Hyper-V Time Sync for VM Domain Controller
Solution 1:
@PSaul is mostly correct. You do not want to use time.microsoft or time.windows.com as your time source for your Domain Controller that is holding the PDC Emulator FSMO Role. As the default they are heavily used, often slow due to lack of locality and sometimes unavailable. Pick a NTP pool that is closer to you.
However, do not disable Hyper-V Time Synchronization integration. It is required for certain functions like resetting the time after a reboot or when the virtual machine comes back from a saved state. What you want to do is to tell your virtualized Domain Controllers to ignore their Hyper-V host as a time source.
This can be done as follows:
reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0
This command removes Hyper-V time source as a possible source for W32Time.
w32tm /config /syncfromflags:DOMHIER /update
Now tell W32Time to go search for the best possible time source in the domain hierarchy. If you want to use an external source for both Domain Controllers you can configure it to do so using the commands @PSaul posted or from here. Generally speaking, the Domain Controller holding the PDC Emulator role should sync from the external source and your other Domain Controllers should sync from it.
net stop w32time & net start w32time
w32tm /resync /force
Restart the time service and force a resynchronization.
w32tm /query /source
Finally you should confirm that your Domain Controllers have the correct time source.
See Ben Armstrong's excellent blog post for more details.
Solution 2:
I have finally got it working! The goal of this is to help people out who are starting at the beginning of setting a Domains time.
In this example all Servers, Primary Domain Controller (PDC), other Domain Controllers (DC) and other servers are running Windows 2008 R2 and are virtualized with Hyper-V.
First things first you will read to disable the 'Time Synchronization Integration Service' on any virtual machine within Hyper-V but instead you should manipulate the Windows Time Service (w32tm service) from within the virtual DC, you should not disable this because when a VM restarts this will cause problems, it should be done with w32tm. MSDN info
You will need to find out what server is the PDC and running FSMO roles. Run this: netdom query fsmo The result should be your PDC and this is where you make most of your changes.
Make sure in the firewall there is an “Outbound” rule on UDP123 and the program is %SystemRoot%\System32\w32tm.exe just browse to windows directory and find the exe for time
This is where the registry changes go down!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time
Make sure the PDC under config in the above registry address is set to NTP for “Type“ and all other servers are NT5DS, this means NTP is the daddy! Best practice here is to have the PDC look externally for time and everything sync to it.
Run this on all domain controllers (including PDC), it will partially disable windows time so it does not look at the host machine for time, important because we are virtual.
reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0
You can go to the ntp.org site to find a server closest to you to sync your external time. I recommend not using Microsoft as they are heavily used and can slip out because of this.
The command below will set the PDC to look externally but also check the registry settings as defined here to sync externally (you need to do both) MS KB 816042
Run this on PDC
w32tm /config /manualpeerlist:"0.pool.ntp.org,0x1" /syncfromflags:MANUAL /reliable:yes
w32tm /config /update
w32tm /resync
w32tm /resync /rediscover
Run these 2 commands at any time on any server to see their source and when they last updated, these will be used throughout this exercise to make sure your PDC and other servers are getting time from the right place
w32tm /query /status
w32tm /query /source
Then run this on all DC except the PDC, it will make them look at the PDC for time and resync to it
w32tm /config /syncfromflags:DOMHIER /update
net stop w32time
net start w32time
w32tm /resync /force
Issues: When you run the Status or Source query give them a minute or 2 after changes, you should not be looking at the Local CMOS Clock and you should not be using VM IC Time Synchronization Provider as source either.
If successful the PDC should read the external site you have set and the other servers should say the PDC as source
Hope this helps people good luck!