We've had some nasty time sync problems on our Windows Server 2008 R2 servers lately.
I traced this back to something very simple: the Windows Time Service was not started! The time can't possibly sync via NTP when the time service isn't running...
The Windows Time Service was set to start "automatically" in the services control panel, which I double and triple checked. I also checked the event logs and I didn't see any service failures or anything like that. In fact, it looked a heck of a lot like the Windows Time Service never started up automatically after the weekly Windows Updates were installed and the servers were rebooted. (this is set to happen every Saturday at 7 PM.)
The minute I started the Time Service, the time synced fine.
So, then, the question: why would a service set to start "Automatically" ... not be started automatically? That seems sort of crazy to me.
W32time will not start automatically if the PC is not in a domain. Damn Microsoft!
Try to run this:
sc triggerinfo w32time start/networkon stop/networkoff
One possible explanation, from this thread:
Since Windows Server 2008 R2 and Windows 7 do share the same kernel, I wonder if the resolution is the same?
They recommend setting the service to automatic/delayed start to fix this.
I still maintain it's downright insane that a service set to automatic wouldn't be started ... and I don't fully understand the semantic difference between a delayed auto-start and an auto-start, but if it works, I guess I won't complain.
Unfortunately with windows time you have manually turn on logging.
There is no good answer to "what would cause a service to not start automatically." The only real reason is that a dependency did not start correctly, or there was some sort of crash in the service when it started. And without logs, well your guess is as good as ours.
I would suggest turning on windows time logging for the next couple of patch cycles. If the service comes up you're all good, if it doesn't you have something to work from.
Just as a note, I have seen more than once services decide to just not start for no good reason after a patch, but work just fine after that first reboot.
Started to write a comment, then ran out of space.
You would actually get some information from this log.
If there is no log at all, it's not even trying to start. And you can start researching from there, every little scrap of info helps on these types of problems.
Since it's a debug log you are turning on with the above link you should get something if it tries to start. You'll at least have a better idea of why it is failing to start successfully.
You've discovered one of the great pains of being a sysadmin: You need logs to tell you where to start looking, but the service isn't getting to a point that it can generate logs. A classic chicken and the egg problem.
Thanks, i have set some services that weren't starting on Windows Server 2016 to delayed and it worked, but, i couldn't do that for the antivirus service, as it's protected from modification.
However, i found this work-around, which worked, even if it was for 2008 R2: https://support.microsoft.com/en-us/help/922918/a-service-does-not-start-and-events-7000-and-7011-are-logged-in-windows-server-2003-windows-server-2008-and-windows-server-2008-r2
Probably that will make any service start, without setting them to delayed start. It worked for the antivirus, that's for sure.
I'll paste the most useful part of the work-around here:
To work around this problem, modify the registry to increase the default time-out value for the service control manager. To increase this value to 60 seconds, follow these steps: