VMware Cloud Community
COS
Expert
Expert

Time sync: Which takes precedence?

When you set a VM property to "Synchronize guest time with host" and it's a VM that is joined to an AD Domain, which setting takes precedence? The VM setting or the built in policy when joined to a domain that forces time synch?

My thought is the Domain policy does but that's just my SWAG.

Thanks

Reply
0 Kudos
3 Replies
grasshopper
Virtuoso
Virtuoso

Best practice is to uncheck the tick box for "Synchronize guest time with host".  Having that box checked and using time sync from the domain hierarchy could lead to undesirable results.  Choose one or the other.  Also keep in mind that even when the box is unchecked, the VM will still set the GOS time to that of the underlying ESXi host under certain conditions (suspend, snapshot, vMotion, etc.).  As such, ensure that the ESXi hosts have healthy NTP configurations.

Reply
0 Kudos
Borja_Mari
Virtuoso
Virtuoso

Hello,

I would like to recommend you to check carefully this vmware's kb:

VMware KB: Timekeeping best practices for Windows, including NTP

Smiley Wink

Best regards,

Pablo

------------------------------------------------------------------------------------------------- PLEASE CONSIDER AWARDING any HELPFUL or CORRECT reply. Thanks!! Por favor CONSIDERA PREMIAR cualquier respuesta ÚTIL o CORRECTA . ¡¡Muchas gracias!! VCP3, VCP4, VCP5-DCV (VCP550), vExpert 2010, 2014 BLOG: http://communities.vmware.com/blogs/VirtuallyAnITNoob
Reply
0 Kudos
CedricAnto
VMware Employee
VMware Employee

>> Best practice is to uncheck the tick box for "Synchronize guest time with host".  Having that box checked and using time sync from the domain hierarchy could lead to undesirable results.  Choose one or the other.  Also keep in mind that even when the box is unchecked, the VM will still set the GOS time to that of the underlying ESXi host under certain conditions (suspend, snapshot, vMotion, etc.).  As such, ensure that the ESXi hosts have healthy NTP configurations.

I slightly differ from this opinion.

Note : Particularly if you have virtualized your Active Directory(or any application that is time sensitive), the above steps are an absolute must, failing to do so may cause all of your authentication to fail when the AD VM has incorrect time.

Cedric http://in.linkedin.com/in/cedricrajendran/ http://virtualknightz.com/
Reply
0 Kudos