Windows Server time is constantly modified (time out of sync resolved)

Server time in a domain is constantly being modified, I first collected some information from the user

This problem is the only one that occurs, and the other servers are normal

System version \ Server usage (consider if software is causing this problem) \ Log information \ is a virtual machine

1. The system version is Server 2008 Datacenter Edition

2. The use is a diagram of the server

3. Log information For example, this log is the system log, the event ID is 1, the time from 2016-7-21 00:50:59 was changed to

2016-07-21 08:32:31

4. is a VMware virtual machine

650) this.width=650; "title=" 1.png "alt=" Wkiom1eu4vqzjwkmaaeovenqh48520.png "src=" http://s4.51cto.com/wyfs02/M02/ 85/eb/wkiom1eu4vqzjwkmaaeovenqh48520.png "/>

= = First day

1) Determine if the server's time service is starting normally

650) this.width=650; "title=" 1.png "alt=" Wkiom1eu4vazyfxoaadwk3yclcy287.png "src=" http://s4.51cto.com/wyfs02/M01/ 85/eb/wkiom1eu4vazyfxoaadwk3yclcy287.png "/>

2) Check if the virtual machine is synchronized with the ESXi host and the ESXi host is not checked for time synchronization

650) this.width=650; "title=" Qq20160813170746.png "alt=" wkiom1eu45cthfubaaglyahp2xk403.png "src="/HTTP/ S3.51cto.com/wyfs02/m02/85/eb/wkiom1eu45cthfubaaglyahp2xk403.png "/>

3) Because the user is not the admin domain, I asked the user to ask the IP address of the DC and then use net time to synchronize

Previously dealt with a problem is also time is out of sync, using the net is good, net time \\ip or computer name/set, will be synchronized immediately

= = Next day

1) The next day the user told me that time has been changed, combined with the last time to change the interval, in fact, the time changes are regular, every 7 hours and about 41 minutes will be changed

2) In fact net time this command is very chicken! The W32TM command is also needed to get a better approach to the solution.

Run the command on this server to view the list of NTP servers for this machine

W32tm/query/peers

Then modify the server in the NTP server list (double quotation marks separated by spaces) to fill in the FQDN of the PDC server

W32tm/config/update/manualpeerlist: "Server1-fqdn server2-fqnd" (Here I set the 10.138.207.22,fqdn I can't say ... ）

3) Create a folder W32Time under C, and then run the following command to turn on Debuglog.

w32tm/debug/enable/file:c:\w32time.log/size:10000000/entries:0-116

The debug log can see when the server exactly synchronizes

650) this.width=650; "title=" Qq20160813170746.png "alt=" wkiol1eu5_may01daaancunxq7c510.png "src="/HTTP/ S5.51cto.com/wyfs02/m00/85/eb/wkiol1eu5_may01daaancunxq7c510.png "/>

In addition, you can change the value of the registry if you want to change the debug log path

Hkey_local_machine\system\currentcontrolset\services\w32time\config

= = Third Day

1) The time is then modified, the debug log that was turned on has played a role, open the debug log, look for, find three IP address

10.142.10.33 a domain control in Singapore (manually set the

10.138.207.26 a local control in Beijing

10.138.164.167 Native IP

Hkey_local_machine\system\currentcontrolset\services\w32time\ Parameters The value of NetServer is time.windows.com, this value may be caused by the problem, it is changed to 34 (remember to enter the FQDN of 34)

2) Export the registry under this directory

Hkey_local_machine\system\currentcontrolset\services\w32time\

Analysis, the yellow part of the place marked by change to 0 (that is, does not take effect), the system is enabled by default to read the virtual machine time, so you need to shut it down, you must restart the computer to take effect, Vmictimeprovider (virtual machine time supply source)

650) this.width=650; "title=" QQ picture 20160714164448.png "alt=" wkiom1eu6lyh0jtxaablgl9s87g886.png "src="/http S2.51cto.com/wyfs02/m02/85/eb/wkiom1eu6lyh0jtxaablgl9s87g886.png "/>

3) Use the W32tm/query/configuration command to view the configuration

[Timeproviders]

NtpClient (Local)

Dllname:c:\windows\system32\w32time.dll (Local)

Enabled:1 (Local)

Inputprovider:1 (Local)

Crosssitesyncflags:2 (Local)

Allownonstandardmodecombinations:1 (Local)

Resolvepeerbackoffminutes:15 (Local)

Resolvepeerbackoffmaxtimes:7 (Local)

compatibilityflags:2147483648 (Local)

Eventlogflags:1 (Local)

Largesampleskew:3 (Local)

specialpollinterval:3600 (Local)

Type:nt5ds (Local)

NtpServer: (Undefined or notused) there is no NTP Server, normally this will show us the PDC specified manually

The previous settings are not valid? We need to use the W32TM command to set the line

= = Fourth day

1) Then analyze the debug log, from the log information can see the server has two time synchronization source

Two sources are 10.138.207.22 another 10.142.10.33 (Singapore domain control)

650) this.width=650; "title=" Qq20160813170746.png "alt=" wkiom1eu8g6tizhsaaaffzsbxvq368.png "src="/HTTP/ S4.51cto.com/wyfs02/m02/85/eb/wkiom1eu8g6tizhsaaaffzsbxvq368.png "/>650) this.width=650;" Title= " Qq20160813170746.png "alt=" Wkiol1eu8kgzdrjvaaaclqswb7s358.png "src=" http://s1.51cto.com/wyfs02/M02/85/EB/ Wkiol1eu8kgzdrjvaaaclqswb7s358.png "/>

2) 10.142.10.33 is not the PDC, theoretically the client should not synchronize with it because neither is specified manually 10.33

10.138.207.22, this is the time synchronization source we have been specifying, so that the user is asked to run the Netdom query FSMO on 207.22 To see if the PDC is 207.22, the result is that the PDC is 10.34,34 also a Singapore domain control is also pdc,207.22 and 10.33 is a subdomain

3) The reason why the time has been modified: because we set the time source is 207.22, so he will synchronize to 207.22, but 10.34 is the PDC host in our subdomain, the domain client will synchronize time to the PDC by default

= = Final Resolution

1) Does the previous setting 34 for NtpServer not take effect (set NtpServer)

1.w32tm/config/manualpeerlist:pdcfqdn/syncfromflags:manual/reliable:yes/update

2.net stop W32Time & net start W32Time (restart service)

2) View the registry value

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters, see the value has been modified to the FQDN of the PDC

650) this.width=650; "title=" 1111.png "alt=" Wkiom1eu9_tqxli8aacaeavzvbq680.png "src=" http://s2.51cto.com/wyfs02/ M00/85/ec/wkiom1eu9_tqxli8aacaeavzvbq680.png "/>

3) After a few days of observation, user feedback in recent days no time has been modified log, the problem is resolved

= = Summary

1)w32tm/query/peers view NTP server list

2) netdom query FSMO confirms which server the PDC host is

3)W32tm/config/manualpeerlist:pdcfqdn/syncfromflags:manual/reliable:yes/update

Modify the time synchronization source

4)w32tm/debug/enable/file:c:\w32time.log/size:10000000/entries:0-116 (open time Debug)

If there is a time synchronization problem, according to the above points to troubleshoot, I believe that the problem can be resolved

This article from "Sameold" blog, declined reprint!

Windows Server time is constantly modified (time out of sync resolved)