I think I may have resolved our wandering time problems. I finally attacked the ESX servers. Logging into the console allow the ntpclient to communicate:
esxcfg-firewall --enableService ntpclient
Than make sure it starts after any restarts
chkconfig ntpd on
Configure the NTP service, http://www.tlanews.com/TLA/NEWS/2006vmware/2007-02-22-ntp-esx.htm helped me get to grips with this. I used the time server pool at pool.ntp.org for my list, also check you add the nomodify line from the site as this restricts abuse.
Once your list is in and you have also updated the step-tickers file with your server list you can restart the NTP service:
service ntpd restart
This should get the system a new time, you can then set this to the hardware clock:
hwclock --systohc
You now have a correct hardware time and system time that is kept up to date via the external servers.
Now this is where is gets complex, different people say different things including VMWare and Microsoft so this is my solution and so far so good. Any server thats wasn't a DC had its Windows Time service stopped and disabled, then enabled the Time Sync option in the VMWare tools tray icon.
For the DC's I stopped the Windows Time service on them all except the PDC then:
w32tm /unregister
To remove all old Windows Time meddling from the past, then readd:
w32tm /register
Start up the service and:
w32tm /resync
To allow the Windows computer to get the time from its normal AD method (the PDC).
Now on the PDC edit the registry as follows under:
HKLM/System/CurrentControlSet/Services/W32time
Do the following:
Parameters\Type = "NTP"
Parameters\NtpServer = "0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org"
Config\AnnounceFlags = "5"
TimeProviders\NtpServer\Enabled = "1"
TimeProviders\NtpClient\SpecialPollInterval = "60"
This enables it as a client and a server. Run w32tm /resync to get the new data from the new NTP server list.
OK so this gives us our usual DCs talking to the PDC as normal BUT in the event that something goes tits up the hardware clocks that they have reverted to in the past are also using the same time as the NTP service so in theory they won't change more than a quarter of a second (based on my testing of the ntp pool servers). It also means we don't have to worry about any other servers other than the DC's as they are all using the ESX server which is using the same time pool as the DC's.
Will this work? We shall wait and see.....
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment