How do I re-enable the VM IC Time Synchronization Provider for a Hyper-V client?
The best practice for time sync on Hyper-V is:
For Domain Controllers: Disable Hyper-V time sync inside the guest, but leave Hyper-V time sync enabled on the virtual machine configuration in the Hyper-V management console. This way Hyper-V sets the clock when the guest boots or resumes from a pause, but during normal operation the guest is responsible for its own clock. Use this command on the guest to stop it from using VM IC:
reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0
(For a domain controller, it is important that it be responsible for its own time sync because AD needs to know the quality of the time. If the guest is managing the clock, it has access to the quality indicator of the network time. But if Hyper-V is managing the clock, then the guest sees the clock as an authoritative clock and always assumes it's correct, even when it's not.)
For all other guests: Use the Hyper-V guest additions to sync the clock. If the guest does not have additions installed then use the hardware clock, which the Hyper-V hypervisor will emulate.
Since in your case you've monkeyed with the time sync settings on your DC guests, I suggest that you reset your w32time settings first, then reinstall the guest additions, and finally apply the registry setting above.
Related videos on Youtube
01 : 52
06 : 58
01 : 29
02 : 10
02 : 11
halra
Never forget: :w !sudo tee % Save a file in vim when you neglected to open the file with sudo but already made changes you don't want to lose. Ctrl+X,* Evaluate globbing on your current input on the bash command line. postfix flush Pump out the postfix queue on your backup MX after you've fixed the issue with your primary MX. git tag -l | xargs -n 1 git push --delete origin; git tag | xargs git tag -d Delete all tags from a git repo - remotely and locally. sudo apt-get purge $(for tag in "linux-image" "linux-headers"; do dpkg-query -W -f'${Package}\n' "$tag-[0-9]*.[0-9]*.[0-9]*" | sort -V | awk 'index($0,c){exit} //' c=$(uname -r | cut -d- -f1,2); done) Delete old kernels https://signup.microsoft.com/productkeystart Register new Office 365 product keys for an existing tenant.
Updated on September 18, 2022Comments
-
halra over 1 year
We have a Windows domain network with 2 Hyper-V hosts. On these hosts, there are several Hyper-V VM clients. Two of these clients are Domain Controllers.
The Hyper-V hosts are both clients of that domain. This brings one to a common time synchronization issue, as the hosts will try to sync their time with the PDC emulator and the domain controllers sync their time with the Hyper-V host.
While working on that issue, I didn't realize that the firewall in the network does not allow outgoing traffic on port 123. Which lead to several (failed) reconfiguration attempts.
Switching the time source
Once the problem was understood, I set the hosts up to sync to a reliable, on-site time source and wanted the DCs to simply use the VM IC Time Synchronization Provider again (so that they would sync the time with the host).
But one of the DCs is refusing to switch to the VM IC Time Synchronization Provider, it still uses the Local CMS Clock source (which, to my understanding, is not desirable).
What failed so far?
I tried disabling the Time Synchronization component for that VM in the Hyper-V Manager, then rebooting the machine, restarting the w32time service a couple of times, re-enabling the Time Synchronization component. That didn't work. I also tried other permutations of this process that didn't help either.
I tried changing the
Enabledvalues in the registry (HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders) for the different time providers.I re-installed the Hyper-V integration package in the client.
-
longneck almost 12 yearsIdeally, all of your DC's should not be synchronized to an external time source; only one of them should be. The rest should be allowed to synchronize from that DC.
-
halra almost 12 yearsThanks for pointing that out. I adjusted my configuration accordingly. :)
-
tne over 10 yearsBy adding the
VMICTimeProviderand setting it to 0 on our DC,w32timewas using the CMOS source when restarted. However, attempting to configure it to use the peer list (MANUAL sync flag) would systematically reset the source to the VM IC Time Provider (the registry key wouldn't be touched, and remained with a value of 0). I did resort to disabling the IC for the guest DC on its hypervisor despite present advice and thew32timepromptly used the correct source (peer list) after a service restart. I'd be grateful to any of you for any thoughts on how to resolve this without disabling it.
