I work at a dental office (and am not an IT professional, hence this post haha), and we have several computers using Windows 10 on a domain using Windows Server 2012. The time is right on the domain controller but it's a few minutes off on the normal computers in the domain and that's messing with the software we use to schedule appointments.
In Command Prompt on the PDC, I ran
w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /updatenet stop w32tmnet start w32tmw32tm /resync /rediscoverbut it says "The computer did not resync because no time data was available."
I have everything set to "Not configured" for Windows Time Service under the "Default Domain Policy" and "Default Domain Controllers Policy" group policies (idk which one is important for this). Also on the normal computers I ran w32tm /config /syncfromflags:domhier /update and verified in the registry editor that the type value was set to "NT5DS".
Additionally, w32tm /query /configuration shows that time.windows.com is the server, but running w32tm /query /source says the source is still "Local CMOS Clock," which apparently is the default if unable to connect to the NTP server. So it's a connection problem right? From what I've read it could my firewall is blocking the connection, so in Windows Firewall Advanced Settings I added new rules for both outbound and inbound calls for UDP port 123 which is apparently what the NTP uses. I installed netcat and tried ncat -u -v -z -w 2 time.windows.com 123 which appears successful so I'm not sure what the problem is. I've also heard that time.windows.com just kinda sucks so maybe I can try a different time server if no one has a solution.
Again I have no idea what I'm doing and I'm just going off the internet and ChatGPT so hopefully someone can point out what I'm missing. Thanks!
Edit Here is the "Time Providers" section of w32tm /query /configuration on both client and server:
Client:
[TimeProviders]NtpClient (Local)DllName: C:\WINDOWS\SYSTEM32\w32time.DLL (Local)Enabled: 1 (Local)InputProvider: 1 (Local)CrossSiteSyncFlags: 2 (Local)AllowNonstandardModeCombinations: 1 (Local)ResolvePeerBackoffMinutes: 15 (Local)ResolvePeerBackoffMaxTimes: 7 (Local)CompatibilityFlags: 2147483648 (Local)EventLogFlags: 1 (Local)LargeSampleSkew: 3 (Local)SpecialPollInterval: 3600 (Local)Type: NT5DS (Local)NtpServer (Local)DllName: C:\WINDOWS\SYSTEM32\w32time.DLL (Local)Enabled: 0 (Local)InputProvider: 0 (Local)Server:
[TimeProviders]NtpClient (Local)DllName: C:\Windows\system32\w32time.DLL (Local)Enabled: 1 (Local)InputProvider: 1 (Local)AllowNonstandardModeCombinations: 1 (Local)ResolvePeerBackoffMinutes: 15 (Local)ResolvePeerBackoffMaxTimes: 7 (Local)CompatibilityFlags: 2147483648 (Local)EventLogFlags: 1 (Local)LargeSampleSkew: 3 (Local)SpecialPollInterval: 3600 (Local)Type: NTP (Local)NtpServer: 0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8 3.pool.ntp.org,0x8 (Local)NtpServer (Local)DllName: C:\Windows\system32\w32time.DLL (Local)Enabled: 1 (Local)InputProvider: 0 (Local)AllowNonstandardModeCombinations: 1 (Local)VMICTimeProvider (Local)DllName: C:\Windows\System32\vmictimeprovider.dll (Local)Enabled: 0 (Local)InputProvider: 1 (Local)I also reviewed the event logs on the PDC and it's logged the following warning every so often for the past 8 months:
The time service has not synchronized the system time for 86400seconds because none of the time service providers provided a usabletime stamp. The time service will not update the local system timeuntil it is able to synchronize with a time source. If the localsystem is configured to act as a time server for clients, it will stopadvertising as a time source to clients. The time service willcontinue to retry and sync time with its time sources. Check systemevent log for other W32time events for more details. Run 'w32tm/resync' to force an instant time synchronization.
And on a client event log I have these under Time-Service:
Information:
The time provider 'VMICTimeProvider' has indicated thatthe current hardware and operating environment is not supported andhas stopped. This behavior is expected for VMICTimeProvider onnon-HyperV-guest environments. This may be the expected behavior forthe current provider in the current operating environment as well.
Warning:
NtpClient was unable to set a domain peer to use as a time sourcebecause of discovery error. NtpClient will try again in 15 minutes anddouble the reattempt interval thereafter. The error was: The entry isnot found. (0x800706E1)
Information:
The time provider NtpClient is currently receiving valid time datafrom pool.ntp.org,0x8 (ntp.m|0x8|0.0.0.0:123->131.243.64.12:123).
Warning:
Time Provider NtpClient: No valid response has been received fromdomain controller Server.Dental.local after 8 attempts to contact it.This domain controller will be discarded as a time source andNtpClient will attempt to discover a new domain controller from whichto synchronize. The error was: The peer is unreachable.
and similar to what appeared on the PDC,Warning:
The time service has not synchronized the system time for the last86400 seconds because none of the time service providers provided ausable time stamp. The time service will not update the local systemtime until it is able to synchronize with a time source. If the localsystem is configured to act as a time server for clients, it will stopadvertising as a time source to clients after 0 seconds. The timeservice will continue to retry and sync time with its time sources.Check system event log for other W32time events for more details. Run'w32tm /resync' to force an instant time synchronization. You cancontrol the frequency of the time source rediscovery usingClockHoldoverPeriod W32time config setting. Modify the EventLogFlagsW32time config setting if you wish to disable this message.
So obviously something is going wrong, I just haven't discovered it yet.