Compartilhar via


Virtualisation, Time Sync & Domain Controllers

Looks like there is an issue with VMware and their update 2 for ESX 3.5 where when the date gets to 12th August, ESX stops working:

https://communities.vmware.com/thread/162377?tstart=0 

 The workaround is to manually reset the time back a day or two. If you're doing this and you've got domain controllers running on the ESX environment (yeah, I know it's unsupported but I know there are plenty of you out there doing it) make sure you don't have time sync enabled between the host and the domain controller guest. The Kerberos protocol is very sensitive to time skew, anything more than 5 minutes means AD replication will stop, authentication will stop, a bunch of things will stop. Then when you fix the time, you can get weird issues with deleted objects reappearing and other strangeness.

In general, if you are running domain controllers on a virtual environment (be it Hyper-V, ESX or XenServer) always disable the time sync between the host and the domain controller.  Let AD take care of the time sync itself - by default all domain controllers will sync with the PDC emulator, which then should sync with an external NTP source.

(Edit: Corrected Hyperlink)

(2nd Edit: Read Nick's comment below, there is a lot of useful information in there)

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed
  • Anonymous
    January 01, 2003
    Virtualization offers huge benefits in flexibility, cost-effectiveness and eco-friendliness. However,