I’m new to this forum, but I’ve been watching Lawrence’s videos for some time, so I figured the community might know the solution!
I have a VMware ESXi 8.0.0 server on which I have 2 Windows Server 2022 VMs: a domain controller and an RDS.
I noticed that the date and time of my 2 Windows Server VMs were moving forward a few minutes.
So via the ESXi Host Client web interface, I started the ntpd service and configured the NTP client in Host > Manage > System > Time & date.
After some time, the clock of my VMs was updated. I don’t know how, as VMware Tools aren’t installed (yet) on the domain controller.
Now the minutes are synchronized.
But the clock of my VMs is one hour behind.
That is to say that when it’s 2:00pm in Paris, 12:00pm UTC, my Windows VMs are showing 1:00pm.
These VMs are well configured on the time zone “(UTC+01:00) Brussels, Copenhagen, Madrid, Paris”, “Adjust for daylight saving time automatically” is enabled, and the date is right (04/04/2023).
How to make the clock correct, while following VMware “recommended” settings, that is to say, without configuring my DC as a NTP client?
Thank you in advance and let me know if I can bring details.
From the VMWare ESXi host client, edit the configuration of your VM’s. On the options tab, open up the VMWare tools section. Make sure the check box “Synchronize time with host” is checked. That basically does the same thing as setting the date and time in a physical PC. Then the Windows OS will get it’s time from this “clock”.
The default config in a Windows domain seems to be that Windows clients and secondary servers are syncing with the domain controller(s), isn’t it?
I haven’t messed with the domain controller firewall myself, so I guess Windows Server took care of this during the domain controller role installation and setup?
I’ve installed VMware Tools and both my VMs and I have enabled Edit > VM Options > VMware Tools > Synchronize guest time with host for both VMs in ESXi host web interface.
Now on my DC server, in Windows settings > Time & Language > Date & time, “Set time automatically” is enabled (it was previously greyed out), and “Last successful time synchronization” and “Time server” both show “unspecified”, instead of “Free-running system clock” for the latter. Is it expected behavior?
It’s even weirder on my RDS server: the “Time server” is now time.windows.com, instead of dc1..net. I have installed the VMware Tools and rebooted, but I haven’t changed anything else myself. What happened?
Last but not least, there are the client computers joined to the domain. Those still have dc1..net as their Time server, but their clock was still one hour behind this morning, although they’ve been shut down yesterday before my VM updates and been turned on this morning. What’s wrong and how do I fix this?
Again, I’d prefer to stick to the default settings, which seems to be synchronizing clients with the domain controller.
First your DC needs to have it’s clock set as “reliable”, it also needs to be running as a service with the “register” command. All of your clients joined to the domain should be to sync from flags as “domhier” (should be automatic but worth checking).
The DC should be set to have a sync from flags of “manual” and should have a peer to the clock of preference (local NTP clock, time.windows.com, pool.ntp.org, etc.).
Don’t forget the /update command at the end, I think I overlooked this for far too long which is why I was fighting it. Then the net stop w32time and net start w32time after making the changes.
Thank you very much @Greg_E for your insightful reply.
Sorry for the delay, but I was waiting for another opportunity to “mess” with my domain controller, which I can only do on some nights.
First, you made me remember that I had unregistered w32tm, with plan to re-register it, without knowing I’d have to reboot the server in the process. Then I got distracted. I just re-registered it.
Regarding the “reliable” setting, how can I check the current setting? I couldn’t find how to do it in “w32tm /?”. Is “reliable” supposed to be set automatically while deploying the domain controller role?
But your clients may or may not update very often, I have constant problems getting time sync from the domain controllers. Windows Time seems to work with a mind of its own, even when you set things up properly it doesn’t always keep good time. My clients normally stay within about a minute, that’s the closest I can get them to stay. This computer was last synced some 3000 seconds ago and failed several resync commands.
