VMware Cloud Community
projectja
Contributor
Contributor
‎07-22-2012 01:21 PM
Jump to solution

VMWARE time sync - AD sync

Hi,

I'm looking for information to this topic I'm proposing now. To be honest, there is a lot information, however I am worried about what happen from a practical point of view when configuring Sync time.

We have. Virtual center, three hosts in the cluster, vmotion, HA, etc.

All vm running Windows 2008 guess os. There is windows 2008 AD.

Currently Time sync on ESX host is disabled. No time sync settings at this moment.

Active directory has the PDC emulator pointing to external reliable server time. It supposed all servers will sync with the DC and all DC with the PDC emultator.

I have checked VMWARE tools sync configuration (by using the configuration tab in VMWARE TOOLSs).

In our company, Time is critical for DATABASE, etc.  There are Oracle, SQl server, etc, so TIME is high critical.

I'd like to know you opinion and point of view with regard your experience. I know there is theory and I am reading this official theory but just now

I want to know your opinion, expert opinion.

- Our environment,  NO unix,  NOT workstation. Only windows 2008 sservers.

- supposed all computers are Windows 2008 syncronized with External sources of time, do you consider it would be necessary to syncro ESX HOST timee pointing to external source of time ?  is it recommended ESX syncro time (client NTP) disabled as by default configuration?

In my current configuration is disabled.

- Is it possible to syncro the ESX time to external time source. would it be necessary with all Windows VM syncronized through the PDC emulator?

- Is it necessary to point ESX host to AD domain controller for time sync?  In my opinion It would be not necessary.

- I think vwmare tools syncro is disabled by default. I think there is not additional configuration to change, isn't it?

- any additional consideration attending to you exprience?

I will thanks any advice.

0 Kudos
1 Solution

Accepted Solutions
UmeshAhuja
Commander
Commander
‎07-22-2012 02:06 PM
Jump to solution

Hi,

Yes you can sync it with the AD controller for time sync.

Points to be checked.

1) You have disable VM time sync with Syncronize guest time with host.

2) You have made Host time configuration setting with proper AD ip address that you want to match

3) You have made additional configuration (mention below) for each VM's after disabling the Syncronize guest time with host

Disabling Time Synchronization :-  Select the virtual machine in the VMware Infrastructure Client inventory. On the Summary tab, click Edit Settings, then click the Options tab and select General (under Advanced). Click Configuration Parameters, then click Add Row and add this information:

tools.syncTime = "0"
time.synchronize.continue = "0"
time.synchronize.restore = "0"
time.synchronize.resume.disk = "0"
time.synchronize.shrink = "0"
time.synchronize.tools.startup = "0"
time.synchronize.tools.enable = "0"
time.synchronize.resume.host = "0"

4) Make sure you have set your windows time with external ntp server for Win 2008 R2

1.First, locate your PDC Server. Open the command prompt and type: C:\>netdom /query fsmo
2.Log in to your PDC Server and open the command prompt.
3.Stop the W32Time service: C:\>net stop w32time
4.Configure the external time sources, type: C:\> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org,  1.pool.ntp.org, 2.pool.ntp.org”
5.Make your PDC a reliable time source for the clients. Type: C:\>w32tm /config /reliable:yes
6.Start the w32time service: C:\>net start w32time
7.The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:\>w32tm /query /configuration
8.Check the Event Viewer for any errors.

Thanks n Regards
Umesh Ahuja

If your query resolved then please consider awarding points by correct or helpful marking.

View solution in original post

0 Kudos
3 Replies
a_p_
Leadership
Leadership
‎07-22-2012 01:31 PM
Jump to solution

If the correct time is critical, you should synchronize the hosts with either the same NTP source as the DC or with the DC itself, provided the DC is not running as a VM on the ESXi hosts! Although Windows systems in a domain are synchronized with the DC's by default, there are situations where the VMs may synchronize time with the ESXi host (see http://kb.vmware.com/kb/1189).

Btw. time synchronization in VMware Tools is off by default, which is the recommended setting for domain members.

André

UmeshAhuja
Commander
Commander
‎07-22-2012 02:06 PM
Jump to solution

Hi,

Yes you can sync it with the AD controller for time sync.

Points to be checked.

1) You have disable VM time sync with Syncronize guest time with host.

2) You have made Host time configuration setting with proper AD ip address that you want to match

3) You have made additional configuration (mention below) for each VM's after disabling the Syncronize guest time with host

Disabling Time Synchronization :-  Select the virtual machine in the VMware Infrastructure Client inventory. On the Summary tab, click Edit Settings, then click the Options tab and select General (under Advanced). Click Configuration Parameters, then click Add Row and add this information:

tools.syncTime = "0"
time.synchronize.continue = "0"
time.synchronize.restore = "0"
time.synchronize.resume.disk = "0"
time.synchronize.shrink = "0"
time.synchronize.tools.startup = "0"
time.synchronize.tools.enable = "0"
time.synchronize.resume.host = "0"

4) Make sure you have set your windows time with external ntp server for Win 2008 R2

1.First, locate your PDC Server. Open the command prompt and type: C:\>netdom /query fsmo
2.Log in to your PDC Server and open the command prompt.
3.Stop the W32Time service: C:\>net stop w32time
4.Configure the external time sources, type: C:\> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org,  1.pool.ntp.org, 2.pool.ntp.org”
5.Make your PDC a reliable time source for the clients. Type: C:\>w32tm /config /reliable:yes
6.Start the w32time service: C:\>net start w32time
7.The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:\>w32tm /query /configuration
8.Check the Event Viewer for any errors.

Thanks n Regards
Umesh Ahuja

If your query resolved then please consider awarding points by correct or helpful marking.
0 Kudos
projectja
Contributor
Contributor
‎08-02-2012 02:10 AM
Jump to solution

Thank you very much to both of you.

Yeah, I have configured our environment as follow;

-ESXi Servers pointing to external reliable time source.

-Domain controller PDC emulator pointing to the same external reliable time source.

-Disable in vmware tools syncro options -by default disabled- but iit is a good option to disable the others options such as you have

indicated. It seems, sometimes, when some events take place with hypervisor, the vms try to syncro with the host although syncro function is disabled in vmware tools. For that reason it is a good option to apply configuration by using those parameters.

you indicated.

Any comment will be welcome.

Now, my environment is configured with your help.

0 Kudos