Domain Controller STS time guessing OFF

Domain Controllers may use the time field in SSL connections to guess at the time when other time sources are unavailable. OpenSSL puts random values in this field.

Steve Gibson from SecurityNow podcast talks about this here at time marker 2 hours

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
“UtilizeSslTimeData”=dword:00000000

I’ll put this here for reference

w32tm /config /manualpeerlist:ca.pool.ntp.org

w32tm /config /manualpeerlist:us.pool.ntp.org

w32tm /query /status

w32tm /resync