I ran into a recurring issue in one of the data centers I help administer.
For some reason the hypervisor was overriding the Windows Time domain hierarchy by setting it to sync with the local CMOS instead of the Primary Domain Controller… Every reboot resulted in it being reset to UTC time. The VM option to sync with the host wasn’t enabled (or not easily changeable with this particular hypervisor).
Anyways, I hope this is finally put to bed.
These are the commands I used the most for troubleshooting:
w32tm /query /peers
w32tm /query /status
w32tm /query /configuration
w32tm /query /source
I configured the PDC to sync to external sources and made sure it was set to be a reliable source.
Example NTP peer list for a PDC:
w32tm /config /manualpeerlist:”0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org” /syncfromflags:manual /reliable:YES /update
w32tm /config /update
Restart the Windows Time service
Verify it is syncing using the commands above
Set the other domain controllers to use the domain hierarchy:
w32tm /config /syncfromflags:domhier /update
restart the Windows Time service
If you have the above properly configure and they still are not syncing via NT5DS domain hierarchy (like in my situation), you can wave the red flag and force it via GPO:
Computer Configuration \ Policies \ Admin Templates \ System \ Windows Time Service \ Time Providers \ Configure Windows NTP Client
NtpServer: enter your domain controllers (DC1,0x9 DC2,0x9) separating each one with a space
Link this GPO to the OUs containing your Workstations, Servers, etc. Just don’t link it to your Domain Controllers OU so they use the the configurations we used above. You can even create a GPO for the Domain Controllers if you so desire, but I won’t get into that here.
After performing the above, the Time on the servers started behaving they way you would expect on a Windows domain. Hopefully this helps someone else.
An honorable mention that I found along the way:
Reg key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation
This allowed the time and timezone to persist between reboots, but we were still syncing time with the CMOS. We wanted to sync with our domain controllers. If your goal is to sync with the BIOS of the physical host and have your time changes persist between power cycling, this is for you.