Time sync on Azure VM, detach from host to External NTP sources?

Question

Hi, I have two questions:
Is it possible to really detach the VM guest from synchronizing the time with the Azure host?

I have read both the Linux and the windows pages about time sync, and I have experimented with Azure VMs in Azure portal sandbox

in Linux VM, The time synchronization can be "sort of" detached and set to external NTP, or hold its independent time, but every reboot of the VM the time will initially synchronize with the host, and then after a while re-synchronize with the configured NTP.

while on windows VM ( at least win10 VM)
even if I disable the "VMICTimeSync" in the registry, as soon as I change the time it will automatically sync with the host.

-- I have also tried this script:

az vm extension set --name VMAccessAgent --publisher Microsoft.Compute --resource-group 'myResourceGroup' --vm-name 'myVMName' --version 2.4 --settings "{'TimeSync':'false'}"

It fails on Linux VM, it succeeds on Windows VM, but changes nothing in the VMs behavior.

Is there a way for me to toggle off the VM time synchronization between host and guest?

2- Are the Azure NTP sources public? (the NTPs that all the hosts sync with)
Can I have their IP addresses so it will possible for me to poll the NTP sources directly from the VM ? (via standard udp packet for time protocol)

Thank you in advance.

Answer 1

There are three options for configuring time sync for your Windows VMs hosted in Azure:

• Host time and time.windows.com. This is the default configuration used in Azure Marketplace images.
• Host-only.
• Use another, external time server with or without using host time. For this option follow the Time mechanism for Active Directory Windows Virtual Machines in Azure guide.

The Azure hosts themselves, are probably tied to an internal clock, as part of internal switches or firewalls, although the information isn't public, but are set the same across the globe with UTC.

Note the registry keys and GPO config, even for PCs not in a domain, you can edit the local policy using gpedit.msc as well.

VMICTimeProvider is the key registry item here.

Answer 2

To ensure accurate time synchronization for an Azure Virtual Machine (VM), you can detach it from the host's time synchronization, which is often controlled by the host's Hyper-V integration services, and instead, configure the VM to sync its time with external NTP (Network Time Protocol) sources. This is important for maintaining precise timekeeping within the VM, which can be crucial for various applications, security protocols, and compliance requirements. By syncing with reliable NTP servers, the VM can maintain accurate time even in a cloud environment, helping you ensure the integrity and consistency of your system's time settings.