Solved

Create New NTP Server

Posted on 2014-07-23
22
614 Views
Last Modified: 2014-07-29
Hi,

We are in the process of converting our Physical Domain Controller to a Virtual Domain Controller.  We decided to create a new virtual machine from scratch instead of doing the P2V.  The original physical domain controller was the NTP Server as well.  

My question is, what do I need to do to make the new virtual domain controller that we have here, act as the new NTP Server now for servers and appliance to now point to instead?  Are there any specific Roles or Features that need to get installed?  Or is it as simple as just pointing the servers and appliances that need a NTP Server to the new IP Address of the new virtual domain controller?

Suggestions please...

Thanks
0
Comment
Question by:Lumious
  • 10
  • 8
  • 3
  • +1
22 Comments
 
LVL 15

Expert Comment

by:Perarduaadastra
Comment Utility
If the physical server was configured to be the NTP server for the domain, just configure the virtual one in like manner.
0
 

Author Comment

by:Lumious
Comment Utility
I understand that the new virtual domain controller will have to be configured as the new NTP Server. But I guess my question is what steps will have to be done in order to make this possible?

Suggestions please...

Thanks
0
 
LVL 9

Accepted Solution

by:
sda100 earned 500 total points
Comment Utility
The steps below to configure a 2008 R2 domain controller as an NTP server are taken from this page.

You might also want to send out the timeserver details using DHCP option 42, but that's not needed for Windows domain clients as they'll sync the time upon computer login anyway, but would be useful for non-Windows or non-domain clients.

Step 1:
   Net time /setsntp:
   W32tm /config /syncfromflags:manual /manualpeerlist:
   W32tm /config /reliable:yes
   W32tm /config /update
   W32tm /resync
   Pause
   Exit

Step 2:
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
   "AnnounceFlags"=dword:00000005
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
   "Type"="NTP"
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
   "Enabled"=dword:00000001

Step 3:
   Net stop w32time
   Net start w32time
   Net time
   Pause
   Exit
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Why not just download a ready made NTP appliance from the free VMware Appliances import it and your done.

And the benefit of the NTP virtual appliance is it sync with multiple Internet sourced to provide an NTP service very lightweight based on Linux.
0
 
LVL 9

Expert Comment

by:sda100
Comment Utility
Ah, come to think of it, Andrew has a point.  You can just set your ESX box to sync with multiple NTP servers, and use the VMware tools option to keep the guest clock in sync.
0
 

Author Comment

by:Lumious
Comment Utility
Hi,

Right now everything is looking towards the following address for their NTP Server which is the original domain controller:

Ex: 192.168.1.x

As you already know I've setup a new virtual domain controller to replace the physical domain controller.  The physical domain controller is the NTP Server that everything looks towards.  So instead of making the new virtual domain controller the new NTP Server, you are suggesting I just download a free Virtual Appliance from VMware that is used for NTP?

Questions:
- Where do I find these free NTP Appliances from VMware?
- Any suggestions on a good one to use?
- Is there certain configurations that need to be done on the Appliance when it deploys in order to get it up and running that I might have to know?
- After getting it deployed, do I just start to set everything to look towards the IP of the Virtual NTP Appliance for their NTP Settings?

Please let me know as soon as you can.

Thanks
0
 
LVL 9

Assisted Solution

by:sda100
sda100 earned 500 total points
Comment Utility
If you can't configure 'everything' to point to a new NTP server, why not make your new virtual DC the NTP server (using the instructions above) and give your DC an additional IP address - that of your old physical DC?
0
 

Author Comment

by:Lumious
Comment Utility
SDA100:

- That actually sounds like a good plan from what I'm understanding.  On the new virtual domain controller I would perform the steps listed above.  For Step 1 though, I'm configuring those commands through Command Prompt correct?

When you mention to give my new virtual domain controller an addition IP address of my old physical DC, how do I go about that?

Do I just go into the NIC Properties, under IPv4 in the Advanced TCP/IP Settings and click Add under IP Address to add the IP of the old Physical DC? Or do I have to change DNS entries in some type of way to point to the correct server?
0
 
LVL 9

Expert Comment

by:sda100
Comment Utility
Yup, step 1 through the command prompt (probably elevated).
Yup, just add a new IP address as you've said.

