Time Sync on Domain
Determine the extent of the problem
The first step in troubleshooting a Windows Time service issue should be to determine how many machines are affected. If the time is incorrect on only one machine, the steps required to fix the problem will be different from the steps required to fix a domain-wide time issue.
If only a few machines are affected
- If the affected machine is running Windows Vista or later, run w32tm /query /source at a command prompt to determine the time source of the affected machine. An external time source should only be listed if this command is run on the PDC Emulator; otherwise, the command should output the name of a DC in the domain.
- The w32tm /query /status command also shows the machine's time source, as well as other potentially useful information. The /verbose switch provides even more information. As with the first command, these switches are only available on machines running Windows Vista or later.
- If the correct time source is listed, you can use w32tm /resync to attempt to resynchronize the machine's clock with the time source. Adding the /rediscover switch to this command causes the machine to first attempt to discover network time sources, then attempt a resync.
- To change the machine's time source, you can use one of two commands:
w32tm /config /syncfromflags:DOMHIER /update configures the machine to use the domain hierarchy (AD) as its time source.
w32tm /config /syncfromflags:MANUAL /manualpeerlist:<list> /update configures the machine to use the time servers in <list> as its time source.
Note: If multiple time servers are specified in <list>, they must be separated by spaces, and the entire list must be enclosed in quotation marks.
If the entire domain is affected
- If the time is incorrect on all machines in the domain, the PDC Emulator is very likely the source of the problem. Run the netdom query fsmo command on a DC to determine which DC holds the PDC Emulator role.
- Run w32tm /query /source from a command prompt on the PDC Emulator to ensure that it is configured to synchronize with an external time source. The PDC Emulator should never be configured to synchronize with the domain, since it is the domain's master time source.
- If the PDC Emulator is a virtual machine (VM), disable guest-host clock synchronization. The procedure for doing this depends on the operating system running on the virtualization host.
- To configure the PDC Emulator to sync with one or more external time servers, use the following command:
w32tm /config /syncfromflags:MANUAL /manualpeerlist:<list> /update
Note: If multiple time servers are specified in <list>, they must be separated by spaces, and the entire list must be enclosed in quotation marks.
Group Policy
If you make changes to the Windows Time service using w32tm commands or via the registry, but those changes don't take effect at all or take effect for only a short time before reverting to their previous values, there may be a Group Policy Object (GPO) overriding your changes. Group Policy settings for the Windows Time service include many of the same items that can be configured via the registry or w32tm commands. These settings can be found in the following location:
Computer Configuration\Policies\Administrative Templates\System\Windows Time Service
Reset the Windows Time service registry values to default settings
If all else fails, this procedure will reset the Windows Time service to its default settings:
- Open the Services console and stop the Windows Time service (or run net stop w32time from a command prompt) if it is running.
- Open an elevated command prompt and run w32tm /unregister to remove the Windows Time service from the registry. The service will no longer be listed in the Services console.
- Run w32tm /register to recreate the service with its default registry settings.
- Make any needed registry changes, then start the Windows Time service in the Services console or with the net start w32time command.