NTP is a critical component in every network environment, especially when it comes to Virtualization. Because the entire Virtual Machines are relaying on the host to get the time. When the Domain Controller itself running as a Virtual Machine, cares must be taken of time synchronization between hosts, Virtualized Domain Controllers and other Virtual Machines.
In my environment, since the server vLAN has got access to the Public Internet, this wasn’t a big issue to get the synchronization done properly to the Domain Controllers.
Luckily, I have got two Domain Controllers one running as a Physical Server (PDC) and the second running as a Virtual Machine (ADC). In the initial stage, all the FSMO roles was configured on the Virtual Domain Controller, so the Virtual DC it’s holding the PDC emulator which is responsible for the domain hierarchy which means it’s responsible of the time service as well.
To get this done without the hassle of Time Protocols errors, below is the entire configuration.
- Backed up the Virtual DC with Veeam Backup & Replication”.
- Transferred the FSMO Roles from the Virtual DC to the Physical DC
- Configured the Physical DC to be responsible for the time service as per the MS article http://support.microsoft.com/kb/816042
- Configured the Virtual DC to obtain time from Physical DC.
- Now, since the majority of our servers are virtual running on VMWare vSphere the ESX configured to obtain the time from the same Physical DC
- In vSphere Client, configured the ESX with the Physical Domain Controller as NTP Server.
- Ran the ntpdate -q 192.168.10.20 in ESX Server against the Physical Domain Controller
- Restart the ESX NTP Service ” service ntpd restart”
- Then watch “ntpq -p” to watch time drift in ESX Console.
- Domain Members Virtual Machines has been configured not to obtain the time from ESX host, but it’s configured on other VMs that are not member of the Domain.
- The time is probably synchronized from the Internet to our Virtual and Physical Servers.