Solved

Windows NTP Configuratuon using VMWare Hosts

Posted on 2011-02-23
5
778 Views
Last Modified: 2012-05-11
Could someone please confirm if this configuration is correct?

We have all our servers hosted within VMWare, and all workstations connect via GPO from the main DC...

Regards,
Michael Caldecott     NTP-Drawing.pdf
0
Comment
Question by:Excel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 28

Expert Comment

by:bgoering
ID: 34960120
Don't do both. Sync your ESX servers with a public NTP server, your domain controller can sync with the ntp server or with an external source. All servers and workstations sync with the dc and uncheck the sync with esx box.
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34960134
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 34960205
Concur with "bgoering". Configure an ATS (auth time srvr) in your domain (no group policy needed) to get its time from an external source. Configure it on a DC preferably (see this MS KB: http://support.microsoft.com/kb/816042/). Time sync will propagate to the other DCs in your org. Then, configure NTP on your ESX/i hosts to sync with the ATS in your domain. Last, make sure VMware Tools on all your VMs have the time sync with host UNCHECKED. They will get time from the DC they authenticate against.

Hope that helps.

Regards,
~coolsport00
0
 

Author Comment

by:Excel
ID: 34960283
bgoering:

I already have the following setup, ESX hosts sync with public NTP, all VMWare systems sync with VM tools... My confusion is; as we use GPO NTP which points to our DC, do I un-tick the VM tools for those connected too the DC GPO?

And for all (non-domain connected systems) do I enable the VM tools time sync within these images?

Regards,
M
0
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
ID: 34966466
Yes, that is workable and the only trick to remember is to never sync with both the ESX host through vmware tools AND other methods such as your GPO NTP. If all your servers are virtual as you indicate then sync your DC that holds the PDC role either through VMware tools with the host, or directly to public time servers (remembering if you go to public servers, don't sync this one with ESX either) - it doesn't make a lot of difference which. Then make sure none of your other windows boxes are syncing with ESX - let them all pull the time from the DC infrastructure.

The biggest rule is don't do both on anything as they can end up fighting a bit over who is correct and you will have small corrections either way going on all the time.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO: Upload an ISO image to a VMware datastore for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere Host Client, and checking its MD5 checksum signature is correct.  It's a good idea to compare checksums, because many installat…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
Teach the user how to delpoy the vCenter Server Appliance and how to configure its network settings Deploy OVF: Open VM console and configure networking:
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question