Re: Time sync issues
On Mon, Jan 14, 2013 at 12:49 PM, kz2...@googlemail.com wrote: Quick brainstorm requiredwhat's the most common issues you'd expect in a Windows/AD environment if some servers have incorrect time settings? Obviously AD replication and logging inconsistencies spring to mind...just looking for a few to flesh out a blog post that deals with preventing admins from changing the system time. TIA, JRR Anything that demands tight control on time - what springs to mind immediately is higher volume database updates, where tampering with the time on the machine, especially moving the clock backward, can really fubar things. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync issues
Kerberos authentication fails if time drifts too far off and you lose access to network resources, such as shares. The tolerance for time drift varies with server editions. I think Server 2003 had a 5 minute drift tolerance and I think Server 2008 has a 10-minute tolerance. Best regards, Michael Merker Director of Technology Infrastructure Voice (561) 868-3252 Fax (561) 868-3259 merk...@palmbeachstate.edu Palm Beach State College 4200 Congress Avenue Lake Worth, FL 33461 Please note: Palm Beach State College e-mail addresses have changed. Please update your address book to reflect the new domain name for all College faculty and staff e-mail addresses: palmbeachstate.edu. Example: OLD: smi...@pbcc.edumailto:smi...@pbcc.edu NEW: smi...@palmbeachstate.edumailto:smi...@palmbeachstate.edu. My new address is merk...@palmbeachstate.edumailto:mmerk...@palmbeachstate.edu. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, January 14, 2013 4:13 PM To: NT System Admin Issues Subject: Re: Time sync issues On Mon, Jan 14, 2013 at 12:49 PM, kz2...@googlemail.com wrote: Quick brainstorm requiredwhat's the most common issues you'd expect in a Windows/AD environment if some servers have incorrect time settings? Obviously AD replication and logging inconsistencies spring to mind...just looking for a few to flesh out a blog post that deals with preventing admins from changing the system time. TIA, JRR Anything that demands tight control on time - what springs to mind immediately is higher volume database updates, where tampering with the time on the machine, especially moving the clock backward, can really fubar things. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Please note: Due to Florida’s broad open records law, most written communication to or from College employees is public record, available to the public and the media upon request. Therefore, this e-mail communication may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync issues
That is not a 100% accurate statement. http://blogs.technet.com/b/askds/archive/2012/08/24/friday-i-mean-saturday-mail-sack-very-wordy-edition.aspx •The semi-myth of Kerberos time skew Thanks Webster -Original Message- From: Merker, Michael R [mailto:merk...@palmbeachstate.edu] Subject: RE: Time sync issues Kerberos authentication fails if time drifts too far off and you lose access to network resources, such as shares. The tolerance for time drift varies with server editions. I think Server 2003 had a 5 minute drift tolerance and I think Server 2008 has a 10-minute tolerance. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync issues
I stand semi-corrected!! ;-} Michael Merker Director of Technology Infrastructure Voice (561) 868-3252 Fax (561) 868-3259 merk...@palmbeachstate.edu Palm Beach State College 4200 Congress Ave Lake Worth, FL 33461 From: Webster [webs...@carlwebster.com] Sent: Monday, January 14, 2013 6:46 PM To: NT System Admin Issues Subject: RE: Time sync issues That is not a 100% accurate statement. http://blogs.technet.com/b/askds/archive/2012/08/24/friday-i-mean-saturday-mail-sack-very-wordy-edition.aspx •The semi-myth of Kerberos time skew Thanks Webster -Original Message- From: Merker, Michael R [mailto:merk...@palmbeachstate.edu] Subject: RE: Time sync issues Kerberos authentication fails if time drifts too far off and you lose access to network resources, such as shares. The tolerance for time drift varies with server editions. I think Server 2003 had a 5 minute drift tolerance and I think Server 2008 has a 10-minute tolerance. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Please note: Due to Florida’s broad open records law, most written communication to or from College employees is public record, available to the public and the media upon request. Therefore, this e-mail communication may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Hmm - the more I think about this, the more I think this is not really an issue. You have three options: a) Fully provision your VMWare disks (with some spare raw capacity for expansion) - what you do today b) You thin provision your Hyper-V disks, but leave oodles of spare capacity to let them grow to full size (what you don't want to do) However both (a) and (b) require roughly the same amount of raw disk space, but (b) gives you more flexibility IMHO, since across hundreds of servers, not all are going to go cuckoo at the same time. Or you go for option (c): Implement thin provisioned disks, but don't provision oodles of spare disk space - provision enough based on what you expect capacity growth for 6-12 months will be (whatever your project lifecycle is), plus has a reserve capacity domain that you can migrate VMs to in the event that something unexpected occurs. That will involve a bit more up-front architecture to give you that flexibility, but save you money in buying spare disk capacity. The flexibility would be useful for all sorts of resource constraints (disk, RAM, CPU), and also to give you automated ways of dealing with hardware failures as well, without having to over provision to start with. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Wednesday, 9 January 2013 1:29 AM To: NT System Admin Issues Subject: RE: Time sync We use SCOM to monitor everything, and we have some homegrown stuff on top of that. So, we do monitor. However, what we saw in the early days of virtualization was that dynamic disks could cause things to go south *very* quickly. I personally would not be comfortable in a situation where we've over-allocated disk without having a fairly large free host disk space buffer. I know at least one of the other admins here feels the same way. As far as I'm concerned, I will not implement thin disks UNLESS I can add up all of the file system sizes and verify the host store has enough capacity to handle them fully grown. To do otherwise just seems like an invitation for problems. If I can't add up all the filesystem sizes, we'll either use thick disks and overestimate the sizes, or we'll use thin disks and just insure that we keep 100's of gigs of free space on each host store. Management can worry about the explosion of disk costs. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, January 07, 2013 11:21 PM To: NT System Admin Issues Subject: RE: Time sync Seriously? Are you an ITIL shop? Do you not have capacity management plans and systems/tools in place? Or do you just fly by the seat of your pants? Everything should be monitored, and you're getting nice trending graphs. Sure, sometimes things go unexpectedly wrong - but that can happen for all sorts of reasons and is a fact of IT - you need a proper incident system and recovery to handle it. This whole cloud thing you hear about is making sure you have resilient services Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, 8 January 2013 7:33 AM To: NT System Admin Issues Subject: RE: Time sync How do you manage your capacity properly? I'm not being facetious - I really want to know since it looks like we are switching to HyperV. Microsoft's recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. Then, if a virtual's file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. For example: Let's say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual's drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. From: Andrew S. Baker
