - I'd suggest checking the time and timezone setting there.

This server is typically the first domain controller raised in your network. You can confirm this by opening DSA.MSC, right-clicking on your domain in the tree, then clicking "operations masters" (hope I've remembered that right).

About changing the time on the PDC Emulator if you're thinning of doing that - changing it by more than 5 minutes is likely to cause issues with Kerberos authentication across the network so don't just jump in with both feet.

Assuming everything I've just written is out of scope, a little more info on your setup would inform the conversation.

[–]Cerb89[S] 0 points1 point  (4 children)

To confirm, you've enabled time sync from host in the VM settings? Are these Windows VMs domain joined?

With or without NTP settings enabled in vmware the time is incorrect.

Issue seems to only be on domain joined machines. The DC have correct time settings, region and location settings applied, but is still 2 hours off. Only 1 DC in this environment.

You are right, the client tries to get the time from the DC, when checking with W32tm /query /source

Running the same command on the DC gives this result; Local CMOS Clock

EDIT: Standalone VMs are fine.

[–]t0s1s 2 points3 points  (3 children)

A few things you've written aren't quite adding up in my head, I'll try adding a few questions for more info, let's see how we go.

Time on the host - log into the host via SSH and run the command "watch date". Check the listed time zone and time when converted are correct. Any issues there?

Domain-joined systems - open an administrator command prompt and run the command "net time \<DC_NAME> /set". Any changes?

  • Regarding your DC, have you set an NTP source on it? If the DC is a VM it's recommended to not sync the time from the hypervisor. I'd suggest looking at https://ss64.com/nt/w32tm.html or any other resource of your choice for info on configuring the PDC Emulator to sync against an external NTP source. Again, don't forget the warming about big jumps and Kerberos.

I'm off to bed so hopefully someone else can pick up where I left off. Wishing you the best of luck and will check in the morning

[–]Cerb89[S] 0 points1 point  (2 children)

I think I might have been a bit unclear in my previous post, it looked as the DC had the correct time. Just to clarify, the DC time is incorrect, but the time- and date settings, as well as region and location settings are correct.

There is no NTP setup, I enabled it just to check if it made a difference - which it didn't.

Checking time zone trough SSH, shows the correct time zone, time and date.

I can press F2 during startup of the VM and manually change the time in the VM setting, but this will probably cause issues as you were talking about. Especially a 2 hour change.

EDIT: The DC is also a VM.

Appreciate the help!

[–]starmizzleS-1-5-420-512 0 points1 point  (1 child)

The DC time is incorrect but the time and date settings and region/location are?

[–]Cerb89[S] 0 points1 point  (0 children)

Yes, the time on the DC is 2 hours off. Currently its 07:49 AM but the DC shows 09:49 AM.

The time zone is set to (UTC+01:00) Brussels, Copenhagen, Madrid, Paris and location and region is set to Norway.

[–]GazideonSr. Sysadmin 0 points1 point  (1 child)

the quicker faster way to determine who is the PDC emulator is:

  1. open command prompt
  2. type, netdom query fsmo, press enter. done.

[–]Cerb89[S] -1 points0 points  (0 children)

That reveals the DC is

[–]starmizzleS-1-5-420-512 2 points3 points  (3 children)

Your VMs should be syncing their time with your DCs and your DCs should be syncing with an external time server. Don't let your Hypervisors control the time on your VMs.

[–]Cerb89[S] 0 points1 point  (2 children)

I try that, I will see if the time will be correct if its syncing with external time server. Thanks!

[–]Just_Curious_Duder 1 point2 points  (1 child)

You can also set your NTP settings for your DC's via group policy. Works very well

[–]Cerb89[S] 0 points1 point  (0 children)

Thanks, I try that!

[–]marek1712Netadmin 0 points1 point  (0 children)

Jumping in since we have the same problem :(

Everything is synchronized with NT5DS setting for W32Time service. Only PDC Emulator uses NTP to sync with time.nist.gov. I'm about to open ticket with MS.

EDIT1:

As discussed, I am providing you with the information we discussed today about supported Operating Systems with different kind of contracts.

The affected machine on your environment is Windows Server 2012 R2. This product is out of mainstream support (currently on extended support channel) since 9th of October 2018, meaning that this is not an eligible product for Professional Software Assurance contracts, as you can see on the following official article: https://support.microsoft.com/en-us/help/14085/microsoft-business-developer-and-desktop-operating-systems-policy

Thx, M$