Doing it that way means you can still assign that IP address to another NTP device if you so choose at a later date.  What OS are the machines that are using NTP?
0
 

Author Comment

by:Lumious
Comment Utility
The OS's are as followins:

Original Physical DC:
- Windows Server 2008 Standard

New Virtual Domain Controller:
- Windows Server 2008 R2
0
 

Author Comment

by:Lumious
Comment Utility
*CORRECTION*

The OS's are as follows:

Original Physical DC:
- Windows Server 2008 Standard

New Virtual Domain Controller:
- Windows Server 2008 R2 Enterprise
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 9

Expert Comment

by:sda100
Comment Utility
I meant, which machines will need to determine their time from YOUR NTP server?  Or is this just for your server to maintain its own time from an external NTP server?
0
 

Author Comment

by:Lumious
Comment Utility
All the servers in our environment that look towards the NTP Server are all Windows Server 2008 Standard.  There are some Network Printers that have the NTP Server IP set as well.  We only have about 50 servers in the environment too so it's not that big of an environment.

Is there something that I should be concerned about?

Please let me know.

Thanks
0
 
LVL 9

Expert Comment

by:sda100
Comment Utility
Not really, I was going to suggest re-configuring the other devices to point to the new IP, but if it's printers it's probably a PITA so not worth it.  It could actually work quite well that you keep your NTP server on a different IP address, as you can then move the service wherever you like by just assigning the IP address to another server.  Let me know how you get on.
0
 

Author Comment

by:Lumious
Comment Utility
Hi,

Which of the following do you suggest:

- Run through Steps 1-3 on the new virtual DC
- After running through Steps 1-3 we can safely say that the new virtual DC is set up as a NTP Server
- I'm guessing I would be able to start assigning devices to this new NTP Server Address for their NTP settings?

OR:

- Run through Steps 1-3 on the new virtual DC
- After running through Steps 1-3 we can safely say that the new virtual DC is set up as a NTP Server
- Add a second IP Address to the new virtual DC that is of the original physical DC (Doing it that way means you can still assign that IP address to another NTP device if you so choose at a later date) <---After doing these steps, do I have to change anything in DNS?  Because the old DC IP is still associated with the phyiscal DC.  So if I add its IP as a second IP to the new virtual DC does anything have to be changed in DNS?

Thanks
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Questions:
- Where do I find these free NTP Appliances from VMware?
- Any suggestions on a good one to use?
- Is there certain configurations that need to be done on the Appliance when it deploys in order to get it up and running that I might have to know?
- After getting it deployed, do I just start to set everything to look towards the IP of the Virtual NTP Appliance for their NTP Settings?

Please let me know as soon as you can.

Thanks

When you Import the OVF, once started, it runs through a configuration script. It's completed in less than 60 seconds, and then point ALL your servers at this NTP Appliance, which obtains NTP from several different sources on the internet for comparison.

see this forum

https://communities.vmware.com/thread/43945?start=30&tstart=0
0
 
LVL 9

Expert Comment

by:sda100
Comment Utility
In response to
Which of the following do you suggest

If your devices are on DHCP, then you can configure DHCP with option 42 to tell the devices which time server to use.  Doing it that way means you don't even need to assign the old server's IP address to the new one.

It's your choice to make, but if it were *my* network, and I was only a Windows man, then I'd configure the new server to be the NTP server, then make sure all my devices got the new config through DHCP.
0
 

Author Comment

by:Lumious
Comment Utility
Hi,

Andrew Hancock:
- Thanks for the reply, I will definitely take a look at this shortly.

SDA100:
- As of right now for DHCP, I see that Option 004 Time Server is configured with the NTP Server Address.  What is the difference for 004 and then 042?

Please let me know when you get a chance.


Thanks
0
 
LVL 9

Expert Comment

by:sda100
Comment Utility
Below information taken from here: http://www.experts-exchange.com/Networking/Protocols/DHCP/Q_23324069.html

004 specifies servers that provide TIME/ITP (as per RFC 868). This is not a recommended protocol/service in a Windows environment.

042 specifies servers that provide NTP/SNTP (RFC 1769).  This is the preferred time service in a Windows environment (assuming the absence of Active Directory which maintains the time on your behalf.
0
 

Author Comment

by:Lumious
Comment Utility
Andrew Hancock
- After navigating to the forum that you provided for the Virtual Appliance that's the NTP Server, I didn't find anywhere that I could download one.
- Could you please provide me a link where I can find one to download that you have dealt with that you recommend?

Please let me know as soon as you can.

Still working on trying stuff out and configuring everything.
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
@Lumious Post in the VMware forum, if the link does not work.
0
 

Author Comment

by:Lumious
Comment Utility
Hi,

Still working on some changes in the environment.  Will comment shortly on the results.

Thanks
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Problem with autodiscover SBS 2011 4 41
Split DNS 3 22
Best RAID for a BDD Oracle 4 13
Snapshot login tracking 1 6
It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Teach the user how to edit .vmx files to add advanced configuration options Open vSphere Web Client: Edit Settings for a VM: Choose VM Options -> Advanced: Add Configuration Parameters:
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now