Casey Weaver
asked on
Setting domain time on a Hyper-V 2012R2 environment
I'm trying to see what I'm missing here, but every time I try to get domain time synchronized with an internet clock, something seems to screw it up. So I need to know the steps of what to check to ensure that in this environment, a DC is the authoritative time server and that everything listens to it.
3 Hyper-V 2012 R2 hosts
2 Server 2012R2 domain controllers, one on host 1, the other on host 2
I need to make sure that DC1 is set up as the authoritative time server using an internet source (I don't care what it is, as long as it's reliable, so please recommend one), that it's not listening to host time, that nothing else is listening to host time, and that every domain joined system on the network listens to time from DC1. DC1 and DC2 both have Time services disabled. If it matters, their domain is currently 8 minutes behind.
Thanks!
3 Hyper-V 2012 R2 hosts
2 Server 2012R2 domain controllers, one on host 1, the other on host 2
I need to make sure that DC1 is set up as the authoritative time server using an internet source (I don't care what it is, as long as it's reliable, so please recommend one), that it's not listening to host time, that nothing else is listening to host time, and that every domain joined system on the network listens to time from DC1. DC1 and DC2 both have Time services disabled. If it matters, their domain is currently 8 minutes behind.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I suggest that you follow the Microsoft TechNet to ensure all sets are correct. You also need to make sure that your firewall is allowing port 123 to your DC from the outside time source. If this is not setup on your firewall it will not get the time, even if the server is configured correctly.
https://support.microsoft.com/en-us/kb/816042
Will.
https://support.microsoft.com/en-us/kb/816042
Will.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've followed some advice here and it looks like it's working properly for now. I'll wait a day and make sure after the servers have all their monthly maintenance updates tonight, and then assign points.
Thanks guys!
Thanks guys!
We have a blog for skew too: Preparing a VM for high time skew.
In single server setting we use the Hyper-V host as a time source so we don't see KoD packets from NTP.org. In a cluster setting we always deploy a physical DC to act as PDCe and time source for the domain.
In single server setting we use the Hyper-V host as a time source so we don't see KoD packets from NTP.org. In a cluster setting we always deploy a physical DC to act as PDCe and time source for the domain.
ASKER
I have accepted two comments because the two together made the best solution. The blog post was what I was looking for, a well laid out step by step process to achieve the goal. The comment on using the Hyper-V host and overriding the domain hierarchy was the second vital piece. We had a 6 minute skew within 24 hours with the VM. Using one of the hosts was the solution. Using a physical DC wasn't an option, we banished all other servers from our virtual environment a few years ago.
Thank you all!
Thank you all!
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:"time-a.ni
w32tm /config /reliable:yes
net start w32time
If the root DC is a VM then ensure to configure in your virtualization environment to not synchronize time with host server.