SirOracle
Contributor
Contributor

Timekeeping best practices with Windows on ESXi4

Jump to solution

Is there a de facto standard to how timekeeping is configured in Windows in a VMware environment? Is the traditional method of having a domain controller synchronized against an external source and all other internal servers/clients synchronized against that domain controller the most used method? Or is it better to keep the hosts synchronized against an external source with NTP and configure all VMs to synchronize against the host with VMware Tools?

What are your thoughts on this?

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
ShaneWendel
Enthusiast
Enthusiast

If you have domain-joined VMs, then you want them to remain synchronized to your domain controllers, and therefore would not enable synchronization via Vmware Tools.

So:

  • ESX hosts and vCenter sync to an external source

  • virtual domain controllers sync to host or external source

  • domain-joined vms sync to DCs via normal Windows methods

-


Shane Wendel, VCP

----------------- Shane Wendel VCP: vSphere 4 VCP: VI3 http://fatalsync.wordpress.com

View solution in original post

0 Kudos
8 Replies
ShaneWendel
Enthusiast
Enthusiast

If you have domain-joined VMs, then you want them to remain synchronized to your domain controllers, and therefore would not enable synchronization via Vmware Tools.

So:

  • ESX hosts and vCenter sync to an external source

  • virtual domain controllers sync to host or external source

  • domain-joined vms sync to DCs via normal Windows methods

-


Shane Wendel, VCP

----------------- Shane Wendel VCP: vSphere 4 VCP: VI3 http://fatalsync.wordpress.com

View solution in original post

0 Kudos
s1xth
VMware Employee
VMware Employee

If you do searches on this, this topic has come up MANY times, with different answers, but in end the clear and concise method is what Shane said above. In my environment I have one physical domain controller that syncs to external source, and I have two virtual DC's syncing to that DC in the domain hierarchy method, as stated by MS, regardless if they are VM's. NEVER sync with VMware tools, any other joined servers that are virtual allow regular syncing via the domain which will the pdc time server which is also the FSMO role holder. I have this exact setup with no issues. Time is dead on across the board. Make sure on your pdc server you have your registry configured correctly for domain time sync to an external time source.

http://www.virtualizationimpact.com http://www.handsonvirtualization.com Twitter: @jfranconi
TomHowarth
Leadership
Leadership

ESX host to a NTP server, windows PDC Emulator to a NTP server, the rest of the Domain members get their time form the Domain Controllers

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth VCP / vExpert

VMware Communities User Moderator

Blog: www.planetvm.net

Contributing author for the upcoming book "[VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment|http://my.safaribooksonline.com/9780136083214]”. Currently available on roughcuts

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
Paul_N
Contributor
Contributor

OK, so when would you ever use the VMtools synch option?

0 Kudos
microkid
Hot Shot
Hot Shot

For non-domain Windows machines etc.

0 Kudos
SirOracle
Contributor
Contributor

I have used VMware Infrastructure 3 on a test lab for about a year now, and I had the settings as described here, with the DC sync to an external source and all servers sync to the DC. But the time on the servers just drifted apart and after reading about this problem I ended up setting the servers to sync through VMware Tools and it all worked fine. I am setting up ESXi4 on our production environment now and I just wanted to make sure I do this timekeeping right from the start.

I must admit that I am a bit skeptical, since this did not work very well in our test lab, but I will give it another try, since it works for every one else Smiley Wink

Thanks!!

0 Kudos
s1xth
VMware Employee
VMware Employee

Did you change the registry settings on the Pdc server to sync to an

external time source and force it? Also, did you make sure the other

dcs are set for nt5s or allsync?

Sent from my iPhone

On Jul 20, 2009, at 4:13 AM, SirOracle <communities-

http://www.virtualizationimpact.com http://www.handsonvirtualization.com Twitter: @jfranconi
0 Kudos
s1xth
VMware Employee
VMware Employee

http://timjacobs.blogspot.com/2007/11/virtualized-domain-controllers-time.html

The below half of this article explains the settings needed on the PDC server...use these and you will have no issues.

http://www.virtualizationimpact.com http://www.handsonvirtualization.com Twitter: @jfranconi
0 Kudos