Time is essentially very important to any IT infrastructure but in particular for a Microsoft domain environment. If a domain member server has drifted more than 5 minutes off a domain controller then it wont be able to authenticate domain users.
Usually a domain controller, or more specifically the PDC holder will synchronize its clock by default through an internet connection if it has one. In other environments – like the ones I am working in at the moment – does not provide the domain controllers with an internet connection.
In this article I will go through the steps I have taken to properly configure an NTP server as time source for a vSphere environment consisting of a Microsoft domain.
- How to configure an NTP server on Microsoft Server 2008 R2
- How to configure the time source on an ESXi host
Commands to be used:
netdom /query fsmo
W32tm /query /status
W32tm /config /syncfromflags:manual /manualpeerlist:”0.dk.pool.ntp.org,1.dk.pool.ntp.org,2.dk.pool.ntp.org”
W32tm /config /reliable:yes
W32tm /config /syncfromflags:manual /manualpeerlist:192.168.xxx.xxx (NTP server)
W32tm /query /configuration
W32tm /resync
Type netdom /query fsmo in an elevated command prompt to locate the PDC holder if you do not know which DC holds it. Login to the server and execute w32tm /query /status
The default NTP source for this DC is the CMOS clock because it does not have an internet connection. If a server cannot sync its clock with the default setting or a configured time source then it will switch to the CMOS clock.
Click the picture below to enlarge;
Excellent link for verifying NTP on an ESXi host: http://www.vmwarebits.com/Verifying-NTP-onESXi
IT vlab 