Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
COURSE of the MONTH
13 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Disable Time Sync on Windows server on Domain
Posted on 2016-07-27
I have a supplier of software who wants to test some date related functions within MS SQL2008R2
Their stored procedures use GETDATE() and GETUTCDATE() to get the date, which reads from the underlying Windows 2012 server with MSSQL.
Their solution is to change the system date on the SQL server whenever they want to do their testing of date functions.
However, the Active Directory, quite rightly, changes the system time back to the correct PDC emulator time within 10-20 minutes.
Ive tried moving the AD object into a Test OU and block all Group Policy inheritence to ensure it isnt a GPO that is changing the time
Is there anyway, apart from dropping the server off the domain, that I can stop the Windows 2012 server from syncing its time from the Active Directory?
The server needs to remain on the domain for other parts of the software testing.
Their stored procedures use GETDATE() and GETUTCDATE() to get the date, which reads from the underlying Windows 2012 server with MSSQL.
Their solution is to change the system date on the SQL server whenever they want to do their testing of date functions.
However, the Active Directory, quite rightly, changes the system time back to the correct PDC emulator time within 10-20 minutes.
Ive tried moving the AD object into a Test OU and block all Group Policy inheritence to ensure it isnt a GPO that is changing the time
Is there anyway, apart from dropping the server off the domain, that I can stop the Windows 2012 server from syncing its time from the Active Directory?
The server needs to remain on the domain for other parts of the software testing.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2
- +1
8 Comments
Active 7 days ago
Kerberos, which AD uses, will break within 5 minutes or so of time discrepancy (default value, you can change to other than 5 minutes)
So, if you don't need any kind of authentication or security tokens, you might be able to get away with doing this.
A registry change to make the server use itself as a time source would probably work (but remember to keep in mind my first 2 statements)
So, if you don't need any kind of authentication or security tokens, you might be able to get away with doing this.
A registry change to make the server use itself as a time source would probably work (but remember to keep in mind my first 2 statements)
Hi Kaffiend,
I understand that we will break the ability to login with a domain account while the time is incorrect.
The idea is that just during the testing, the date is changed.
They DO NOT log out of the machine while the date is incorrect.
They change it back to correct time before they logout
A reboot or logging in with a local account to re-adjust the time will allow domain accounts to log back in, if they forget to change it or get booted off for some reason.
What would the registry change be to set the server as its own time source?
I understand that we will break the ability to login with a domain account while the time is incorrect.
The idea is that just during the testing, the date is changed.
They DO NOT log out of the machine while the date is incorrect.
They change it back to correct time before they logout
A reboot or logging in with a local account to re-adjust the time will allow domain accounts to log back in, if they forget to change it or get booted off for some reason.
What would the registry change be to set the server as its own time source?
Active 7 days ago
Sorry I don't remember what the change is. It's in notes that I have kept through the years but it's at home and thus, not handy : (
This article (even easier than regedit) will help you achieve the same thing:
https://technet.microsoft.com/en-us/library/cc757721(v=ws.10).aspx
This article (even easier than regedit) will help you achieve the same thing:
https://technet.microsoft.com/en-us/library/cc757721(v=ws.10).aspx
Active today
Go to CMD, run the following:
That will set the w32tm service to stop syncing. Running this will return it to normal:
w32tm /config /syncfromflags:no /update
That will set the w32tm service to stop syncing. Running this will return it to normal:
w32tm /config /syncfromflags:domhier /update
Active today
You will not want to reconfigure the time service for that; that change is permanent, so if for whatever reason the change isn't undone, a reboot won't cure the problem.
If they continue with that, it's best to just stop (and I mean "Stop", not set to "Disabled") the time service, either with services.msc (Windows Time), or in an elevated command prompt or Powershell: net.exe stop W32Time.
That said, instead of changing the system time, they should consider using a wrapper function to get the time, and set the wrapper function to either return the true time or an offset time based on whatever debugging arguments they need.
If they continue with that, it's best to just stop (and I mean "Stop", not set to "Disabled") the time service, either with services.msc (Windows Time), or in an elevated command prompt or Powershell: net.exe stop W32Time.
That said, instead of changing the system time, they should consider using a wrapper function to get the time, and set the wrapper function to either return the true time or an offset time based on whatever debugging arguments they need.
Hi all
Thanks for the help.
@oBdA - A reboot does fix the time when ive reconfigured the syncfromflag.
Maybe its a group policy we have, but a reboot resets the time to the correct time
But, stopping the service also works.
@acbrown2010 - Thanks, w32tm /config /syncfromflags:no /update worked fine for me.
@kaffiend - thanks for pointing me in the right direction to look it up myself. Teach a man to fish etc...
Thanks for the help.
@oBdA - A reboot does fix the time when ive reconfigured the syncfromflag.
Maybe its a group policy we have, but a reboot resets the time to the correct time
But, stopping the service also works.
@acbrown2010 - Thanks, w32tm /config /syncfromflags:no /update worked fine for me.
@kaffiend - thanks for pointing me in the right direction to look it up myself. Teach a man to fish etc...
Featured Post
Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
- Windows 10
- Microsoft Legacy OS
- Windows 8
- Windows OS
- Windows 7
- Windows Vista, Windows XP, Windows 2000, *Windows Explorer, *Internet Explorer (IE)
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month13 days, 15 hours left to enroll
801 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.