ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Best Practice for Time Sync for Active Directory Domain Controllers

    Scheduled Pinned Locked Moved IT Discussion
    windowsactive directoryntpsntp
    41 Posts 5 Posters 12.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said:

      @Dashrender said:

      OK tried a

       w32tm /resync
      

      and got back

       The computer did not resync because no time data was available.
      

      What time source do you have set? w32tm requires an SNTP source to sync to, what SNTP server do you have it talking to?

      I don't, it's currently pulling from

       Local CMOS Clock
      
      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @Dashrender said:

        OK, I have VM Tools running - do I just wait and see?

        There is no sync involved. You are mixing the concepts of NTP/SNTP with a source server and actually controlling the system's clock.

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said:

          @scottalanmiller said:

          @Dashrender said:

          OK tried a

           w32tm /resync
          

          and got back

           The computer did not resync because no time data was available.
          

          What time source do you have set? w32tm requires an SNTP source to sync to, what SNTP server do you have it talking to?

          I don't, it's currently pulling from

           Local CMOS Clock
          

          Right, which is unrelated to time syncing.

          1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            I'm lost
            I said I did this.

            @Dashrender said:

            My current PDC emulator is set to pull time from the BIOS clock

             C:\Windows\system32>w32tm /query /source
             Local CMOS Clock
            

            This hasn't been an issue for years, yet someone called this morning and reported that the phones and the computers didn't match timewise, so I'm looking into it.

            So my PDC emulator is pulling time from CMOS. If CMOS changes, won't the OS change too?

            1 Reply Last reply Reply Quote 0
            • DashrenderD
              Dashrender
              last edited by

              Shouldn't this be in IT discussions? It's technical in nature.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender
                last edited by

                I guess my desire here was to have the ESXi host be the main source for time inside my network. It of course would pull time from the internet.

                It sounds like this isn't going to work. So instead I have to have my PDC emulator pull it's own time from the internet, and the VM Hosts will have to be managed separately.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender
                  last edited by

                  Here's the command to set your PDC emulator to sync with a time source

                    w32tm /config /manualpeerlist: peers /syncfromflags:manual /reliable:yes /update 
                  

                  Replace peers with your FQDN or IP of the desired time servers.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @Dashrender said:

                    Shouldn't this be in IT discussions? It's technical in nature.

                    Hmmm... I didn't choose the category, it just did it.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @Dashrender said:

                      I guess my desire here was to have the ESXi host be the main source for time inside my network. It of course would pull time from the internet.

                      It sounds like this isn't going to work. So instead I have to have my PDC emulator pull it's own time from the internet, and the VM Hosts will have to be managed separately.

                      ESXi can pull time from the Internet. If it is correct and the DC is getting its time from the ESXi clock then the ESXi is setting the DC which, in turn, uses SNTP to talk to the rest of the network.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        Here is vmware's older paper on how they recommend that this be set up:

                        http://www.vmware.com/files/pdf/Virtualizing_Windows_Active_Directory.pdf

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller
                          last edited by

                          Here is a more recent one:

                          http://www.vmware.com/files/pdf/solutions/Virtualizing-Active-Directory-Domain-Services-on-VMware-vSphere.pdf

                          1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            VMware definitely recommends that you use an external time source to control drift, not using the ESXi virtualized clock.

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • dafyreD
                              dafyre
                              last edited by

                              I would set ESXi host to use $external_NTP... and then point the DCs to $external_NTP and then all of the clients will magically sync with DCs.

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • J
                                Jason Banned
                                last edited by

                                You set your PDC Emulator to pull from a reliable NTP server then the rest will sync from that ex:

                                w32tm.exe /config /manualpeerlist:”0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org” /syncfromflags:manual /reliable:YES /update

                                1 Reply Last reply Reply Quote 1
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  I just heard to the tune of "Free your mind, and the rest will follow..." in my head:

                                  Sync your time, and the rest will follow...

                                  1 Reply Last reply Reply Quote 1
                                  • DashrenderD
                                    Dashrender
                                    last edited by

                                    Alright - I read through the document that Scott provided about VMWare and time syncing.

                                    The reason VMWare wasn't changing my PDC emulator's clock was that time syncing between ESXi and the VM was disabled (default behavior).

                                    Edit the VM session, Click on the Options tab, click on VMware Tools and you'll see these two check boxes at the bottom on the right.

                                    time-vmware.JPG

                                    Make your desired choices, save and you're good.

                                    1 Reply Last reply Reply Quote 1
                                    • DashrenderD
                                      Dashrender @scottalanmiller
                                      last edited by

                                      @scottalanmiller said:

                                      VMware definitely recommends that you use an external time source to control drift, not using the ESXi virtualized clock.

                                      I wouldn't ever rely solely on their virtual clock, I'd definitely like ESXi itself to be syncing to something.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender @dafyre
                                        last edited by

                                        @dafyre said:

                                        I would set ESXi host to use $external_NTP... and then point the DCs to $external_NTP and then all of the clients will magically sync with DCs.

                                        With concerns about Windows and Time, the only server that you should have syncing with an outside source is the PDC emulator. All other domain devices will sync from that machine.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                                        • scottalanmillerS
                                          scottalanmiller @Dashrender
                                          last edited by

                                          @Dashrender said:

                                          @scottalanmiller said:

                                          VMware definitely recommends that you use an external time source to control drift, not using the ESXi virtualized clock.

                                          I wouldn't ever rely solely on their virtual clock, I'd definitely like ESXi itself to be syncing to something.

                                          Of course, no clock anywhere just relies on itself!

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @Dashrender
                                            last edited by

                                            @Dashrender said:

                                            @dafyre said:

                                            I would set ESXi host to use $external_NTP... and then point the DCs to $external_NTP and then all of the clients will magically sync with DCs.

                                            With concerns about Windows and Time, the only server that you should have syncing with an outside source is the PDC emulator. All other domain devices will sync from that machine.

                                            Only if the PDC emulator is using NTP. If it is using the local clock then the hypervisor has to fulfill that role.

                                            DashrenderD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 2 / 3
                                            • First post
                                              Last post