[sc:windows-category ]My previous posts about moving from VMWare Server to Hyper-V for my main servers I didn’t touch on time services as in general it’s not something you have to think about too much.
However, over the last couple of weeks I have noticed that my domain controllers started to get farther and farther out of sync with the real time. Last week it was at about 10 minutes so it was time to do something about it.
Within my current configuration there are three competing clocks trying to set the time on the virtualized domain controllers:
- The NTP configuration on the DC
- The Hyper-V time sync service
- The NTP configuration on the host motherboard
In my original setup I had configured the DC’s to point to an external NTP source to get their time settings, then set the motherboard to point to the DC’s for it’s time.
This probably would have been fine except for Hyper-V also trying to keep the DC’s in line… what I believe was happening was as follows:
- During normal run time, the DC’s would pull from the NTP servers and set the clock
- Hyper-V would see the drift and “correct” it to the host time, which would always drift a bit due to the software clock
- The Hyper-V host was part of the domain so the domain time sync would then also update the host clock to be off as well
- Each time the host rebooted (patches, etc), it would pull the time from the DC, which would off a bit due to Hyper-V fixing the clock all the time
- This drift would then become the new norm and the process would start all over again
In any given month, the drift was not too bad, but over multiple months it added up to the 10 minutes or so I was seeing.
My first instinct was to kill the Hyper-V time sync service on the DC’s, but that just messed up the DC clocks due to the virtualization.
What I believe will resolve the issue (I’m going to have to wait a couple of months to make sure of course) is to instead set the motherboard NTP servers to the same NTP servers that the DC’s use and leave the Hyper-V time sync service in place. This should ensure that during reboots the MB clock is updated to the right time and that should propagate through to the DC’s. This would break the loop and keep the clock’s in sync with the proper time again.
