To get an understanding about the Windows Time services please do read http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
The key to understanding time services in an Active Directory is: there is only ONE reliable time authority in the directory, this is the Domain Controller which holds the PDC FSMO role (the domain controller that emulates a Windows NT PDC). all other machines do synchronize their time to this PDC emulator. generally as a client you do not have to worry about your local windows time and possible skew to the PDC emulator.
So what's the purpose of this post then?
Look at this picture:
A computer keeps track of time in the following way: System time is measured by a system clock, which is typically implemented as a simple count of the number of ticks that have transpired since some arbitrary starting date, called the epoch :source: http://en.wikipedia.org/wiki/System_time
Now look at this:
The Host (physical machine) must divide all its processor slices between all VM's (and also reserve some slices for itself). so when your PDC emulator is a virtual machine it cannot rely on its own 'hardware' clock because it is inaccurate.
Windows will indicate problems like these with event error: ID 50, Source W32Time.
the way to tackle this problem is: use the virtualization software integration services. Hyper-V, for instance, installs Hyper-V Time Synchronization Service which will use the Host hardware clock to keep time.
So the bottom line in virtualized environments is:
- Keep the Virtualization hosts time in sync with a reliable clock.
- Use the integration services of the virtualization software to couple the Windows time to the hardware clock of the underlying host
- Keep windows time services running (they are enabled by default), configure the PDC emulator to sync with the same time source the virtualization hosts use
Till next time
No comments:
Post a Comment