Time drift between a client machine and the Domain Controller can cause "Trust relationship failed" errors, Kerberos authentication issues, and other domain-related problems. This forces an immediate resynchronization.

The Fix

w32tm /config /syncfromflags:manual /manualpeerlist:"<DomainControllerName>,0x8" /reliable:yes /update
net stop w32time
net start w32time
w32tm /resync /rediscover

Why it works

  • These commands reconfigure the Windows Time service to explicitly synchronize with a specified Domain Controller (using manualpeerlist), restart the service, and then force an immediate resync.

Verify

w32tm /query /status
  • Look for Source showing your Domain Controller and Last Successful Sync Time showing a recent timestamp.

Notes

  • Replace <DomainControllerName> with the actual name of your Domain Controller (e.g., dc1.yourdomain.local).
  • Requires Administrator privileges.
  • For domain-joined clients, they should automatically sync with the DC, but this forces it.

Techworks Blog