Solved

Windows NTP Configuratuon using VMWare Hosts

Posted on 2011-02-23
5
765 Views
Last Modified: 2012-05-11
Could someone please confirm if this configuration is correct?

We have all our servers hosted within VMWare, and all workstations connect via GPO from the main DC...

Regards,
Michael Caldecott     NTP-Drawing.pdf
0
Comment
Question by:Excel
  • 3
5 Comments
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
Don't do both. Sync your ESX servers with a public NTP server, your domain controller can sync with the ntp server or with an external source. All servers and workstations sync with the dc and uncheck the sync with esx box.
0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
0
 
LVL 40

Expert Comment

by:coolsport00
Comment Utility
Concur with "bgoering". Configure an ATS (auth time srvr) in your domain (no group policy needed) to get its time from an external source. Configure it on a DC preferably (see this MS KB: http://support.microsoft.com/kb/816042/). Time sync will propagate to the other DCs in your org. Then, configure NTP on your ESX/i hosts to sync with the ATS in your domain. Last, make sure VMware Tools on all your VMs have the time sync with host UNCHECKED. They will get time from the DC they authenticate against.

Hope that helps.

Regards,
~coolsport00
0
 

Author Comment

by:Excel
Comment Utility
bgoering:

I already have the following setup, ESX hosts sync with public NTP, all VMWare systems sync with VM tools... My confusion is; as we use GPO NTP which points to our DC, do I un-tick the VM tools for those connected too the DC GPO?

And for all (non-domain connected systems) do I enable the VM tools time sync within these images?

Regards,
M
0
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
Comment Utility
Yes, that is workable and the only trick to remember is to never sync with both the ESX host through vmware tools AND other methods such as your GPO NTP. If all your servers are virtual as you indicate then sync your DC that holds the PDC role either through VMware tools with the host, or directly to public time servers (remembering if you go to public servers, don't sync this one with ESX either) - it doesn't make a lot of difference which. Then make sure none of your other windows boxes are syncing with ESX - let them all pull the time from the DC infrastructure.

The biggest rule is don't do both on anything as they can end up fighting a bit over who is correct and you will have small corrections either way going on all the time.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Will try to explain how to use the VMware feature TAGs in the VMs and create Veeam Backup Jobs using TAGs. Since this article is too long, I will create second article for the Veeam tasks.
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
Teach the user how to install and configure the vCenter Orchestrator virtual appliance Open vSphere Web Client: Deploy vCenter Orchestrator virtual appliance OVA file: Verify vCenter Orchestrator virtual appliance boots successfully: Connect to the …
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now