文档章节

Synchronizing ESXi/ESX time with a Microsoft Domai

张文辉
 张文辉
发布于 2014/12/10 15:09
字数 838
阅读 15
收藏 0

Workaround

If you are using ESXi/ESX 4.1 Update 1 or later, you can use this workaround:

When using Active Directory integration in ESXi/ESX 4.1 and newer, it is important to synchronize time between ESXi/ESX and the directory service to facilitate the Kerberos security protocol.

ESXi/ESX support synchronization of time with an external NTPv3 or NTPv4 server compliant with RFC 5905 and RFC 1305. Microsoft Windows 2003 and newer use the W32Time service to synchronize time for windows clients and facilitate the Kerberos v5 protocol. For more information, see the Microsoft Knowledge Base article 939322 and How the Windows Time Service Works.

By default, an unsynced Windows server chooses a 10-second dispersion and adds to the dispersion on each poll interval that it remains in sync. An ESXi/ESX host, by default, does not accept any NTP reply with a root dispersion greater than 1.5 seconds.

The preceding links were correct as of April 16, 2013. If you find a link is broken, provide feedback and a VMware employee will update the link.

Configure Windows NTP Client

ESXi/ESX requires an accurate time source to synchronize with. To use a Windows 2003 or newer server, it should be configured to get its time from an accurate upstream NTP server. For more information, see the Microsoft Knowledge Base article 816042.

The preceding link was correct as of April 16, 2013. If you find a link is broken, provide feedback and a VMware employee will update the link.

Use the registry editor on the Windows server to make the configuration changes:

Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see the Microsoft Knowledge Base article 136393.

  1. Enable NTP mode:


    1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

    2. Set the Type value to NTP.

  2. Enable the NTP Client:


    1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

    2. Set the AnnounceFlags value to 5.

  3. Specify the upstream NTP servers to sync from:


    1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders

    2. Set the NtpServer value to a list of at least 3 NTP servers.

      Example: You might set the value to:

      1.pool.ntp.org,0x1 2.pool.ntp.org,0x1 3.pool.ntp.org,0x1

      Note: On a Windows 2008 Domain Controller, NtpServer is located inHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.

  4. Specify a 15-minute update interval:


    1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient

    2. Set the SpecialPollInterval value to 900.

  5. Restart the W32time service for the changes to take effect.


Configure ESXi/ESX NTP and Likewise Clients

Configure ESXi/ESX to synchronize time with the Windows server Active Directory Domain Controller:

  1. Connect to the ESXi/ESX host or vCenter Server using the vSphere Client.

  2. Click the ESXi/ESX host in the inventory.

  3. Click the Configuration tab.

  4. Under the Software heading, click Time Configuration.

  5. Click Properties.

  6. Ensure that the NTP Client Enabled option is selected.

  7. Click Options.

  8. Click NTP Settings.

  9. Click Add and specify the fully qualified domain name or IP address of the Windows server Domain Controller(s).

  10. Click OK.

  11. Click OK to save the changes.


Additional configuration must be done from the command line.

  1. Open a console to the ESXi/ESX host. For more information, see Connecting to an ESX host using a SSH client (1019852) or Using Tech Support Mode in ESXi 4.1 and ESXi 5.0 (1017910).

  2. Open the /etc/ntp.conf file in a text editor. For more information, see Editing configuration files in VMware ESXi and ESX (1017022).

  3. Add the tos maxdist command on its own line:

    tos maxdist 30

  4. Save and close the configuration file.

  5. Make the /etc/likewise/lsassd.conf file writable by running the command:

    chmod +w /etc/likewise/lsassd.conf

  6. Open the /etc/likewise/lsassd.conf file in a text editor. For more information, see Editing configuration files in VMware ESXi and ESX (1017022).

  7. Locate the sync-system-time option, uncomment it, and set the value to no:

    sync-system-time = no

  8. Save and close the configuration file.

  9. On ESXi, save the configuration changes to the boot bank so they persist across reboots by running the command:

    /sbin/auto-backup.sh

  10. Restart the ntpd and lsassd services for the configuration changes to take effect by running the commands:

    service lsassd restart
    service ntpd restart


    Note: To restart the ntpd and lsassd services on an ESXi host, run these commands:

    /etc/init.d/lsassd restart
    /etc/init.d/ntpd restart


If the ntpd and lsassd services do not restart, consider restarting the management agents first. For more information about restarting the management agents, see Restarting the Management agents on an ESX or ESXi Server (1003490).

