Domain Controller STS time guessing OFF
Domain Controllers may use the time field in SSL connections to guess at the time when other time sources are unavailable. OpenSSL puts random values in this field.
Steve Gibson from SecurityNow podcast talks about this here at time marker 2 hours
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
“UtilizeSslTimeData”=dword:00000000
I’ll put this here for reference
w32tm /config /manualpeerlist:ca.pool.ntp.org
w32tm /config /manualpeerlist:us.pool.ntp.org
w32tm /query /status
w32tm /resync