You might have noticed on a domain environment different servers and client having various times and those are not synced to show one correct time.
Some server or clients take time from the CMOS or if its a VM it takes the time from the VM host.
You might thing this is not a serious issue and yes there are no day to day issues popping up due to this and you are not really bothered about this.
But what if you going to configure some services which depend on time and there you have to fix this issue.
For example if you having an exchange server and you not configured time properly when you do a message header analyzer it will show the email got delayed or it arrived before even the sender sent the email.
If we are troubleshooting the above issue its really not related to any server delay but this is due to the fact that the servers which are responsible for the mailflow is not synced and not having the same time.
How are we going to fix this one?
We have have a server to get time updates from an reliable internet source. in our case we are going to use our AD.
You need to open up the below ports
| Client Port(s) | Server Port | Service |
|---|---|---|
| 49152 -65535/UDP | 123/UDP | W32Time |
Let’s set up the AD to get the time from a reliable internet time server.
As you can see my domain controller is syncing time from the VM host which needs to be disabled first.
To do so, right click the virtual machine and select settings. Under management you will find “Integration services” and the “Time Synchronization” tick is checked.
We will uncheck it as the 1st step.
Will go back to out AD and restart the “Windows time service”
Based on your location you can select a reliable time server. since im from Asia im selecting a Asian time server. Time server
server 0.asia.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org server 3.asia.pool.ntp.org
Lets run the command on AD server to get time from the above time servers.
w32tm /config /syncfromflags:manual /manualpeerlist:”0.asia.pool.ntp.org 1.asia.pool.ntp.org 2.asia.pool.ntp.org 3.asia.pool.ntp.org” /reliable:yes /update
Then will stop and start the windows time service.
Net stop w32time
Net start w32time
Now will force sync to get the time from the correct time server.
w32tm /resync /force
Lets check the time source now.
w32tm /query /status
Now as you can see the time is synchronizing from a reliable time source. Now lets push this to the clients and servers.
Lets create a GPO.
To do this, create a new GPO and assign it to the OU with computers. In the GPO Editor go to the following section Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers and enable the policy Configure Windows NTP Client.
Lets run gpupdate/force on the domain controller and on any domain joined client and lets restart the client PC.
The client is now getting time from the domain controller or the server we setup to sync time from the internet.
If the GPO did not apply to the client PC thats a different topic will discuss in another article.
Please let me know if have any queries on below comments.
Thank you
TECHY SUP
https://www.facebook.com/theithelpdesk/
https://www.facebook.com/groups/windows8and10support
