When you set up a domain controller in VMWare and join machines to it, you will typically need to set an external NTP server for it to communicate with as it will, over time become 1,2,3,4,5 minutes off. I’ve seen this numerous times. There are a few other methods to resolve this, but this is my preferred. (The immediate install won’t have this problem, it will probably crop up about 5 months down the line).
- Make sure you are setting this on the domain controller with the FSMO roles.
netdom /query fsmo
- Stop the time service (you will usually get the best results this way)
net stop w32time
- Set the time sources you will use. This site has an excellent list. https://tf.nist.gov/tf-cgi/servers.cgi
w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov
Set your domain controller as a reliable time source for clients connecting.
w32tm /config /reliable:yes
- Start the time service back up
net start w32time
- Force a time update
w32tm /query /configuration
- Verify your work
w32tm /query /status
This was used on Windows Server 2019 and should work on 2016 as well. Older versions I haven’t used this exact process on.