OK so VMWare is a bitch for time, due to the machines being virtual time isn't 'normal' so you have to let ESX be the host and disable the windows time service on each of the VM's and let ESX pass the time in the VMWare tools on each VM. Easy when you know how.....anyway thats another story.
How we got here is the problem, is you start setting up your VM's without doing the above you can end up with all sorts of issues where the DC VM's change time and this then makes the DC an untrusted partner for replication, thus splitting your network and allowing some clients to log on one part and some on another, in short, ugly!
A fix, 2 reg tweaks:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
ValueName = Strict Replication Consistency
Data Type = Reg_DWORD
Value Data = 0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
ValueName = Allow Replication with Divergent and Corrupt Partner
Data Type = Reg_DWORD
Value Data = 1
This allows your server that is being thought of as untrusted to do a sync as normal, once that occurs these changes can be revered, change the Strict Replication Consistency back to 1 and delete the Allow Replication.... entry.
In the meantime I am off to play with ESX firewall to set it up as an NTP server client for my remaining physical server.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment