Posey's Tips & Tricks

How To Fix Hyper-V Clock Skew Issues

A few minutes of clock skew might seem like a non-issue, but don't be fooled. There are multiple scenarios where having differing clocks could wreak minor havoc. Here's how to address the problem.

One of the issues that I have occasionally struggled with in Hyper-V is that of time synchronization. Right now, for example, the time on my Windows 10 desktop that I am using to write this article is 9:37 p.m. However, the Hyper-V host that I am watching on another monitor is displaying a time of 9:33 p.m.

On the surface, a few minutes of clock skew might seem like a non-issue. However, there are several reasons why the differing clocks are problematic.

One such reason is that the Kerberos protocol, which is heavily used by the Windows operating system, is time-sensitive. If two systems' clocks are more than a few minutes out of sync with one another, it can cause Kerberos to stop working.

Another reason why clock skew is such a big deal is because multi-tier applications often span multiple Hyper-V hosts. A database server might, for instance, reside on one host, while a Web front end exists on another host, possibly even within a different host cluster.

Finally, imagine what would happen if a Hyper-V virtual machine (VM) were to be live-migrated to a different host with a slower clock. Can you imagine the confusion within the event logs if the time suddenly seemed to run backward?

So if the clocks are out of sync across your Hyper-V environment, how can you fix the problem? I recommend that you get started by checking the state of the Hyper-V Integration Services on your VMs.

If you look at Figure 1, you will notice that the Hyper-V Integration Services are made up of several individual services, one of which is Time Synchronization. Unless you have a compelling reason to disable this service, it should always be enabled. When the Time Synchronization service is enabled for a VM, the VM's clock will match that of its host server.

[Click on image for larger view.] Figure 1: The Time Synchronization service is one of several Hyper-V Integration Services.

The easiest way to find out if the Time Synchronization service is enabled for all your VMs is to use PowerShell. The command below is an example of how you can check the time synchronization status for the VMs on the current host:

Get-VMIntegrationService -VMName * | Where {$_.Name -eq 'Time Synchronization'} | Select-Object VMName, Name, Enabled
[Click on image for larger view.] Figure 2: This is what it looks like when you run the command shown above.

So that addresses the issue of making sure that VMs are in sync with their respective hosts. But what about making sure that the hosts are in sync with one another?

To the best of my knowledge, there is no native PowerShell cmdlet that you can use for this purpose. If you look around on the Internet, there is a time-related PowerShell module available for download, and I also seem to recall someone creating a time sync function that could be embedded in a script. Even so, I don't recommend using these in a production environment. From what I have heard, the module and some of the various scripts are temperamental and may or may not work. Admittedly, I have never used them myself, so all I have to go on is hearsay.

The reason why I have not delved into these particular options is because there is an easier way to fix the problem. Microsoft provides a downloadable wizard that you can use to automatically configure the Windows Time Service (which is different from the Hyper-V Time Synchronization service). This same Web site also lists some registry tweaks that you can use to manually configure your domain controllers to synchronize their clocks to an external time server.

Sometimes, getting your clocks back in sync is as simple as restarting the Windows Time Service and issuing a re-synchronization command. This is simple to do, and you can do it from the Windows Command Prompt. Here are the commands:

Net Stop W32Time
Net Start W32Time
W32tm /resync /force

If you look at Figure 3, you can see what it looks like when I run these commands on a Hyper-V host. Incidentally, you can access the Windows Command Prompt window by entering the CMD command at the server's Run prompt.

Figure 3: You can initiate a clock re-synchronization by running these commands from an elevated command prompt.

In my experience, there is no one single technique that fixes clock sync problems every time. I have found that I usually have to experiment with a few different techniques until I find one that gets the job done.

About the Author

Brien Posey is a 22-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.


comments powered by Disqus

Subscribe on YouTube