Thursday 1 May 2014

Hyper-V Standalone: Configure the Host as Authoritative Time Server and Guests to Use It

We have a number of single server virtualization solutions where the VMs are running at quite a high load point.

This tends to create timing issues with the VMs not being able to keep up with keeping time. In some cases we have SQL VMs that can skew time visibly.

So, we need a reliable time source. We are not able to set pool.ntp.org as the time source for the primary DC in this situation as it would not be keeping time very well either thus requiring a more frequent polling interval. Do that with ntp.org and the server will receive a Kiss-of-Death packet in short order.

So, we configure our Hyper-V host to be an authoritative time server polling ntp.org's servers every 30 minutes.

To do so we need to set things up on the host.

  1. Allow UDP Port 123 Inbound on the firewall
  2. Configure the host as a time server: KB816042 How to configure an authoritative time server in Windows Server
  3. We run the Fix It Myself steps
  4. Verify Type is set to NTP
    • image
  5. We specify the regional pool.ntp.org servers
  6. Set AnnounceFlags to 5 in
    • HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
  7. Enable the NTPServer service by setting Enabled to 1
    • image
  8. Default Poll Interval
    • image
  9. Set the SpecialPollInterval to 15 minutes
    • image
  10. Set the phase correction settings to 30 minutes
    • image
  11. net stop w32time && net start w32time

We use this free tool to test our setup from a client system:

Drop in the Hyper-V host's name and we should see the following:

image

Once we have a successful time poll we run the following command set on the PDCe VM as per our previous blog post on time skew:

  1. w32tm /config /syncfromflags:manual "/manualpeerlist:Hyper-V.DOMAIN.LOCAL,0x1" /reliable:yes
  2. w32tm /config /update
  3. net stop w32time && net start w32time
  4. w32tm /resync /force
  5. w32tm /query /source

The final result should be the Hyper-V server as source time.

We then create a batch file with the step 4 command in it and schedule that batch file to run as frequently as every minute on the most demanding VMs.

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business

3 comments:

David Moisan said...

At SATV, we have one of our other Windows machines running Meinberg's NTP server with an inexpensive serial Garmin GPS puck. The software is free--it's a port of the official NTP reference code, and the puck only ran us $80. Depending on the shop that ultimately hosts a Hyper-V server, this is just coffee money.

It works very well while still preserving the NTP.org pool for backup and cross-checking.

We have all our servers, and selected clients, using our in-house GPS server plus three of the pool servers.

(The adventurous people can get the code from ntp.org; it does build in Visual Studio and would run nicely in a Hyper-V host; my personal NTP box is an ARM appliance, a story for another day.)

I also love a third-party control panel applet called W32TMDT. This is a friendly way of configuring the Windows time service, and also a great diagnostic tool for comparing different time sources on any one machine.

Anonymous said...

Thanks for this Phil...
The NTP Server Tool did nothing, and I have no way of knowing if it's the tool, maybe not compatible with Server 2012r2, or if there's something else wrong.
When you say, "Allow UDP Port 123 Inbound on the firewall" above, do you mean the software firewall on Server 2012, or just the router's firewall?

Philip Elder Cluster MVP said...

If the tool does not present any results it never touched the NTP service.

Open the firewall port on the _host_ to allow NTP polls inbound.