AD time is 1 hour behind this morning - what will break when I fix it?
Noticed this morning that the time across my entire network is 1 hour behind. The clock on the FSMO DC has gotten behind somehow, and of course everything syncs with that by design.
Everything is working normally other than that, and I'm looking into why it has happened now, but my main concern is what could break if I resync the DCs now. I know AD replication relies on the time delta being less than 15 minutes, so I can sync those manually, but will the workstations carry on working while they catch up?
We have no 802.1x in operation so no worries there.
Situation so far:
- The FSMO DC syncs with time.windows.com and is set as the reliable time source for the AD. - CHECKED OK
- All other servers and workstations sync with the FSMO. - CHECKED OK
- Time sync between host and guests in Hyper-V is disabled for all DCs as per best practice - CHECKED OK
- Time zone is set correctly (to "(UTC) Dublin, Edinburgh, Lisbon, London") and daylight savings adjustments checked on the DCs and workstations.
- I have a couple of errors on the FSMO for Time-Service from yesterday morning at about 3am saying that time.windows.com was unreachable, but no other fault since.
Time Provider NtpClient: No valid response has been received from manually configured peer time.windows.com after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.
- All DCs and Hyper-V hosts were rebooted to install updates yesterday morning (Monday) at about 3am, as per their scheduled update settings. I have a sneaking suspicion that whatever happened, happened then, but I'm not sure exactly what.