ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Proper AD PDC Time confirguration in Hyper-V?

    Scheduled Pinned Locked Moved IT Discussion
    14 Posts 5 Posters 817 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dave_c @travisdh1
      last edited by

      @travisdh1
      Thank you. I did that initially and it doesn't work.
      I am trying to update the GPO for the PDC emulator

      travisdh1T 1 Reply Last reply Reply Quote 0
      • travisdh1T
        travisdh1 @dave_c
        last edited by

        @dave_c said in Proper AD PDC Time confirguration in Hyper-V?:

        @travisdh1
        Thank you. I did that initially and it doesn't work.
        I am trying to update the GPO for the PDC emulator

        Ah, that one I don't know. Good luck, and let us know if you figure it out!

        1 Reply Last reply Reply Quote 0
        • D
          dave_c
          last edited by

          I tried to force the external TIme source by GPO following http://www.sysadminlab.net/windows/configuring-ntp-on-windows-using-gpo
          Same result, PDC is still using Local CMOS Clock. I will try again tomorrow and report back.

          1 Reply Last reply Reply Quote 0
          • T
            taurex
            last edited by taurex

            You should disable time sync in the Hyper-V integration services on all your DC VMs but make sure your Hyper-V host is syncronising its time with the same external source. When your VMs are restarting they can only fall back to the hypervisor's time since there is no real CMOS for obvious reasons.

            Check if UDP port 123 is not blocked by the VM's Windows firewall, on your network or by your ISP.

            D 2 Replies Last reply Reply Quote 1
            • D
              dave_c @taurex
              last edited by

              @taurex
              Thank you, I will try and report back.
              I tried with Hyper-V time sync enabled (per Veeam instructions linked in OP) and disabled (as everyone else recommends); none worked. Actually, Veeam's recommendation kind of makes sense.

              I never considered that the host should be synchronized with the same external source. That is because the host is AD joined and the general recommendation is to have all AD joined computers/server to sync with PDC emulator.

              KellyK 1 Reply Last reply Reply Quote 0
              • D
                dave_c @taurex
                last edited by

                @taurex
                It didn't work. This is a new client we are taking over, and it might be a problem with a current GPO. I will do lab tests before trying again on the client's servers.

                @all
                Thanks, I will report back in case I find anything useful

                1 Reply Last reply Reply Quote 0
                • KellyK
                  Kelly @dave_c
                  last edited by

                  @dave_c said in Proper AD PDC Time confirguration in Hyper-V?:

                  @taurex
                  Thank you, I will try and report back.
                  I tried with Hyper-V time sync enabled (per Veeam instructions linked in OP) and disabled (as everyone else recommends); none worked. Actually, Veeam's recommendation kind of makes sense.

                  I never considered that the host should be synchronized with the same external source. That is because the host is AD joined and the general recommendation is to have all AD joined computers/server to sync with PDC emulator.

                  The problem with this is that you can end up in a loop where time can drift uncontrollably. Since the PDCe is syncing to the host and the host is syncing to the PDCe you have nothing authoritative handling time externally and keeping it consistent. That is why most recommend disabling host synchronization for your DCs.

                  D 1 Reply Last reply Reply Quote 0
                  • D
                    dave_c @Kelly
                    last edited by

                    @Kelly
                    That makes sense.
                    Veeam recomends enabling it and using the registry to disable it once the system has booted.

                    1 Reply Last reply Reply Quote 0
                    • 1
                      1337
                      last edited by 1337

                      Keep in mind that anything you read regarding 2012 Server or older is not relevant for 2016 (or newer).

                      Windows has historically been worthless at keeping accurate time and the win32 time service was just designed to keep time accurate time within a few minutes. With 2016 Microsoft made an effort to correct this.

                      Here is the basic info for Windows 2016 Server.
                      https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/accurate-time

                      There are several ways to set things up depending on what you need.

                      D T 2 Replies Last reply Reply Quote 0
                      • D
                        dave_c @1337
                        last edited by

                        @Pete-S
                        I will read that carefully, but what I see indicates that the PDC VM has to synchronize with the host and the host needs to use the external clock.
                        Thank you for the info.

                        1 1 Reply Last reply Reply Quote 0
                        • 1
                          1337 @dave_c
                          last edited by 1337

                          @dave_c said in Proper AD PDC Time confirguration in Hyper-V?:

                          @Pete-S
                          I will read that carefully, but what I see indicates that the PDC VM has to synchronize with the host and the host needs to use the external clock.
                          Thank you for the info.

                          No probs. Don't forget to check out the video as well for an executive summary. It's time well spent.

                          https://channel9.msdn.com/Blogs/windowsserver/Time-Improvements-in-Windows-Server-2016/player

                          Also external clock, as in hardware clocks like GPS or local stratum-1 ntp server, is only needed for accurate time services. Most people don't need that kind of accuracy. So in order of reliability and accuracy:

                          • local hardware or local ntp time servers (stratum-1)
                          • known reliable ntp servers with few hops (stratum-1)
                          • ntp pool servers (stratum-1 to 3)

                          I would look at option number two if a local time server is not needed. Find locally placed stratum-1 ntp servers, for instance from NIST (if you're in the US) and sync your Hyper-V hosts or firewall /router against those.

                          NTP pool are basically random servers of unknown accuracy on the net running ntpd. A lot of them aren't monitored in any way and network availability can be anything from great to spotty.

                          1 Reply Last reply Reply Quote 0
                          • T
                            taurex @1337
                            last edited by

                            @Pete-S Good to know. Thanks for the link.

                            1 Reply Last reply Reply Quote 0
                            • 1 / 1
                            • First post
                              Last post