Once the configuration changes are complete, ensure that the time is synchronized between the ESXi/ESX host and the Windows server. For more information, see Troubleshooting NTP on ESX and ESXi (1005092).

本文转载自:http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_...

张文辉
粉丝 2
博文 19
码字总数 4141
作品 0
广州
系统管理员
私信 提问
VMware vSphere 和 VMware vCenter Server 是什么关系?

VMware vSphere 是VMware 的一个虚拟化产品。它包括vCenter,ESX Server,ESXi Server等等。举个列子 如果你需要组建一套VMware 虚拟化平台,你有3台服务器,2台用于业务,1台用于管理,那么...

Rainy0426
2018/05/25
0
0
虚拟机环境下安装ESX不能安装虚拟系统解决方案

在虚拟机环境(ESX、workstation等)下安装ESX或workstation等虚拟机,在虚拟机上再安装操作系统,会提示“虚拟系统不能启动,直到你配置了外部虚拟机(vmware esx in a virtual machine req...

Mr韦淋
2014/06/08
38
0
VMwareESX/ESXi 精简置备(thin)与厚置备(thick)虚拟机磁盘之间转换

VMwareESX/ESXi 精简置备(thin)与厚置备(thick)虚拟机磁盘之间转换[Yerik原创] VMwareESX/ESXi 虚拟机磁盘thin与thick之间转换 注意:转换前请先关闭虚拟机!!! 一. Thin to Thick转换 Thin t...

枫影Xda
2013/06/17
433
0
Vmware vSphere 5.0系列教程之四 vSphere网络原理及vSwitch简介

在一个物理网络拓扑中,通常都是路由器-交换机-PC机的连接,不同的服务器和PC机,通过交换机的连接而相互连通。 在VMware vSphere架构下服务器会虚拟出交换机来供ESX Host虚拟机来使用,虚拟...

crackernet
2018/06/29
0
0
Vmware vSphere 5.0系列教程之四 vSphere网络原理及vSwitch简介

在一个物理网络拓扑中,通常都是路由器-交换机-PC机的连接,不同的服务器和PC机,通过交换机的连接而相互连通。 在VMware vSphere架构下服务器会虚拟出交换机来供ESX Host虚拟机来使用,虚拟...

问天123
2012/06/20
239
0

没有更多内容

加载失败,请刷新页面

加载更多

java通过ServerSocket与Socket实现通信

首先说一下ServerSocket与Socket. 1.ServerSocket ServerSocket是用来监听客户端Socket连接的类,如果没有连接会一直处于等待状态. ServetSocket有三个构造方法: (1) ServerSocket(int port);...

Blueeeeeee
今天
6
0
用 Sphinx 搭建博客时,如何自定义插件?

之前有不少同学看过我的个人博客(http://python-online.cn),也根据我写的教程完成了自己个人站点的搭建。 点此:使用 Python 30分钟 教你快速搭建一个博客 为防有的同学不清楚 Sphinx ,这...

王炳明
昨天
5
0
黑客之道-40本书籍助你快速入门黑客技术免费下载

场景 黑客是一个中文词语,皆源自英文hacker,随着灰鸽子的出现,灰鸽子成为了很多假借黑客名义控制他人电脑的黑客技术,于是出现了“骇客”与"黑客"分家。2012年电影频道节目中心出品的电影...

badaoliumang
昨天
15
0
很遗憾,没有一篇文章能讲清楚线程的生命周期!

(手机横屏看源码更方便) 注:java源码分析部分如无特殊说明均基于 java8 版本。 简介 大家都知道线程是有生命周期,但是彤哥可以认真负责地告诉你网上几乎没有一篇文章讲得是完全正确的。 ...

彤哥读源码
昨天
15
0
jquery--DOM操作基础

本文转载于:专业的前端网站➭jquery--DOM操作基础 元素的访问 元素属性操作 获取:attr(name);$("#my").attr("src"); 设置:attr(name,value);$("#myImg").attr("src","images/1.jpg"); ......

前端老手
昨天
7
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部