Solved

Hyper-V:  Time Configuration

Posted on 2014-09-16
5
276 Views
Last Modified: 2014-11-12
What is the best practice for configuring time source in a multi server domain?  (Have a mix of 2003 STD and 2012 STD and HyperV - VMs)

 This is what I was thinking.......Have the DC/FSMO get external time,  Have the other DCs and member servers point to the DC/FSMO.  I believe workstations will by default point to the DC/Fsmo???

 Should the other DCs and member servers point to the DC/FSMO and have a 2nd time source thats  external?
0
Comment
Question by:howmad2
5 Comments
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40325690
Yes, correct PD emulator - External Time Source.

Member Servers and DCs sync against PD emulator (domain).

Wokstations will sync to Domain.
0
 
LVL 20

Expert Comment

by:Svet Paperov
ID: 40325695
This question surfaces from time to time.

There are different ways to setup the time synchronization in virtualized environment. However, there are couple thinks to consider:
-      If the DC are running on domain member Hyper-V servers, you should disable the time synch from Integration services
-      All member servers and workstations in a domain will synch the time with PDC FSMO-holder’s DC

Your approach sounds correct. Another that you could consider is to synch the DC with an internal source which is synched with an external one. In such way, you improve the security by reducing the cases where the DC communicates with Internet’s hosts and you have a single time source for the whole organization. This other source could be a Linux server or a router/firewall.
0
 

Author Comment

by:howmad2
ID: 40325803
Should Member Servers and DCs sync against PD emulator (domain) with a 2nd  entry to an external source?

Do I have to do anything special for a Hyper-V VM that is a DC ?
or  a Hyper-V VM that is a Member Server?
Or a Hyper-V host (2012 R2 Standard)?
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 40325937
Here is my go to file for Windows NTP Setup:

You need to turn off time services for guests in Hyper V so they will get their time from your domain hierarchy

Here are the instructions for NTP GPO:

http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx

Net Stop W32Time
w32tm /config /syncfromflags:manual /manualpeerlist:0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org
W32tm /config /reliable:yes
Net Start W32Time
W32tm /config /update
W32tm /resync


- to configure a domain computer for automatic domain time synchronization, run:

w32tm /config /syncfromflags:domhier /update

After that you have to run:
net stop w32time
net start w32time

--------------------------------------------------------------------

- to reconfigure the previous PDC Emulator, in case of transferring/seizing the FSMO to another Domain Controller, run:

w32tm /config /syncfromflags:domhier /reliable:no /update


After that you have to run:
net stop w32time
net start w32time

If you have problems with the time service configuration, because too many changes where done in the registry or you like start fresh on a computer, then you can reset the time service to a default state the following way. Make sure to use an elevated command prompt, to have full administrative permissions. Then type in the following commands:

net stop w32time

w32tm /unregister

w32tm /register

net start w32time
0
 
LVL 119
ID: 40325977
I would not do second source as an external.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an issue that we can get adding / removing permissions in the vCSA 6.0. We can also have issues searching for users / groups in the AD (using your identify sources). This is how one of the ways to handle this issues and fix it.
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question