We ran into a problem last week that our phone system was out of sync with the time on our computers, and I was asked to fix it. Unfortunately I don't have access to the inner workings of our phone system, but here's how to do it on VMware ESX Server and a Windows 2003 domain (probably Windows 2000 too). Our clients are all Windows XP.
I chose to use the NTP pool from pool.ntp.org. It does a DNS round-robin to a list of donated servers. Most of them are web or DNS servers that also act as time servers. We use 3 different DNS servers in case we happen to be given a bad server (0, 1, and 2) and we append "us" to the FQDN so we only get US servers (visit pool.ntp.org to look up other countries):
0.us.pool.ntp.orgFor your Windows domain, you need to do the following...
1.us.pool.ntp.org
2.us.pool.ntp.org
On your Windows domain controllers:
net time /setsntp:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org"For your Windows clients, they will typically get their time info from the PDC. But just to be sure, create or edit an existing GPO that is applied to all of your workstations and servers. You can use the "Default Domain Policy" if you like:
Open "Computer Settings > Administrative Templates > System > Windows Time Service > Time Providers".
Set "Enable Windows NTP Client" to Enabled.
Open the properties for "Configure Windows NTP Client". I set the following:
NtpServer = (Set to your domain name, which will direct it one of your domain controllers)After making the GPO changes, you can apply it to a computer by issuing "gpupdate /force", or just give it a few hours or so.
Type = NT5DS
CrossSiteSyncFlags = 2
ResolvePeerBackoffMinutes = 15
ResolvePeerBackoffMaxTimes = 7
SpecialPollInterval = 900 (I set this to 15 minutes, but the default might be better for larger environments)
EventLogFlags = 0
On the ESX Server, in the service console, I used root privileges (su -). You can use this handy script by VMColonel, or do the following manually...
Open /etc/ntp.conf with your favorite text editor, and make it look like this:
restrict 127.0.0.1And then open /etc/ntp/step-tickers and do the same:
restrict default kod nomodify notrap
server 0.us.pool.ntp.org
server 1.us.pool.ntp.org
server 2.us.pool.ntp.org
driftfile /var/lib/ntp/drift
0.us.pool.ntp.orgThen run these commands:
1.us.pool.ntp.org
2.us.pool.ntp.org
esxcfg-firewall --enableService ntpClientAnd that's pretty much it. To see the offset between your computer and the timeservers, you can issue these commands...
service ntpd restart
chkconfig --level 345 ntpd on
hwclock --systohc
ESX Server (and most Linux distros):
watch "ntpq -p"On any Windows 2003/XP machine:
w32tm /stripchart /computer:pool.ntp.orgYou might need to set your Command Prompt window width to 100 for proper display.
All that's left is to get our phone system synced up to the same servers...
1 comment:
The dnsclient caches us.pool.ntp.org. You have to either use IP's or disable the "DNC Client" (which is a no-no on domain controllers)
Post a Comment