Solved

Create New NTP Server

Posted on 2014-07-23
22
628 Views
Last Modified: 2014-07-29
Hi,

We are in the process of converting our Physical Domain Controller to a Virtual Domain Controller.  We decided to create a new virtual machine from scratch instead of doing the P2V.  The original physical domain controller was the NTP Server as well.  

My question is, what do I need to do to make the new virtual domain controller that we have here, act as the new NTP Server now for servers and appliance to now point to instead?  Are there any specific Roles or Features that need to get installed?  Or is it as simple as just pointing the servers and appliances that need a NTP Server to the new IP Address of the new virtual domain controller?

Suggestions please...

Thanks
0
Comment
Question by:Lumious
  • 10
  • 8
  • 3
  • +1
22 Comments
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 40213856
If the physical server was configured to be the NTP server for the domain, just configure the virtual one in like manner.
0
 

Author Comment

by:Lumious
ID: 40213870
I understand that the new virtual domain controller will have to be configured as the new NTP Server. But I guess my question is what steps will have to be done in order to make this possible?

Suggestions please...

Thanks
0
 
LVL 9

Accepted Solution

by:
sda100 earned 500 total points
ID: 40213871
The steps below to configure a 2008 R2 domain controller as an NTP server are taken from this page.

You might also want to send out the timeserver details using DHCP option 42, but that's not needed for Windows domain clients as they'll sync the time upon computer login anyway, but would be useful for non-Windows or non-domain clients.

Step 1:
   Net time /setsntp:
   W32tm /config /syncfromflags:manual /manualpeerlist:
   W32tm /config /reliable:yes
   W32tm /config /update
   W32tm /resync
   Pause
   Exit

Step 2:
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
   "AnnounceFlags"=dword:00000005
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
   "Type"="NTP"
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
   "Enabled"=dword:00000001

Step 3:
   Net stop w32time
   Net start w32time
   Net time
   Pause
   Exit
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 119
ID: 40213971
Why not just download a ready made NTP appliance from the free VMware Appliances import it and your done.

And the benefit of the NTP virtual appliance is it sync with multiple Internet sourced to provide an NTP service very lightweight based on Linux.
0
 
LVL 9

Expert Comment

by:sda100
ID: 40213980
Ah, come to think of it, Andrew has a point.  You can just set your ESX box to sync with multiple NTP servers, and use the VMware tools option to keep the guest clock in sync.
0
 

Author Comment

by:Lumious
ID: 40214078
Hi,

Right now everything is looking towards the following address for their NTP Server which is the original domain controller:

Ex: 192.168.1.x

As you already know I've setup a new virtual domain controller to replace the physical domain controller.  The physical domain controller is the NTP Server that everything looks towards.  So instead of making the new virtual domain controller the new NTP Server, you are suggesting I just download a free Virtual Appliance from VMware that is used for NTP?

Questions:
- Where do I find these free NTP Appliances from VMware?
- Any suggestions on a good one to use?
- Is there certain configurations that need to be done on the Appliance when it deploys in order to get it up and running that I might have to know?
- After getting it deployed, do I just start to set everything to look towards the IP of the Virtual NTP Appliance for their NTP Settings?

Please let me know as soon as you can.

Thanks
0
 
LVL 9

Assisted Solution

by:sda100
sda100 earned 500 total points
ID: 40214088
If you can't configure 'everything' to point to a new NTP server, why not make your new virtual DC the NTP server (using the instructions above) and give your DC an additional IP address - that of your old physical DC?
0
 

Author Comment

by:Lumious
ID: 40214142
SDA100:

- That actually sounds like a good plan from what I'm understanding.  On the new virtual domain controller I would perform the steps listed above.  For Step 1 though, I'm configuring those commands through Command Prompt correct?

When you mention to give my new virtual domain controller an addition IP address of my old physical DC, how do I go about that?

Do I just go into the NIC Properties, under IPv4 in the Advanced TCP/IP Settings and click Add under IP Address to add the IP of the old Physical DC? Or do I have to change DNS entries in some type of way to point to the correct server?
0
 
LVL 9

Expert Comment

by:sda100
ID: 40214184
Yup, step 1 through the command prompt (probably elevated).
Yup, just add a new IP address as you've said.

