• ESX/ESXi 4.1 Update 1 or later 同步NTP


    Synchronizing ESX/ESXi time with a Microsoft Domain Controller(1035833)

    Symptoms

    An ESX or ESXi host configured to use a Microsoft Windows 2003 or newer Domain Controller as a time source never synchronizes its clock with a default configuration.



    Resolution

    Workaround

    If you are using ESX/ESXi 4.1 Update 1 or later, you can use this workaround:

    When using Active Directory integration in ESX/ESXi 4.1 and newer, it is important to synchronize time between ESX/ESXi and the directory service to facilitate the Kerberos security protocol.

    ESX and ESXi support synchronization of time with an external NTPv3 or NTPv4 server compliant with RFC 5905 and RFC 1305. Microsoft Windows 2003 and newer use the W32Time service to synchronize time for windows clients and facilitate the Kerberos v5 protocol. For more information, see the Microsoft Knowledge Base article 939322 and How the Windows Time Service Works.

    By default, an unsynced Windows server chooses a 10-second dispersion and adds to the dispersion on each poll interval that it remains in sync. An ESX/ESXi host, by default, does not accept any NTP reply with a root dispersion greater than 1.5 seconds.

    The preceding links were correct as of March 14, 2010. If you find a link is broken, provide feedback and a VMware employee will update the link.

    Configure Windows NTP Client

    ESX/ESXi requires an accurate time source to synchronize with. To use a Windows 2003 or newer server, it should be configured to get its time from an accurate upstream NTP server. For more information, see the Microsoft Knowledge Base article 816042.

    The preceding link was correct as of March 14, 2010. If you find a link is broken, provide feedback and a VMware employee will update the link.

    Use the registry editor on the Windows server to make the configuration changes:

    1. Enable NTP mode:

      1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
      2. Set the Type value to "NTP"

    2. Enable the NTP Client:

      1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
      2. Set the AnnounceFlags value to 5

    3. Specify the upstream NTP servers to sync from:

      1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders
      2. Set the NtpServer value to a list of at least 3 NTP servers.

        Example: You might set the value to 1.pool.ntp.org,0x1 2.pool.ntp.org,0x1 3.pool.ntp.org,0x1

        Note: On a Windows 2008 Domain ControllerNtpServer is located inHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters 

    4. Specify a 15-minute update interval:

      1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
      2. Set the SpecialPollInterval value to 900

    5. Restart the W32time service for the changes to take effect.

    Configure ESX/ESXi NTP and Likewise Clients

    Configure ESX/ESXi to synchronize time with the Windows server Active Directory Domain Controller:

    1. Connect to the ESX/ESXi host or vCenter Server using the vSphere Client.
    2. Select the ESX/ESXi host in the inventory.
    3. Click the Configuration tab.
    4. Under the Software heading, click Time Configuration.
    5. Click Properties.
    6. Ensure that the NTP Client Enabled option is selected.
    7. Click Options.
    8. Click NTP Settings.
    9. Click Add and specify the fully qualified domain name or IP address of the Windows server Domain Controller(s).
    10. Click OK.
    11. Click OK to save the changes.

    Additional configuration must be done from the command line.

    1. Open a console to the ESX or ESXi host. For more information, see Connecting to an ESX host using a SSH client (1019852) orUsing Tech Support Mode in ESXi 4.1 and ESXi 5.0 (1017910).

    2. Open the file /etc/ntp.conf in a text editor. For more information, see Editing configuration files in VMware ESXi and ESX (1017022).

    3. Add the tos maxdist command on its own line:

      tos maxdist 30

    4. Save the configuration file.

    5. Make the file /etc/likewise/lsassd.conf writable using the command:

      chmod +w /etc/likewise/lsassd.conf

    6. Open the file /etc/likewise/lsassd.conf in a text editor. For more information, see Editing configuration files in VMware ESXi and ESX (1017022).

    7. Locate the sync-system-time option, uncomment it, and set the value to no:

      sync-system-time = no

    8. Save the configuration file.

    9. On ESXi, save the configuration changes to the boot bank so they persist across reboots using the command:

      /sbin/auto-backup.sh

    10. Restart the ntpd and lsassd service for the configuration change to take effect using the commands:

      service lsassd restart
      service ntpd restart

      Note: To restart the ntpd and lsassd services on an ESXi host use these commands: 

      ./etc/init.d/lsassd restart
      ./etc/init.d/ntpd restart

    If the ntpd and lsassd services are not restarting, consider restarting the management agents first. For more information about restarting the management agent, see Restarting the Management agents on an ESX or ESXi Server (1003490).

    Once the configuration changes are completed, ensure that the time is synchronized between the ESX/ESXi host and the Windows server. For more information, see Troubleshooting NTP on ESX and ESXi (1005092).

    Tags

    time-synchronization time-synchronization-fails time-synchronization-compatibility

    See Also

    Request a Product Feature

    To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.
  • 相关阅读:
    POJ2355 Railway tickets DP优化
    POJ3280 Cheapest Palindrome 区间DP
    POJ2352 Stars 线段树
    适牛的类岛娘头文件<转载>
    Ural 1519 Formula 1 插头DP(单回路)
    POJ3345 Bribing FIPA 树形DP+分组背包
    6个变态的C语言HelloWorld程序<转载>
    POJ2374 Fence Obstacle Course DP+线段树优化
    POJ3133 Manhattan Wiring 插头DP
    ACdream 完美数 数位DP
  • 原文地址:https://www.cnblogs.com/jackydalong/p/2985236.html
Copyright © 2020-2023  润新知