Time Sync Off

The answer is "it depends", VMware disabled Sync with Host with VMware Tools a number of releases ago.... BUT

unless you have also tweaked your VMX configuration, there are circumstances when VMware Tools will SYNC WITH HOST...


In the VMware Tools control panel, the time synchronization checkbox is unselected, but you may experience these symptoms:

When you suspend a virtual machine, the next time you resume that virtual machine it synchronizes the time to adjust it to the host.
Time is resynchronized when you migrate the virtual machine using vMotion, take a snapshot, restore to a snapshot, shrink the virtual disk, or restart the VMware Tools service in the virtual machine (including rebooting the virtual machine).

Source
https://kb.vmware.com/s/article/1189

The above is often forgotten or not none....so please check the following:-

tools.syncTime = "0"
time.synchronize.continue = "0"
time.synchronize.restore = "0"
time.synchronize.resume.disk = "0"
time.synchronize.shrink = "0"
time.synchronize.tools.startup = "0"
time.synchronize.tools.enable = "0"
time.synchronize.resume.host = "0"

Select allOpen in new window

I havnet touched any settings, right now NTP is off on the host and it's 20 mins behind currently.

Can i open a vmx file with a text editor and check?

If you are not syncing time on the host with External Time Source - that is also bad.

Your Windows OS needs to also Sync with External Time Source (same as above).

BUT, if you have no amended those settings above..... in first post, and you do the above, VM will then Sync with Host!

yes, you can check with vi, you can also check using Client, and also modify using the client as well.

If you run w32tm /query /source from the command prompt within that VM, what does it show?

Your PCs should also be getting time from the DC, correct.

DrDave,

On the DC, it says free running system clock

on the workstation, it says the DC

Your domain joined computers should get time from the DC and DC should get it'e time from an external clock, time.nist.gov or whatever

and be careful, your VM does not sync with host, and then your time is out on the VM, before it has a chance to NTP sync!

which in your case it doesn't because it's not setup.

Do not reply on Sync with Host, because they are often out! (even if Host is syncing with Eternal NTP)

So looks like you go some homework to do...

On the DC, it says free running system clock

In my experience, "Free running system clock" typically means that whatever it's configured to sync with couldn't be contacted or isn't responding. Would you mind posting the output of w32tm /query /configuration? It'll show a lot more data. You can obscure anything in the output you don't want public.

DrDave, that is actually is the full output..

I asked for the output of a different command the second time. :)

Are you able to post the output of w32tm /query /configuration? Among other things, it'll show what the DC is configured to sync with (as opposed to w32tm /query /source, which shows the actual time source regardless of configuration). This should give some insight into why it's not synchronizing.

DrDave, see below.

C:\Windows\system32> w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 1800 (Local)
MaxPosPhaseCorrection: 1800 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NT5DS (Local)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)

Yes, the only DC we have.

Nice, any NTP servers you recommend to use for the midwest CST?

There's a large, distributed cluster of NTP servers known as pool.ntp.org. It's a pretty good choice anywhere, in my experience.

Pool.ntp.org and additionally time.nist.gov seems to be good. I would have two

So would this be how i enter them?

0.north-america.pool.ntp.org,0x1 1.north-america.pool.ntp.org,0x1 2.north-america.pool.ntp.org

On the MS link provided, it was this:

"Specify the time sources. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
In the pane on the right, right-click NtpServer, and then select Modify.
In Edit Value, type Peers in the Value data box, and then select OK.

Information icon Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes that you make in step 5 will not take effect.."

Yep, that will work. You can also simply add a single entry named pool.ntp.org,0x1 rather than specifying individual region-specific names.

Ok so just pool.ntp.org,0x1

That exact syntax? Are you sure a comma should be there?

Yep, that exact text. The comma should be there to separate the FQDN from the flag.

If you add multiple names, the list should look like [FQDN1][comma][flag][space][FQDN2][comma][flag][space]...

Commas are used to separate individual names from their corresponding flags, while spaces separate FQDN-flag combinations from each other.

Great! i updated the DC, and it's time updated, how long before workstations and servers get updated?

Also, here is the out put of the command from earlier, is this good?

C:\Windows\system32> w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 1800 (Local)
MaxPosPhaseCorrection: 1800 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NTP (Local)
NtpServer: pool.ntp.org,0x1 (Local)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)

The only possible concern is that the VMICTimeProvider is enabled. This refers to host-guest time sync, meaning that the DC might attempt to get time from the ESXi host rather than pool.ntp.org. If that's disabled in the ESXi host's configuration, though, you're good to go.

Thanks so much DrDave, how would i disiable on esx 6.5?

Also, when would the pc's/server resync with the DC?

I'm afraid I'm not familiar with ESX 6.5 at all. This article may help, but I don't know enough about it to say for sure. If w32tm /query /source on the VM lists pool.ntp.org as the source, there's a good chance it's already disabled.

The PCs and member servers should synchronize with the DC quickly. I don't know exactly how long it will take, but it's typically not more than a minute and is usually less. If a particular machine doesn't appear to be synchronizing, you might want to restart its Windows Time service to nudge it along.