Client computers are not synced to virtual domain controller time

Question

Hi everyone,

This issue has been driving me a little crazy over the last week. We have 60+ clients whose times are not synced with our virtual domain controllers time. We have 2 virtual DC's, the PDC time is synced with the esxi host and the secondary DC time is synced to the PDC. Some clients are off about 2-3 minutes while other clients are off about 6-7 minutes, the clients are also a mix of windows 10 and windows 11. I have tried commands like w32tm /resync, w32tm /resync /force, w32tm /resync /rediscover, and a gpupdate /force from the DC's but cannot get the clients to fully sync with the DC. We have not made any time setting changes that I am aware of to cause this offset. Is there another command I can try that syncs the time between the DC and the clients? What am I missing? Any advice is appreciated. Thank you.

Answer 1

Did you check udp 123 port..? time sync happens through UDP 123 port.

Answer 2

Hello Joey Belarde,

Thank you for posting in Microsoft Community forum.

If the time synchronization has been working well in the past, but the issue suddenly occurs?

If so, have you made any change recently?

Based on the description, the PDC is a VM in the esxi.

You can check the registry setting on PDC and other machines.

===PDC===

HLM\SYSTEM\CurrentControlSet\services\w32time\TimeProviders\VMICTimeProvider

Name: Enabled

Type: REG_DWORD

Data:0

Only the PDC is VM, you should set the first entry.

Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

Key Name: AnnounceFlags

Type: REG_DWORD (DWORD Value )

Data: 0x5

Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

Key Name: Type

Type: REG_SZ(String Value)

Data: NTP

Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

Key Name: NtpServer

Type: REG_SZ(String Value)

Data: Peers  （time.windows.com,0x9）

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

Key Name: Enabled

Type: REG_DWORD

Data: 1

===other DC & Client===

Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

Key Name: Type

Type: REG_SZ(String Value)

Data: NT5DS

Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

Key Name: AnnounceFlags

Type: REG_DWORD (DWORD Value )

Data: 0xa

---

Tips:

1.Make sure that the UDP port 123 is open.

2.Be able to ping the NTP time server.

Meanwhile, you should disable the time sync on VMware.

Disabling Time Synchronization (1189)

https://kb.vmware.com/s/article/1189

Disabling Time Synchronization

https://docs.vmware.com/en/VMware-Tools/11.1.0/com.vmware.vsphere.vmwaretools.doc/GUID-678DF43E-5B20-41A6-B252-F2E13D1C1C49.html

I hope the information above is helpful.

If you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

Answer 3

Hi guys,

Thank you both for your replies. The only recent change that occurred in our organization was a planned power outage for maintenance in our building two weeks ago. Since then the time has been off. I did not make any configuration changes since then, I safely powered down all of our equipment before the power outage. The only "change" I have made since is sending different time sync commands through command prompt in an attempt to resync the time. Our UDP port 123 is also configured correctly.

Answer 4

Hello Joey Belarde,

Thank you for your reply. You can try to check the information to see if it helps.

And you can run commands below on PDC and other problematic machines, and check the result.

w32tm /query /source

w32tm /query /status

w32tm /query /configuration

If you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou