Windows 2019 Server syncs time with ESX host rather than NTP server

windows ntp

We're building a new server stack. Our first Windows 2019 VM syncs to the ESX 7 host it's on rather than the NTP service on our router.

The results of "w32tm /query /configuration" are below. Note the setting "NtpClient" has Enabled "1". And "VMICTimeProvider" has Enabled "0".

Despite that, the command "w32tm /query /source" returns "Local CMOS Clock"

I have run "w32tm /config /manualpeerlist:"10.233.0.1" /syncfromflags:manual /reliable:yes /update", followed by restarting the Windows Time Service. But it has had no effect.

To test this, I manually set the time on the ESX host to 20 minutes behind the NTP server (and turned NTP service off on the ESX host). Then I manually set the VM time to midnight.

The command "w32tm /resync" failed. But after rebooting the VM, the time changed from midnight to the ESX host's time. It did not reset to the time on the NTP server.

We can ping the NTP server. Other hosts are syncing to the NTP server. I don't know why this VM refuses to sync with it. Based on the config below, can you give me some ideas?

[Configuration]

EventLogFlags: 2 (Local) AnnounceFlags: 5 (Local) TimeJumpAuditOffset: 28800 (Local) MinPollInterval: 6 (Local) MaxPollInterval: 10 (Local) MaxNegPhaseCorrection: 172800 (Local) MaxPosPhaseCorrection: 172800 (Local) MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local) PollAdjustFactor: 5 (Local) LargePhaseOffset: 50000000 (Local) SpikeWatchPeriod: 900 (Local) LocalClockDispersion: 10 (Local) HoldPeriod: 5 (Local) PhaseCorrectRate: 7 (Local) UpdateInterval: 100 (Local)

[TimeProviders]

NtpClient (Local) DllName: C:\windows\SYSTEM32\w32time.DLL (Local) Enabled: 1 (Local) InputProvider: 1 (Local) AllowNonstandardModeCombinations: 1 (Local) ResolvePeerBackoffMinutes: 15 (Policy) ResolvePeerBackoffMaxTimes: 7 (Policy) CompatibilityFlags: 2147483648 (Local) EventLogFlags: 0 (Policy) LargeSampleSkew: 3 (Local) SpecialPollInterval: 1024 (Policy) Type: NTP (Policy) NtpServer: 10.233.0.1 (Policy)

NtpServer (Local) DllName: C:\windows\SYSTEM32\w32time.DLL (Local) Enabled: 1 (Local) InputProvider: 0 (Local) AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local) DllName: C:\windows\System32\vmictimeprovider.dll (Local) Enabled: 0 (Local) InputProvider: 1 (Local)


Solution 1:

When rebooting, the virtual CMOS (and its emulated Real Time Clock) is reset by the hypervisor to the default value (ie: its own clock). It is done to give the newly started VM a reasonable "base clock" for booting.

In other words, it is perfectly normal (and highly desired) for the guest clock to initialize its time from the hypervisor when booting; after that, you can use your NTP client of choice inside the guest OS to synchronize its clock with an high accuracy.

With regard to VMWare, be sure to uncheck the "Synchronize guest time with host" option from VMWare Tools and be aware of the additional synchronization points explained here

Solution 2:

There are a bunch of events that by default cause a VM to sync its time with the host. It is possible to turn them off: https://kb.vmware.com/s/article/1189

Related

Disk write latency with and without RAID
openvpn server not showing traffic using tcpdump
Why went dovecot pop3/imap server down?
Scaling nginx beyond 45k connections
INSERT INTO ... SELECT
CSS backdrop effect - blur background of search bar
scala reduce a complex structure
Is (int)(unsigned)-1 == -1 undefined behavior
How to restrict the application endpoint from loading in a browser?
how can we unpublish item with its subitem for one particular language in sitecore?
Deploying to Cloud Run with a custom service account failed with iam.serviceaccounts.actAs error
In Sitecore powershell, can you make an item unpublishable