Windows time service source does not change to DC from "Local CMOS Clock"

Aleksandr 0 Reputation points


I'm experience an issue with Windows Time service on selected domain joined workstations.

All workstations are configured to sync time from Domain controllers - NT5DS

However selected group of devices which physically located in the same network segment showing CMOS clock as main time source.

Unregister W32tm service and re-configure with "w32tm /config /syncfromflags:DOMHIER /update" does not take any affect.

We also do not have any policies for these settings which might interfere.

Looking at W32time service logs I have these alert:


So it looks like device cannot get proper time source peer list from DC.

This was already tested without local Firewall

Does anybody encountered with similar problems ?

Many thanks in advance!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,827 questions
Windows 10 Setup
Windows 10 Setup
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Setup: The procedures involved in preparing a software program or application to operate within a computer or mobile device.
1,899 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Dave Patrick 426K Reputation points MVP

    I'd check that the domain controller and problem member both have the static ip address of DC listed for DNS and no others such as router or public DNS, also check that both got the domain network firewall profile.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  2. Daisy Zhou 18,701 Reputation points Microsoft Vendor

    Hello Aleksandr,

    Thank you for posting in Q&A forum.

    Based on the description, I understand the issue occurs on some of the workstations.

    Please check:

    1.If these workstations with the issue are physical machine or virtual machines. If they/some of the problematic workstations are virtual machines, we may need to disable Time Synchronization on Virtual platform.

    2.We need to check if port 123 is open. on these problematic workstations. The Windows Time service follows the Network Time Protocol (NTP) specification, which requires the use of UDP port 123 for all time synchronization. Whenever the computer synchronizes its clock or provides time to another computer, it happens over UDP port 123.

    3.On one problematic workstation, check the following registry values.

    Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

    Key Name: Type

    Type: REG_SZ(String Value)

    Data: NT5DS

    Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

    Key Name: AnnounceFlags

    Type: REG_DWORD (DWORD Value )

    Data: 0xa

    4.Check other AD ports that should open on both DC and workstation.

    Active Directory and Active Directory Domain Services Port Requirements

    Active Directory Replication over Firewalls

    Hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  3. Aleksandr 0 Reputation points

    Hello Daisy,

    I can confirm required registries are in place.

    Configuration itself looks ok on affected machines:


    After enabling verbose logging for time service I can see that it looks like client cannot get peer list so it cannot open socket to DC from where it can sync time.

    I also tested with disabled local Firewall so ports definitely not a problem here:


    0 comments No comments