Synchronizing the time on Domain Controller running on Hyper-V
I started noticing recently, that my computers aren't showing the correct time. My home office setup is not the most complex one in the world, but then again, I'm no infrastructure expert. I have a server, running Windows Server 2012 (RC) on top of which I have a domain controller (on a Windows Server 2008 r2) and sort of a deployment server, running Windows Deployment Services, a database, and some infrastructure stuff I need. On my main workhorse I have Windows 7 installed, and a few virtual machines running in VMWare. On my MacBook Air, I am running Mac OS X (Mountain Lion, as of yesterday) which is not part of the domain, but also several virtual machines with Windows (7 and 2008 r2) that I need for development. These are a part of the domain. And all of the Windows installations that are a part of the domain started showing time about 5 minutes early.
The first possible solution that comes to mind (on a single machine) is to set the Internet time option (present since forever in Windows), but there are a few problems with that. One being, obviously, I have too many machines to even want to deal with clicking something on each machine (and that's why I set up a domain anyway). So, the next step is to figure out how the domain controller was configured and reconfigure it. The support article from Microsoft on this topic was helpful, as was the Time Server list.
It turns out that the proper command to run is:
w32tm /config /manualpeerlist:"time.windows.com" /syncfromflags:manual /reliable:yes /update
So I ran it on the domain controller, followed immediately by:
net stop w32time
net start w32time
w32tm /resync
Which changed the clock to the proper time, but about 5 seconds later the clock was changed to being set incorrectly. My response after trying that was something like:
After I got over my initial excitement, I started Googling, and found an awesome blog post by Virtual PC Guy - his blog posts have been crucial in setting up my Hyper V environment just right when preparing for the domain controller and so on... The blog post was talking about Time Synchronization in Hype V. I tried (partially) disabling the integration services that handle the time sync, but to no luck. And then, an idea. I queried the Hyper-V host on the source and low and behold, it was the domain controller. I have the Hyper-V joined into a domain because it makes it easier to manage. Yes, I know. Yes, I plan on deploying a Read-only domain controller to it, but when I get to it :). So I ran the above commands on the host and voilà, the time was correct and synced back to the domain controller. Success!
What did I learn? Hyper-V makes some things easier, but it makes some things harder - and it means that some of the solutions that we consider obvious, need to be rethought and applied to a virtualized environment.