I got the message “the computer did not resync because no time data was available” after running “w32tm /resync /force”.
I had followed the various howtos out there*, and checked them against each other : as expected, they differed slightly, but none of them worked for me. Well, it turned out that I needed to run the update command, below.
(I thought the problem was that the firewalls were blocking; though I never had such problems with ntp on Linux, or on XP or 7 which allow you to set the time server in a GUI. I opened up port 123 on each of the firewalls: on the local server, the VM host if it’s on a VM, and the firewall. Open them up inbound and outbound, UDP, port 123. I ended up port forwarding port 123 from the gateway to the DC, but maybe that’s not necessary. I thought an outgoing NTP packet would open up the incoming port. — After the configuration was operational, I tested, and the firewall configurations were not necessary.)
The value of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters key needs a value like this:
0.north-america.pool.ntp.org,0x1 1.north-america.pool.ntp.org,0x1
That’s a space-delimited list, with “,0x1” appended to each domain. Yes, it’s totally weird, and there are some howtos that don’t do it that way, but MS says to do that. They just don’t show you a concrete example.
The purpose of “,0x1” is that it specifies the server to use the SpecialPollInterval to query the timeservers; this value is 3,600 seconds (1 hour).
If you remove the “,0x1”, w32tm will set the poll interval dynamically, based on how accurate the computer seems to be. The upper and lower limits are defined by MaxPollInterval and MinPollInterval, which default to 1024 and 64 seconds respectively. So they’ll poll anywhere from approximately every minute to every 15 minutes, which is fairly frequent. It’s appropriate for a LAN, where you need systems to be in sync.
You need to force w32tm to reload its configuration from the registry:
w32tm /config /update
Check the config with:
w32tm /query /source
The result should be like this:
0.north-america.pool.ntp.org,0x1
There are just a lot of “i”s to dot and “t”s to cross.
A quick fix for time drift in a DC running in a Virtual Machine
I have a DC running in a Hyper-V VM. The default configuration is to sync the VM from the VM host. Well, what I had was a VM host that was in the domain, and getting its time from the DC. This was creating a circular reference between the VM host and the DC (running in a VM on the VM host).
If you reset only one clock, it’ll quickly try to sync with it’s network reference time server, which has the wrong time.
In order to set the time, you need to turn off w32tm on both the VM host and the DC running in the VM. Then, set the clocks the same. Then, restart w32tm on each.
net stop w32time
— now set the time — I just use the GUI
net start w32time
Once you get the times synced, and close to whatever is at time.gov (in the USA), you can fix your DC by having it get time from ntp.org.
This circular reference between these two time servers is stupid. It probably causes time drifts to either cancel each other out, or amplify each other, depending on the direction of the drift in each instance of Windows. My system drifted several minutes in a couple months.
Gotchas
You might have some issues with booting, or warning messages, when you reboot VMs and the time’s changed. So watch them reboot and check their times.
References
http://technet.microsoft.com/en-us/library/cc773263%28v=ws.10%29.aspx
http://support.microsoft.com/kb/816042
http://www.sysadminlab.net/windows/configuring-ntp-on-windows-2008-r2
I didn’t use this page about the ntp client, but it looked good.
This article linked to mine.