I presume that you have at least 2 redondant, stable, time sources for your telecom eqpt and that you use them to redistribute time to your PDC and others non windows material. I also assume you have specific Stratum level define for your time sources and that you are not deasy chaining your router NTP too many level... One solution would be to install a real NTP client on all the windows stations and servers part of your insurance setup (no need for the non critical stuff). With this, you could make sure the sync is every 2 hours for example. As long as the DC don't drift too much, there would be no problem with auth. If they are drifting, well, here is your problem... PS: With your VM, where do you take the time? From ESX or from the PDC/DC servers? Here, we have 2 GPS base NTP source (Stratum 1) feeding the Cisco 6509 or Main router of each site (Stratum 2). In turn, they redistribute time in their site using the same anycast address. That way, an eqpt can allways reach one good time source. I also run the Meinberg NTP Time source Monitor to check my PC station agains all the NTP source (stratum 1 and 2) I have defined in those sites. If any timesource offset more then 100msec, It generate an e-mail alert.
________________________________ De : Steven Peck [mailto:sep...@gmail.com] Envoyé : 4 janvier 2013 16:25 À : NT System Admin Issues Objet : Re: Time sync Oh, I should mention the PBX gets time from the routers as well, etc. We do insurance and if the phones and customer call center apps and the time clock apps are off by more then a second or two we all have to go to irritating meetings On Fri, Jan 4, 2013 at 12:59 PM, Steven Peck <sep...@gmail.com> wrote: The drift is to far. We peer servers to DC's, DC's to vPDC The DC's all peer to our routers and the routers are chained to each other and the root outside source we use. Our servers are within seconds. We do not sync with the hosts. On Fri, Jan 4, 2013 at 12:48 PM, Steve Kradel <skra...@zetetic.net> wrote: Hmm, could be your VM host has the wrong time, and is jamming that bad time into its guests occasionally. Disable the host->guest time sync and, provided w32tm is set up properly, you may find everything is good. Also it wouldn't hurt to make sure the host has a solid time configuration, as *fully* disabling host->guest sync, at least under VMWare, takes a little more poking than one might think. Definitely would sort this out before considering 3rd party NTP solutions... anything more than a couple seconds of skew isn't w32tm's fault. --Steve On Fri, Jan 4, 2013 at 12:11 PM, Richard McClary <richard.mccl...@aspca.org> wrote: > Thanks to all so far! > > The drift goes off into minutes apart. > > I presume somewhere in those TechNet articles is something (registry hack to workstations via GPO) that can have servers and workstations sync with the DC every 1-2 hours? (At first skimming, it's not all that clear.) > > Thanks again.... > > -----Original Message----- > From: Steve Kradel [mailto:skra...@zetetic.net] > Sent: Friday, January 04, 2013 10:32 AM > To: NT System Admin Issues > Subject: Re: Time sync > > How much time skew are we talking about here? While MSFT will only support w32tm accuracy within 1-2 seconds, in practice I have found it to be stable within a tenth of a second or less, and would not feel compelled to look into very-high-accuracy NTP clients for regular non-scientific applications. Do you have separate systems recording the timestamps of an incoming call and the creation of a linked medical record, or are things unreliable even on a single host? > > --Steve > > On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary <richard.mccl...@aspca.org> wrote: >> Greetings! >> >> >> >> I'm sure I and many others have asked this (but are still stumped). >> Ken S's reply yesterday pointing to ultimately a chain of TechNet >> articles has shed some light and will start us digging. >> >> >> >> Microsoft admits W32Time is sloppy >> (http://support.microsoft.com/kb/939322) >> - mainly meant to make Kerberos v5 work. >> >> >> >> Our issue is, W32Time lets things drift enough for weird things to >> occur in our medical records. >> >> >> >> We have a veterinary toxicology consulting hotline. Because things >> get out of sync a bit, we frequently have medical records opening >> before a client's telephone call is received. >> >> >> >> The article referenced above essentially says to go find an >> alternative to W32Time. NIST has gathered a list of time sync >> software. QUESTION: has anyone on the list used (and would >> recommend) anything on that list to fix the "record created prior to the call" situation? >> (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) >> >> >> >> Thank you... >> >> -- >> >> richard >> >> >> >> >> >> The information contained in this e-mail, and any attachments hereto, >> is from The American Society for the Prevention of Cruelty to Animals(r) >> (ASPCA(r)) and is intended only for use by the addressee(s) named herein >> and may contain legally privileged and/or confidential information. If >> you are not the intended recipient of this e-mail, you are hereby >> notified that any dissemination, distribution, copying or use of the >> contents of this e-mail, and any attachments hereto, is strictly >> prohibited. If you have received this e-mail in error, please >> immediately notify me by reply email and permanently delete the >> original and any copy of this e-mail and any printout thereof. >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
