We were able to fix the problem (the NTP Client on the ESX Server wasn’t running and because of that the DC wasn’t getting the right timing from our NTP server) and everything is running fine now. So in the end: if you put the DC in “Server mode” in stead of “Client mode” (which is the same as flipped the registry key mentioned in the first forum thread) and make sure your NTP Client is running on the ESX server than there is nothing to prevent you from not virtualizing your DC’s.
We are taking it slowly though. Our dedicated Exchange Global Catalog will remain a physical box for the time being and we will probably let the Primary Domain Controller be a physical box. (edit 04/01/07 – 17:17 — in this case I don’t mean the PDC as in the NT4 terminology, just to keep one main DC in physical form)
In my search for additional information I found some links that might be interesting:
- Microsoft KB article on virtual DC: http://support.microsoft.com/kb/888794
- This article also refers to VMWare, not only MS Virtual Server
- The VMWare Whitepaper on timekeeping
- It’s something you will find pretty soon as it’s the first hit in Google if you search on “vmware virtual domain controller”
Nguồn: http://virtualize.wordpress.com/2007/01/04/virtualizing-a-domain-controller/-----------------------
TheoRunning Domain Controllers in Hyper-V (Microsoft)
Time service
For virtual machines that are configured as domain controllers, disable time synchronization with the host through Integration Services. Instead, accept the default Windows Time service (W32time) domain hierarchy time synchronization.Host time synchronization makes it possible for guest operating systems to synchronize their system clocks with the system clock of the host operating system. Because domain controllers have their own time synchronization mechanism, host time synchronization must be disabled on virtual machines that are configured as domain controllers. If domain controllers synchronize time from their own source and also synchronize time from the host, the domain controller time can change frequently. Because many domain controller tasks are tied to the system time, a jump in the system time could cause lingering objects to be left in the directory and replication to be stopped.You can disable host time synchronization in the virtual machine settings in the Integration Services section of the Hyper-V Manager by clearing the Time Synchronization check box.For information about installing and using Integration Services, see the Hyper-V Getting Started Guide (http://go.microsoft.com/fwlink/?LinkId=137146).-----------Tóm lại-------------------VM không thể duplicate chính xác hoạt động thời gian của PM (physical machine)PC Timer sử dụng kết hợp của vài thiết bị để theo dõi thời gian: PIT, CMOS RTC, Local ACPI Timer, ACPI Timer, TSC, HPET.Để đảm bảo chính xác dù cho Guest OS chạy trên VM hay PM -> cần phải sử dụng software để đồng bộ với một nguồn ngoài. Phần mềm có thể là native software hoặc VM Tools, mỗi cái có ưu và nhược điểm riêng.Best Practice là disable time synchronization với host và sync với external source
http://support.microsoft.com/kb/816042
-------------Hướng dẫn --------------Define an alternative external time source for “master”time server
1.Modify Registry settings on the PDC emulator for the forest rootdomain:
HKLM\System\CurrentControlSet\Services\W32Time\Parameters
• Change TypeRED_SZvalue from NT5DSto NTP
• Change NtpServervalue from time.windows.com,0x1to an external stratum 1 time source, i.e. tock.usno.navy.mil,0x1
HKLM\System\CurrentControlSet\Services\W32Time\Config
• Change AnnounceFlagsREG_DWORDfrom 10to 5
2.Stop and restart Time Service –net stop w32time -> net start w32time
3.Manually force update -> w32tm /resync/rediscover
Không có nhận xét nào:
Đăng nhận xét