How Tos, Servers

Time Synchronization

Time synchronization is extremely important in a domain as MS uses it for its authentication mechanism. This is how I’ve got my Microsoft NTP server functioning and how to get VMWare hosts to use the Microsoft NTP server. The following instructions are from the VMWare website.

Configure the Windows NTP Client

Enable NTP mode:

  1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
  2. Set the Type value to NTP.

Enable NTP client:

  1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
  2. Set the AnnounceFlags value to 5.

Specify the upstream NTP servers to sync from:

  1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders
  2. Set the NtpServer value to a list of at least 3 NTP servers.

I used 1.pool.ntp.org (0-3 are acceptable)

Specify a 15-minute update interval

  1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
  2. Set the SpecialPollInterval value to 900.

Restart the W32time service

Configure ESX Host

Configure ESXi/ESX to synchronize time with the Windows server Active Directory Domain Controller:

  1. Connect to the ESXi/ESX host or vCenter Server using the vSphere Client.
  2. Click the ESXi/ESX host in the inventory.
  3. Click the Configuration tab.
  4. Under the Software heading, click Time Configuration.
  5. Click Properties.
  6. Ensure that the NTP Client Enabled option is selected.
  7. Click Options.
  8. Click NTP Settings.
  9. Click Add and specify the fully qualified domain name or IP address of the Windows server Domain Controller(s).
  10. Click OK.
  11. Click OK to save the changes.

Additional configuration must be done from the command line.

  1. Open a console to the ESXi/ESX host.
  2. Open the /etc/ntp.conf file in a text editor.
  3. Add the tos maxdist command on its own line:

    tos maxdist 30

  4. Save and close the configuration file.
  5. Make the /etc/likewise/lsassd.conf file writable by running the command:

    chmod +w /etc/likewise/lsassd.conf

  6. Open the /etc/likewise/lsassd.conf file in a text editor.
  7. Locate the sync-system-time option, uncomment it, and set the value to no:

    sync-system-time = no

  8. Save and close the configuration file.
  9. On ESXi, save the configuration changes to the boot bank so they persist across reboots by running the command:

    /sbin/auto-backup.sh

  10. Restart the ntpd and lsassd services for the configuration changes to take effect by running the commands:

    /etc/init.d/lsassd restart
    /etc/init.d/ntpd restart