TFS authentication and time synchronization

Since, it's my first post I thought that I should start with something simple yet very frustrating. For about a week we had a problem with our TFS server. Occasionally users were not able to login to TFS server using Team Explorer for no apparent reason. After numerous attempts to find the cause of all this problems, the solution turned out to be pretty simple. There was a time synchronization problem between TFS server and Time Server on the network (which in our case was one of domain controllers).

To resolve I have set up TFS server to sync time with the domain controller and set a domain controller to sync time with one of the public time servers on the Internet. To me, it's always better to have all your servers to synchronize their time settings with one of the internal server and only that internal server would synchronize with external time servers, instead of all servers synchronizing with external servers. Here is how it can be done:

ON TFS SERVER:

  1. Make sure that you have Windows Time service running and set to Automatic start-up on TFS Server
  2. To check whether your time service is set, type NET TIME in Command Prompt:
    net time /domain:DOMAINNAME
  3. If no time servers have been set, use NET TIME command to set up the time server:
    net time /setsntp:DOMAINCONTROLLER

ON DOMAIN CONTROLLER:

  1. Make sure that you have Windows Time service running and set to Automatic start-up on Domain Controller
  2. To check whether your time service is set, type NET TIME in Command Prompt:
    net time /domain:DOMAINNAME
  3. If no time servers have been set, use NET TIME command to set up the time server for Domain Controller:
    net time /setsntp:PUBLICTIMESERVER
    For the list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet go to http://support.microsoft.com/default.aspx/kb/262680

After I have set up the time synchronization, our TFS server has been running smoothly ever since (knocking-on-the-wood)...