Q: What is the correct time synchronization configuration for a virtualized Flexible Single Master Operations PDC on Hyper-V 2012 and later?
A: The exact guidance on time configuration for a forest root Flexible Single Master Operations (FSMO) PDC that is virtualized has varied over time. Typically, the forest root FSMO PDC should have an external reliable time source. All other domain controllers in the domain and child domains essentially use the forest root FSMO PDC as their time source, and then domain-joined machines use the domain controllers for the time source.
A complication is that Hyper-V Integration Services synchronizes the time of virtual machines with the physical host because virtual machines tend to experience time drift over time. You should never disable Hyper-V Time Synchronization because it's important when the virtual machine boots and resumes saved states. (For more information, see the Microsoft article "Time Synchronization in Hyper-V.") Run the following command on the forest root FSMO PDC (check the running command netdom query fsmo) to disable aspects of time synchronization from Hyper-V:
- reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0
Next, set an external time source—for example:
- w32tm /config /manualpeerlist:time.windows.com,0x1 /syncfromflags:manual /update
Then restart the time service:
- net stop w32time & net start w32time
If you check the time source, it should show the NTP server you specified:
- C:\>w32tm /query /source