Hi Thanks Mark,

The problem is we cancel the time sync between VM & ESXi host. And this happen to change the windows clock will crash our application running which relied on the correct time stamp. Now it is a big problem for us, ☹

This is from .VMX file:

svga.vramSize = "8388608"

tools.syncTime = "FALSE"

uuid.location = "56 4d f8 71 9d 4b 81 d9-2a f6 73 20 ba c7 df 9d"

cleanShutdown = "FALSE"

And the setting of VM as below:

Then you may have to resign yourself to the fact that your application is not suited to a virtualization environment as it will never be running 100% of the time (even for millisends at a time) and will always be playing catchup on the time

Hi, our application has 5 minutes range, but we don't know sometimes it changes 1 min but sometimes change 4 mins then we got problem. And this is not happen all the time.

Make sure to check the tools icon in the guest's tray to ensure the "time sync" box isn't checked.

I prefer to have the PDCe DC sync with the atomic clock in Colorado (but this could be any reliable time source you trust), and then all level 4 DCs (non PDCe basically) use domhier w32tm sync to that one. Non DCs sync to the level 4's.

domhier time sync is done in real time and uses a "drift" method to stripchart against other DCs and make fine tuned adjustments until the difference is within tolerance.

More details:

http://technet.microsoft.com/en-us/library/cc758905(WS.10).aspx

Thanks Chris,

Our DC & system is more like a stand-alone system means we don't have any internet or external network connection. The only connection is the time sync & service request to high level system. And our problem now more focus on why & which windows or ESXi service will jump up randomly to change the windows system time. It is quite risky in the system because we don't know when it will pop up & change the time out of range then crash the application. Thanks!

On your DC that is having the issue:

1. Determine what it is using as an ntp server.
2. From an admin command prompt, run
3. w32tm /stripchart /computer:<name of sync target>

This will tell you how far off it is from the ntp server.

If you don't know the ntp server or want to set it anyway, set a manual peer and disable domain hierarchy sync

1. open an admin command prompt
2. w32tm /config /manualpeerlist:<dns of ntp server> /syncfromflags:manual
3. w32tm /config /update
4. w32tm /resync /rediscover

The time will not instantly sync, it will update in small increments (usually 1/2 a millisecond per second) until it's synced. You can watch this with the stripchart command (step 3 at top).

Hi Chris,

We don't have any NTP settings now. We sync time with web service of internal higher level system 3:10AM once per day.

Sounds like that's the problem then.

I don't understand that seems like domain controller doesn't work without NTP server?

Active directory required a time source to be accurate. When time gets out of sync, your credentials break due to security built into Kerberos…

Windows can get its time from somewhere (say the ESX Host), however anything AD related must also be in sync with that time. All other systems need to talk to the Time Service on the DC’s to validate they are also in sync.

What Rumple said.

Basically I think this is a design issue with your AD structure, not something VMware related.

Thanks Rumple,

We believe this issue must trigger by either ESXi host or time service within Windows DC, probably W32time. Our system run about one year never has this problem.

Why we think we need sync the host with virtual machine - domain controller because after long time not sync, the time gap between host & virtual machine became bigger & bigger. When we apply any new application change on virtual machine (domain controller) & reboot the machine we will get time from host then fail the daily time sync to internal higher system since big time gap. Then we decide to manually sync ESXi host time with virtual machine. To do this, we schedule a task to run a script which force host to accept time change. Since from this change, the time will change by "system" from time to time, specially after we sync DC with higher system & get a big time change like 2 mins, then we force ESXi host to change the time as well.