Typically in Active Directory Based Environment – Primary Domain Controller (PDC) will be the master for Time and all other domain joined machines will receive time from the master.
Login to Primary Domain Controller (PDC) which holds PDC Emulator Role – In my Case its an Windows Server 2012 R2 or above.
To Find who is holding the PDC Role – Login to Active Directory –
netdom query fsmo
To Set NTP on a Isolated network – (Same Process Applies on a network with Internet Connectivity just the NTP IP differs)
Setting 10.10.10.10 as my NTP Source for my primary Domain Controller
Open PowerShell Run as Administrator
w32tm /config /manualpeerlist:"10.10.10.10",0x8 /syncfromflags:manual /reliable:yes /update
Get-Service W32time | Restart-Service
Note : UDP Port 123 Should be open
Verify Time Source Applied Properly –
w32tm /query /source
To Resync Time with the NTP –
w32tm /resync
To Check Clock Type –
w32tm /query /peers
Verify NTP is ok and we can receive time from NTP
w32tm /stripchart /computer:10.10.10.10 /dataonly
For Debugging NTP w32tm
w32tm /debug /enable /file:Deb.log /entries:300 /size:100
W32tm Registry Location –
HKLM\System\CurrentControlSet\Services\w32time\Parameters
Had to use a Custom NTP Appliance from Master Clock which acts as an NTP in a isolated Environment.
Download Win discovery from Master Clock Site.
Enter Global Password – Default public
Exit Win discovery Open it again.
Discover – Enter Network Configuration for Static IP
Administrative Actions – Set Password
Save it.
Enter Global Password – Save it . Close – Re open
Discover
exit – reopen – discover again.
Enable – NTP Server
Uncheck – Set NTP Alarm flag when not locked to a reference on Free running clocks like NTP 100
For Cisco Routers MD5 has to be enabled
Trusted Allowed – Enter keyword all lower case to be easier.
Enable MD5 authentication for Client Request
— Ignore Request if not Authenticated – Leave it checked as PDC is using the same master clock
Set Time Zone / Time offset
In my case UTC +4
Now Set the Time on UTC
Note you have to set the time always in UTC (Google Current UTC Time with Seconds)
SSH Enabled by Default – Add user name password. Easy to Change time / Reboot Appliance
ssh
username – public
password – publicpass
? – list all commands
Options – ssh ?
Known Issues –
- VMware Machine keeps saying Local CMOS Clock
As a Recommended Practice – Apply https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1189
tools.syncTime = "FALSE" time.synchronize.continue = "FALSE" time.synchronize.restore = "FALSE" time.synchronize.resume.disk = "FALSE" time.synchronize.shrink = "FALSE" time.synchronize.tools.startup = "FALSE" time.synchronize.tools.enable = "FALSE" time.synchronize.resume.host = "FALSE"
Check 1 – Synchronize Guest time with Host is unchecked
Check 2 – Verify UDP 123 Port is Open on Windows Firewall and you can query the time using strip chart command
w32tm /stripchart /computer:10.10.10.10 /dataonly
Check 3 – Configuring another NTP and Check Status Changes , It Could be NTP not giving the time in a proper way So that Windows Server puts back to default Local CMOS Clock
Check Event Viewer
Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 4/17/2017 5:11:22 PM
Event ID: 47
Task Category: None
Level: Warning
Keywords:
User: LOCAL SERVICE
Computer: DS002
Description:
Time Provider NtpClient: No valid response has been received from manually configured peer 10.10.10.10,8 after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.
 will be the master for Time and all other domain joined machines will receive time from the master.Login to Primary Domain Controller (PDC) which holds PDC Emulator Role – In my Case its an Windows Server 2012 R2 or above.){kind=link}