Doing it that way means you can still assign that IP address to another NTP device if you so choose at a later date.  What OS are the machines that are using NTP?
0
 

Author Comment

by:Lumious
ID: 40214232
The OS's are as followins:

Original Physical DC:
- Windows Server 2008 Standard

New Virtual Domain Controller:
- Windows Server 2008 R2
0
 

Author Comment

by:Lumious
ID: 40214235
*CORRECTION*

The OS's are as follows:

Original Physical DC:
- Windows Server 2008 Standard

New Virtual Domain Controller:
- Windows Server 2008 R2 Enterprise
0
 
LVL 9

Expert Comment

by:sda100
ID: 40214247
I meant, which machines will need to determine their time from YOUR NTP server?  Or is this just for your server to maintain its own time from an external NTP server?
0
 

Author Comment

by:Lumious
ID: 40214251
All the servers in our environment that look towards the NTP Server are all Windows Server 2008 Standard.  There are some Network Printers that have the NTP Server IP set as well.  We only have about 50 servers in the environment too so it's not that big of an environment.

Is there something that I should be concerned about?

Please let me know.

Thanks
0
 
LVL 9

Expert Comment

by:sda100
ID: 40214263
Not really, I was going to suggest re-configuring the other devices to point to the new IP, but if it's printers it's probably a PITA so not worth it.  It could actually work quite well that you keep your NTP server on a different IP address, as you can then move the service wherever you like by just assigning the IP address to another server.  Let me know how you get on.
0
 

Author Comment

by:Lumious
ID: 40214317
Hi,

Which of the following do you suggest:

- Run through Steps 1-3 on the new virtual DC
- After running through Steps 1-3 we can safely say that the new virtual DC is set up as a NTP Server
- I'm guessing I would be able to start assigning devices to this new NTP Server Address for their NTP settings?

OR:

- Run through Steps 1-3 on the new virtual DC
- After running through Steps 1-3 we can safely say that the new virtual DC is set up as a NTP Server
- Add a second IP Address to the new virtual DC that is of the original physical DC (Doing it that way means you can still assign that IP address to another NTP device if you so choose at a later date) <---After doing these steps, do I have to change anything in DNS?  Because the old DC IP is still associated with the phyiscal DC.  So if I add its IP as a second IP to the new virtual DC does anything have to be changed in DNS?

Thanks
0
 
LVL 119
ID: 40214551
Questions:
- Where do I find these free NTP Appliances from VMware?
- Any suggestions on a good one to use?
- Is there certain configurations that need to be done on the Appliance when it deploys in order to get it up and running that I might have to know?
- After getting it deployed, do I just start to set everything to look towards the IP of the Virtual NTP Appliance for their NTP Settings?

Please let me know as soon as you can.

Thanks

When you Import the OVF, once started, it runs through a configuration script. It's completed in less than 60 seconds, and then point ALL your servers at this NTP Appliance, which obtains NTP from several different sources on the internet for comparison.

see this forum

https://communities.vmware.com/thread/43945?start=30&tstart=0
0
 
LVL 9

Expert Comment

by:sda100
ID: 40214578
In response to
Which of the following do you suggest

If your devices are on DHCP, then you can configure DHCP with option 42 to tell the devices which time server to use.  Doing it that way means you don't even need to assign the old server's IP address to the new one.

It's your choice to make, but if it were *my* network, and I was only a Windows man, then I'd configure the new server to be the NTP server, then make sure all my devices got the new config through DHCP.
0
 

Author Comment

by:Lumious
ID: 40214600
Hi,

Andrew Hancock:
- Thanks for the reply, I will definitely take a look at this shortly.

SDA100:
- As of right now for DHCP, I see that Option 004 Time Server is configured with the NTP Server Address.  What is the difference for 004 and then 042?

Please let me know when you get a chance.


Thanks
0
 
LVL 9

Expert Comment

by:sda100
ID: 40214666
Below information taken from here: http://www.experts-exchange.com/Networking/Protocols/DHCP/Q_23324069.html

004 specifies servers that provide TIME/ITP (as per RFC 868). This is not a recommended protocol/service in a Windows environment.

042 specifies servers that provide NTP/SNTP (RFC 1769).  This is the preferred time service in a Windows environment (assuming the absence of Active Directory which maintains the time on your behalf.
0
 

Author Comment

by:Lumious
ID: 40215866
Andrew Hancock
- After navigating to the forum that you provided for the Virtual Appliance that's the NTP Server, I didn't find anywhere that I could download one.
- Could you please provide me a link where I can find one to download that you have dealt with that you recommend?

Please let me know as soon as you can.

Still working on trying stuff out and configuring everything.
0
 
LVL 119
ID: 40216449
@Lumious Post in the VMware forum, if the link does not work.
0
 

Author Comment

by:Lumious
ID: 40221930
Hi,

Still working on some changes in the environment.  Will comment shortly on the results.

Thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
In-place Upgrading Dirsync to Azure AD Connect
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question