What happens when DC cannot reach external time server?

ntp windows-server-2012-r2

We have a small Windows 2012 R2 domain with a single DC. The DC is advertising as a time server, and the clients are syncing just fine. The DC is getting its time from an external time server, and all is well.

However, what happens in the case of the entire internet connection going down? If the DC can't reach the external time source, does it just stay with its current time and keep trying? At a certain point does it fail back to the hardware clock? If so, what would that failover timing be? Can that be configured?


The domain controller is a always using the hardware clock. The W32time client is just making periodic corrections to it. (Note that "hardware" becomes a nebulous term when talking about a virtualized server.)

If it cannot sync with an external time server, the local clock will keep ticking, but will lose accuracy over time. The local hardware clock will drift by 1-10 seconds per day. That drift can be much higher in the case of a VM.

If the domain controller has lost its connection to an outside time source, it will stop advertising as a "reliable" time server, but it will still be a time server. The clients will still synchronize their clocks against the domain controller. This will continue to happen, even if the domain controller is unsynchronized (at least by default).

When your Internet connection comes back up, the domain controller will re-establish the connection to the outside NTP source, and it will correct itself. The Windows Time Service might make small periodic adjustments to the clock, or it may just "jump" the clock to the correct time, depending on how far out of sync it is. Note that if your clock is way out of sync (>48 hours), the Windows Time Service will not trust the outside time server (at least for Windows 2008 and later).

Once the domain controller clock is corrected, that will eventually propagate across your domain.

Keep in mind everything I described above is the default behaviour of the Windows Time Service. It can be configured via Group Policy, Command Line, or registry settings to behave quite differently.

http://blogs.msdn.com/b/w32time/archive/2007/09/04/keeping-the-domain-on-time.aspx

http://support.microsoft.com/kb/223184


It is always using the hardware clock. The default for a DC is to check its time against the external time server. At that time it will make a correction, if necessary. If it can't reach any of the defined external time servers it will just keep on with its own clock.

The clients will check with the DC to correct their time. So without an external source, they time will still be consistent with each other, even if it's off from the actual time.

Related

Why does Chrome on 1 computer say my certificate is invalid/insecure? [duplicate]
Is there a graceful way to pick up new changes in sendmail?
OOM invoked with plenty of free swap
Is it safe to store a swap-file on the Temporary Disk on Azure?
SSL Certificate on Load balancer or server
OpenVPN - how to stop public traffic routing through vpn server?
How to search for all junction links in a given directories and its subdirectories
How to setup Windows 7 firewall to work like a normal personal firewall?
Enable AAM on Western Digital Hard Drive
How do I change the space I allocated to my virtual hard drive in VirtualBox?
Can't add new items to Windows 7 "new" context menu
CD/DVD not working after upgrade to Windows 10