====== Windows Timekeeping Configuration ======

https://serverfault.com/questions/584397/active-directory-time-synchronisation-time-service-event-id-50/584420#584420

===== Configure the Windows Time Service =====

In an Active Directory domain-based network, this should only have to be done on the PDC.

==== Windows 2000 ====

To configure a Windows 2000 Server for Network Time Protocol (NTP), enter the following commands as an administrator:

<file>
net time /setsntp:pool.ntp.org
net stop w32time
w32tm -once
net start w32time
</file>

==== Windows Server 2003 ====

Windows Server 2003 Forest Root Domain Controller servers are configured like this:

<file>
W32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:manual
W32tm /config /update
W32tm /resync
</file>

The default sync interval for the Windows Time Service is three times a day. If that isn't good enough, you can adjust it...but it takes a registry edit.

==== Windows Server 2008 ====

=== Domain Member ===

<file>
net time /domain:yourdomainname /set /yes
</file>

=== Primary Domain Controller ===

Locate the domain controller where you will configure network time:

<file>
netdom /query fsmo
w32tm /query /source
</file>

Then, on the indicated domain controller:

<file>
W32tm /config /manualpeerlist:"0.us.pool.ntp.org,1.us.pool.ntp.org,2.us.pool.ntp.org" /syncfromflags:manual /reliable:yes
W32tm /resync
</file>

:!: If you  get the error **''The computer did not resync because no time data was available.''**, try a reboot of the DC and **check that NTP traffic is permitted in the firewall** (UDP/123).

If your time is off by too much (more than 3600 seconds), you'll have to set the time manually with the Date and Time applet.

=== Determine Current Configuration ===

<file>
w32tm /query /configuration
</file>

=== Logging ===

Check the Event Viewer for any error messages.

=== Clear Current Configuration ===

If for some reason you need to clear the configuration or start over:

<file>
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
</file>

===== Windows Server 2012 and 2016 =====

http://nefaria.com/2013/03/configure-windows-server-20082012-to-sync-with-internet-time-servers/

<note tip>If you move the PDC FSMO role to another server, and your PDC is stuck on ''Local CMOS Clock'', you may need to use a GPO shown here: https://theitbros.com/configure-ntp-time-sync-group-policy/</note>

==== Check ====

<file>
w32tm /monitor
</file>

==== Primary Domain Controller ====

<file>
net stop w32time
w32tm /unregister
w32tm /register
w32tm /config /manualpeerlist:"0.us.pool.ntp.org 1.us.pool.ntp.org" /syncfromflags:manual /reliable:yes
net start w32time
w32tm /query /status /verbose
w32tm /query /source
w32tm /query /peers
w32tm /query /configuration
</file>

==== Member Server ====

<file>
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /reliable:NO
w32tm /config /update
w32tm /resync
w32tm /query /status /verbose
w32tm /query /source
w32tm /query /peers
w32tm /query /configuration
</file>

===== Virtual Machines =====

FIXME Need verify this statement:

The most accurate way to keep guest operating system time synchronized with real time is probably to use the **VMware Tools** or **XenServer Tools** time synchronization functions.

==== Citrix ====

FIXME Need verify registry entries

{{ :networking:windows:vm_time_sync_disable.reg.zip |Citrix Registry Entries for PDC}}

These registry entries disable time sync to the virtualization host (drift) when using Citrix Tools and allow NTP to work normally.

==== Virtualbox ====

http://www.virtualbox.org/manual/ch09.html#idp13775264

Install the guest additions or use NTP.

==== VMware ====

To enable VMware Tools time synchronization in the guest:

  - Right-click the VMware icon in the System tray on the task bar and choose Open VMware Tools.
  - On the Options tab, check the Time synchronization between the virtual machine and the host operating system box.
  - Click OK to close the dialog box.
  - Disable the Windows Time service from the Services control panel in the guest.
    - Right-click My Computer and choose Manage.
    - Double-click Services and Applications.
    - Double-click Services.
    - Scroll to Windows Time; right-click and choose Properties.
    - Click the Startup type selection box and choose Disable.
    - If the service status is Started, click Stop.
    - Click OK to close the Properties dialog box.

It's a good idea to run a time synchronization tool on the virtualization host, for best accuracy.

===== NTP Servers =====

   0.us.pool.ntp.org 
   1.us.pool.ntp.org
   2.us.pool.ntp.org
   3.us.pool.ntp.org

===== Firewall =====

Open **UDP port 123** on the firewall, both directions.