reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0
1.
net stop w32time
2.
w32tm /unregister
3.
w32tm /register
4.
Net start w32time
5.
w32tm /config /update /manualpeerlist:"0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8 3.pool.ntp.org,0x8" /syncfromflags:MANUAL
6.
w32tm /config /update
7.
net stop w32time && net start w32time
8.
w32tm /resync /rediscover
IMHO it should be a best practice NEVER to allow a Domain Controller to enter a "saved state". That being the case, it would be advised to decouple (turn off) the virtualDC from the host time sync in Integration Services.
Now the two machines, host and guest, operate independently from one another in terms of time synchronisation. The host can update as usual from an external or another internal source, whilst the DC, which is usually responsible for teh time synch in its domain, can sychronise from its external source. Drift between the two should be minimal and operations should not be affected by any time matters.
Steven Teiger
Steven keep in mind that this is the NEW way to do time sync. They are now recommending to do a partial hook.
The reason being?
I think people are over-thinking this. (a) its the only DC, so saving state is fine (there are no replication partners to worry about). (b) Just have the host sync to pool.ntp.org and all the guests sync to the host - keeps everything in lock-step.
This article is very helpful, but there is still some confusion on what is the *LATEST* guidance for this issue.
It looks like this article last updated on 7/31/12.
Note the conflicting recommendation in the following paragraph from the "Time Service" section of the article "Running Domain Controllers in Hyper-V" which was last updated 9/20/12 (reference here: technet.microsoft.com/.../dd363553(v=ws.10).aspx):
====================================
Time Service
For virtual machines that are configured as domain controllers, it is recommended that you disable time synchronization between the host system and guest operating system acting as a domain controller. This enables your guest domain controller to synchronize time from the domain hierarchy.
To disable the Hyper-V time synchronization provider, shut down the VM and clear the Time synchronization check box under Integration Services.
noteNote
This guidance has been recently updated to reflect the current recommendation to synchronize time for the guest domain controller from only the domain hierarchy, rather than the previous recommendation to partially disable time synchronization between the host system and guest domain controller.
For information about installing and using Integration Services, see Hyper-V Getting Started Guide (go.microsoft.com/fwlink).
For virtual machines that are configured as domain controllers, it is recommended that you partially disable time synchronization between the host system and guest operating system acting as a domain controller. This enables your guest domain controller to synchronize time for the domain hierarchy, but protects it from having a time skew if it is restored from a Saved state.
To partially disable the Hyper-V time synchronization provider, leave Time synchronization enabled under Integration Services and run the following command from an elevated command prompt on the guest domain controller:
Copy
This command stops Windows Time service (W32Time) from using Hyper-V time synchronization integration when the guest domain controller’s operating system is started. With this setting disabled, the Hyper-V time synchronization provider is only used if the guest domain controller is rebooted or restored from a Saved state.
It is important to ensure that your host machine is syncing with a reliable time service to avoid any time skews.
For more information about the Hyper-V time synchronization service see the following blog entry, Time Synchronization in Hyper-V (go.microsoft.com/fwlink).
Thanks,
Jeff Deininger
In case it wasn't clear from my question above, it looks like the "time service" section pasted above contains both the old recommendation (i.e. completely disable the Hyper-V Time Sync integration service) and the new recommendation (i.e. leave the Hyper-V Time Sync integration service enabled, allow "save state" for a lone DC with no replication partners, and then add the VMICTimeProvider reg key).
What's the final verdict?
Another point of clarification: my question is about Hyper-V on Windows Server 2008 R2 SP1. If somebody knows if there are any changes to the guidance for Hyper-V on Windows Server 2012 that would be helpful as well.
Best,
I think the article should start with how to configure the time service on the Hyper-V parent. And changes require there aside from making sure that the time service is set to run automatically?
As I have been researching this now for a while, I wanted to update everyone that the method has again changed. It is no longer recommended to "partially" disable time sync, but to fully do so. Please see the article below, last update April 2, 2013 as of this post. technet.microsoft.com/.../dd363553(v=ws.10).aspx
Snippet:
Note