Best Practice for Time Sync for Active Directory Domain Controllers
-
I'm going to turn this into its own topic.
-
-
I looked at the settings in ESXi, it was not set to pull time from an external source. I have corrected that, and enabled NTP.
ESXi is now correct on it's time, now to force the PDC emulator to sync.. and eventually all windows clients will sync as well.
-
OK tried a
w32tm /resyncand got back
The computer did not resync because no time data was available. -
@Dashrender said:
OK tried a
w32tm /resyncand got back
The computer did not resync because no time data was available.If I remember correctly it actually uses VMWare tools to do the syncing between the computers and the hypervisor.
-
@coliver said:
@Dashrender said:
OK tried a
w32tm /resyncand got back
The computer did not resync because no time data was available.If I remember correctly it actually uses VMWare tools to do the syncing between the computers and the hypervisor.
It you are on VMware ESXi, then the VMware tools are the only possible mechanism for that.
-
OK, I have VM Tools running - do I just wait and see?
-
@Dashrender said:
OK tried a
w32tm /resyncand got back
The computer did not resync because no time data was available.What time source do you have set? w32tm requires an SNTP source to sync to, what SNTP server do you have it talking to?
-
@scottalanmiller said:
@Dashrender said:
OK tried a
w32tm /resyncand got back
The computer did not resync because no time data was available.What time source do you have set? w32tm requires an SNTP source to sync to, what SNTP server do you have it talking to?
I don't, it's currently pulling from
Local CMOS Clock -
@Dashrender said:
OK, I have VM Tools running - do I just wait and see?
There is no sync involved. You are mixing the concepts of NTP/SNTP with a source server and actually controlling the system's clock.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
OK tried a
w32tm /resyncand got back
The computer did not resync because no time data was available.What time source do you have set? w32tm requires an SNTP source to sync to, what SNTP server do you have it talking to?
I don't, it's currently pulling from
Local CMOS ClockRight, which is unrelated to time syncing.
-
I'm lost
I said I did this.@Dashrender said:
My current PDC emulator is set to pull time from the BIOS clock
C:\Windows\system32>w32tm /query /source Local CMOS ClockThis hasn't been an issue for years, yet someone called this morning and reported that the phones and the computers didn't match timewise, so I'm looking into it.
So my PDC emulator is pulling time from CMOS. If CMOS changes, won't the OS change too?
-
Shouldn't this be in IT discussions? It's technical in nature.
-
I guess my desire here was to have the ESXi host be the main source for time inside my network. It of course would pull time from the internet.
It sounds like this isn't going to work. So instead I have to have my PDC emulator pull it's own time from the internet, and the VM Hosts will have to be managed separately.
-
Here's the command to set your PDC emulator to sync with a time source
w32tm /config /manualpeerlist: peers /syncfromflags:manual /reliable:yes /updateReplace peers with your FQDN or IP of the desired time servers.
-
@Dashrender said:
Shouldn't this be in IT discussions? It's technical in nature.
Hmmm... I didn't choose the category, it just did it.
-
@Dashrender said:
I guess my desire here was to have the ESXi host be the main source for time inside my network. It of course would pull time from the internet.
It sounds like this isn't going to work. So instead I have to have my PDC emulator pull it's own time from the internet, and the VM Hosts will have to be managed separately.
ESXi can pull time from the Internet. If it is correct and the DC is getting its time from the ESXi clock then the ESXi is setting the DC which, in turn, uses SNTP to talk to the rest of the network.
-
Here is vmware's older paper on how they recommend that this be set up:
http://www.vmware.com/files/pdf/Virtualizing_Windows_Active_Directory.pdf
-
-
VMware definitely recommends that you use an external time source to control drift, not using the ESXi virtualized clock.
