NTP time on 2008 domain controllers is off by 2 minutes fast

Our 2 DCs time is set for the atomic time clock, but the 2 DCs are always running 2 minutes ahead. Our deskphone also use the atomic clock and they are right on with it. So may question is why do the Dcs run 2 minutes fast and how can I resolve this?
By the way, these 2 DCs are VMS running on ESXi 5.1
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I believe the time is determined by the ESXi time and not an atomic clock, just a hunch.
vmichAuthor Commented:
the time on the esxi host are 2 minutes slower than the DCs. That's what I mean the Dcs are running 2 minutes faster for some reason..
Thomas GrassiSystems AdministratorCommented:
run this then post

w32tm /query /configuration

w32tm /resync

w32tm /query /status

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
VMware Tools sync with host should be disabled by default now.
Hmmm ... W32time, the timekeeping service in Windows. I experienced enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.

My recommendation:

Use a Windows port of the classic *ix NTP service on your DC VMs, and sync 'em with NTP time sources from pool.ntp.org. Ensure to disable the time sync features of VMware (to timekeeping services on one clock will cause time chaos). The NTP service software is free. Easy to install and configure, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting.

See my article on NTP basics for the "How To".

The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.

If securtity is an issue, you might as well use local radio controlled clock appliances (see the article for that, too) in your LAN who serve times very reliable and precise.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vmichAuthor Commented:
Ok dumb question...
I think someone made some changes to the time entries in the registry for my second dc. So my question is, what should the registry entries be for time on the dc that is not the NTP?
I need to set this on the other DCs which are not supposed to be the NTP
vmichAuthor Commented:
That would be the registry entry for the w32time section
vmichAuthor Commented:
ntp ext time source
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.