humanxbox
Contributor
Contributor

How to configure ESX server for time sync with Windows Active Directory ??

Hi,

I have ESX server 3.0.1 installed. How can i configure esx server to get the correct time and date (sync) from the Active directory domain (2000 and 2003)

any doc available already for this ? I have already the "installing and configuring NTP on VMWARE ESX server" doc but this only describes how to configure sync time y date with NTP servers on the Internet

please help

thanks :smileyblush:

0 Kudos
8 Replies
Rajeev_S
Expert
Expert

Hi,

Check the following link for the procedure ,

Hope this helps Smiley Happy

0 Kudos
AWo
Immortal
Immortal

Add your Windows DC (preferred: PDC Emulator FSMO) to the NTP configuration file "/etc/ntp.conf" by adding the line

server

Start the ntp daemon and add it to runlevel 3 by adding a link to the ntp startscript in "/etc/rc3.d" by using:

ln -s /etc/init.d/ntpd /etc/rc3.d/S92ntp

AWo

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
0 Kudos
humanxbox
Contributor
Contributor

Rajeev S

You provide me a link that points to a document that i already have. but in this document there is nothing about how to config esx server to get it´s time and date from and active directoy domain controller.

please could you provide me link to a doc for this procedure??

thanks

0 Kudos
Rajeev_S
Expert
Expert

Check the below thread,

http://communities.vmware.com/message/660725

Hope this helps Smiley Happy

0 Kudos
jhanekom
Virtuoso
Virtuoso

job77, I think the piece of the puzzle you're missing is that Windows Server 2003 systems uses SNTP (a "lite" version of NTP) to synchronise time amongst themselves.

If you point your ESX servers at your Windows domain controllers as suggested, they should happily synchronise with them.

It will be a good idea to properly configure your Domain's PDC emulator to synchronise with one or more external sources, however. I've seen cases where ESX refused to synchronise if the host it's getting its time from reports that it's unsure whether it's time is good or not.

0 Kudos
AWo
Immortal
Immortal

This gives a good picture of time synchronization within AD and the difference between NTP and SNTP: http://technet2.microsoft.com/WindowsServer/en/library/71e76587-28f4-4272-a3d7-7f44ca50c0181033.mspx...

By default the PDC Emulator of the first domain is the highest time source in the hierarchy, and thereby considered as reliable (but you can set this flag manually per server).

AWo

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
0 Kudos
jhanekom
Virtuoso
Virtuoso

Thanks Andreas - that's an excellent resource on Windows time. I hadn't realised that W2K3 now uses full-blown NTP.

Regarding PDC emulators and stratums: this is probably a side-effect of SNTP in Windows 2000, but I recently realised with a shock that all Windows 2000 servers, regardless of where they synchronise their time from, report their stratum as stratum-2. This can seriously mess up ESX time synchronisation if you're trying to improve accuracy and redundancy by synchronising from multiple sources.

This problem does not apply to Windows Server 2003, presumably because it uses full-blown NTP.

0 Kudos
AWo
Immortal
Immortal

I guess the stratum is not relevant from the Windows perspective, they use the domain hierarchy and their own point system to determine what's a good time source. There's also a document outside how to configure an authoritive time source within Windows.

AWo

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
0 Kudos