We have a number of single server virtualization solutions where the VMs are running at quite a high load point.
This tends to create timing issues with the VMs not being able to keep up with keeping time. In some cases we have SQL VMs that can skew time visibly.
So, we need a reliable time source. We are not able to set pool.ntp.org as the time source for the primary DC in this situation as it would not be keeping time very well either thus requiring a more frequent polling interval. Do that with ntp.org and the server will receive a Kiss-of-Death packet in short order.
So, we configure our Hyper-V host to be an authoritative time server polling ntp.org's servers every 30 minutes.
To do so we need to set things up on the host.
- Allow UDP Port 123 Inbound on the firewall
- Configure the host as a time server: KB816042 How to configure an authoritative time server in Windows Server
- We run the Fix It Myself steps
- Verify Type is set to NTP
- We specify the regional pool.ntp.org servers
- Set AnnounceFlags to 5 in
- HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
- Enable the NTPServer service by setting Enabled to 1
- Default Poll Interval
- Set the SpecialPollInterval to 15 minutes
- Set the phase correction settings to 30 minutes
- net stop w32time && net start w32time
We use this free tool to test our setup from a client system:
Drop in the Hyper-V host's name and we should see the following:
Once we have a successful time poll we run the following command set on the PDCe VM as per our previous blog post on time skew:
- w32tm /config /syncfromflags:manual "/manualpeerlist:Hyper-V.DOMAIN.LOCAL,0x1" /reliable:yes
- w32tm /config /update
- net stop w32time && net start w32time
- w32tm /resync /force
- w32tm /query /source
The final result should be the Hyper-V server as source time.
We then create a batch file with the step 4 command in it and schedule that batch file to run as frequently as every minute on the most demanding VMs.
Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business
At SATV, we have one of our other Windows machines running Meinberg's NTP server with an inexpensive serial Garmin GPS puck. The software is free--it's a port of the official NTP reference code, and the puck only ran us $80. Depending on the shop that ultimately hosts a Hyper-V server, this is just coffee money.
ReplyDeleteIt works very well while still preserving the NTP.org pool for backup and cross-checking.
We have all our servers, and selected clients, using our in-house GPS server plus three of the pool servers.
(The adventurous people can get the code from ntp.org; it does build in Visual Studio and would run nicely in a Hyper-V host; my personal NTP box is an ARM appliance, a story for another day.)
I also love a third-party control panel applet called W32TMDT. This is a friendly way of configuring the Windows time service, and also a great diagnostic tool for comparing different time sources on any one machine.
Thanks for this Phil...
ReplyDeleteThe NTP Server Tool did nothing, and I have no way of knowing if it's the tool, maybe not compatible with Server 2012r2, or if there's something else wrong.
When you say, "Allow UDP Port 123 Inbound on the firewall" above, do you mean the software firewall on Server 2012, or just the router's firewall?
If the tool does not present any results it never touched the NTP service.
ReplyDeleteOpen the firewall port on the _host_ to allow NTP polls inbound.