TOTD: DC is not advertising as a time server

#Hello, guys! 
#Here is a new tip of the day (TOTD). 
#Today we discuss how to fix the most common warning which you may receive on DCs

#You run dcdiag on your DC and receives warning "..is not advertising as a time server"

dcdiag /q
Warning: nameofdc is not advertising as a time server.
......................... nameofdc failed test Advertising

#The main time source in domain is DC with PDC role . Run the following command to query FSMO owners:

netdom query fsmo

#On your PDC you have to set up w32tm with external (generally) or internal time source. for example, pool.ntp.org

w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:manual /reliable:yes /update

#On your additional DCs run
w32tm /config /syncfromflags:domhier /update

#Restart w32time service on each DC
net stop w32time
net start w32time

#Update w32tm config
w32tm /config /update

#Resync time
w32tm /resync

#Re-run dcdiag
dcdiag /q /s:yourDCname

Time Synchronization in an AD DS Hierarchy

pdc

Links:

https://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx

Protected Network|Powershell

Hi, folks!

Protected Network is turned on by default for every VMs in 2012 R2. To control this option you can use GUI and Powershell.

It’s very simple to find “switch” in GUI,

hv_protected_1

but you may be a little bit confused during searching “protected network” value in powershell.

For example,

PS C:\Windows\system32> Get-VM -VMName SC_VMMR2|Get-VMNetworkAdapter|fl *


IovWeight                : 0
IovQueuePairsRequested   : 1
IovQueuePairsAssigned    :
IovInterruptModeration   : Default
IovUsage                 :
ClusterMonitored         : True
VirtualFunction          :
IsLegacy                 : False
IsManagementOs           : False
IsExternalAdapter        : False
Id                       : Microsoft:1A5B79A6-EDCA-47A0-B023-E21139DFDB96\AE7DB00D-E40F-4FE2-ABA3-C57C1EB7A081
AdapterId                :
DynamicMacAddressEnabled : True
MacAddress               : 00155D191E06
MacAddressSpoofing       : Off
SwitchId                 :
Connected                : False
PoolName                 : Primordial
SwitchName               :
AclList                  : {}
ExtendedAclList          : {}
IsolationSetting         : Microsoft.HyperV.PowerShell.VMNetworkAdapterIsolationSetting
CurrentIsolationMode     : Vlan
RoutingDomainList        : {}
DhcpGuard                : Off
RouterGuard              : Off
PortMirroringMode        : None
IeeePriorityTag          : Off
VirtualSubnetId          : 0
DynamicIPAddressLimit    : 0
StormLimit               : 0
AllowTeaming             : Off
VMQWeight                : 100
IPsecOffloadMaxSA        : 512
VmqUsage                 :
IPsecOffloadSAUsage      :
VFDataPathActive         : False
VMQueue                  :
MandatoryFeatureId       : {}
MandatoryFeatureName     : {}
VlanSetting              : Microsoft.HyperV.PowerShell.VMNetworkAdapterVlanSetting
BandwidthSetting         :
BandwidthPercentage      : 0
TestReplicaPoolName      :
TestReplicaSwitchName    :
StatusDescription        :
Status                   :
IPAddresses              : {}
ComputerName             : HV01
Name                     : Network Adapter
IsDeleted                : False
VMId                     : 1a5b79a6-edca-47a0-b023-e21139dfdb96
VMName                   : SC_VMMR2
VMSnapshotId             : 00000000-0000-0000-0000-000000000000
VMSnapshotName           :
Key                      :

Err..where is the value for Protected Network?Улыбка

Ok. Let’s begin from what is really protected network (PN). PN adds to Hyper-V  Cluster an ability to monitor a network health for every vNICs and moves VMs to another Hyper-V node if a network disconnection is detected. = it’s a really cluster monitoring option.

To change settings of vNICs we have to use Set-VMNetworkAdapter cmdlet:

I’m dummy and want to get some help:

Get-Help Set-VMNetworkAdapter -Detailed

..

 -NotMonitoredInCluster <bool>

..

hmm..is it what we are looking for?

Let’s try to apply some changes.

Get-VM -VMName SC_VMMR2|Set-VMNetworkAdapter -NotMonitoredInCluster $True

Get-VM -VMName SC_VMMR2| Get-VMNetworkAdapter|fl *

..
ClusterMonitored         : False
..

Check in GUI:

hv_protected_2

And finally we found what we wanted.

Sometimes (err..I mean always) we need to really understand what this feature provides and how it works.

Links:

http://blogs.msdn.com/b/virtual_pc_guy/archive/2014/03/11/protected-networks-in-windows-server-2012-r2.aspx