RE: Time sync
We use SCOM to monitor everything, and we have some homegrown stuff on top of that. So, we do monitor. However, what we saw in the early days of virtualization was that dynamic disks could cause things to go south *very* quickly. I personally would not be comfortable in a situation where we've over-allocated disk without having a fairly large free host disk space buffer. I know at least one of the other admins here feels the same way. As far as I'm concerned, I will not implement thin disks UNLESS I can add up all of the file system sizes and verify the host store has enough capacity to handle them fully grown. To do otherwise just seems like an invitation for problems. If I can't add up all the filesystem sizes, we'll either use thick disks and overestimate the sizes, or we'll use thin disks and just insure that we keep 100's of gigs of free space on each host store. Management can worry about the explosion of disk costs. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, January 07, 2013 11:21 PM To: NT System Admin Issues Subject: RE: Time sync Seriously? Are you an ITIL shop? Do you not have capacity management plans and systems/tools in place? Or do you just fly by the seat of your pants? Everything should be monitored, and you're getting nice trending graphs. Sure, sometimes things go unexpectedly wrong - but that can happen for all sorts of reasons and is a fact of IT - you need a proper incident system and recovery to handle it. This whole cloud thing you hear about is making sure you have resilient services Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, 8 January 2013 7:33 AM To: NT System Admin Issues Subject: RE: Time sync How do you manage your capacity properly? I'm not being facetious - I really want to know since it looks like we are switching to HyperV. Microsoft's recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. Then, if a virtual's file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. For example: Let's say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual's drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 07, 2013 12:08 PM To: NT System Admin Issues Subject: Re: Time sync Yes, over subscribing can be an issue if you don't manage your capacity properly. It hasn't proved to be an issue in any of the environments where I have been. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.commailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.commailto:ken.corne
RE: Time sync
SCOM is just the lowest level of tool you need for something to monitor and manage an environment - what are you doing for your non-Wintel devices (network, *nix, security appliances etc?) You feed all of that into an event management tool - it can auto ticket into your ITSM system and resolve for you e.g. if disk space is growing by x% an hour, then migrate the machine into a temporary location that has spare disk space, and alert the relevant business unit to look into their app. A problem ticket is raised for the business unit, and they can migrate the machine back to the normal production host once they've identified the root cause of the issue. There's no need to keep vast amounts of spare storage just sitting around just in case, provided you architect the solution correctly. That could handle unexpected incidents. Capacity management is handled via a proper reporting tool that'll summarise the data coming out of SCOM (or Tivoli or whatever you are using) and provide proper reporting on the issues that are expected to arise in the next 3-6 months, so you can initiate the necessary capacity improvement project and/or BAU work. Cheers ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Wednesday, 9 January 2013 1:29 AM To: NT System Admin Issues Subject: RE: Time sync We use SCOM to monitor everything, and we have some homegrown stuff on top of that. So, we do monitor. However, what we saw in the early days of virtualization was that dynamic disks could cause things to go south *very* quickly. I personally would not be comfortable in a situation where we've over-allocated disk without having a fairly large free host disk space buffer. I know at least one of the other admins here feels the same way. As far as I'm concerned, I will not implement thin disks UNLESS I can add up all of the file system sizes and verify the host store has enough capacity to handle them fully grown. To do otherwise just seems like an invitation for problems. If I can't add up all the filesystem sizes, we'll either use thick disks and overestimate the sizes, or we'll use thin disks and just insure that we keep 100's of gigs of free space on each host store. Management can worry about the explosion of disk costs. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, January 07, 2013 11:21 PM To: NT System Admin Issues Subject: RE: Time sync Seriously? Are you an ITIL shop? Do you not have capacity management plans and systems/tools in place? Or do you just fly by the seat of your pants? Everything should be monitored, and you're getting nice trending graphs. Sure, sometimes things go unexpectedly wrong - but that can happen for all sorts of reasons and is a fact of IT - you need a proper incident system and recovery to handle it. This whole cloud thing you hear about is making sure you have resilient services Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, 8 January 2013 7:33 AM To: NT System Admin Issues Subject: RE: Time sync How do you manage your capacity properly? I'm not being facetious - I really want to know since it looks like we are switching to HyperV. Microsoft's recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. Then, if a virtual's file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. For example: Let's say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual's drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 07, 2013 12:08 PM To: NT System Admin
RE: Time sync
Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Friday, January 04, 2013 8:50 PM To: NT System Admin Issues Subject: RE: Time sync Can ESX support 64 vCPUs or 4TB RAM per guest yet? Or 64 hosts per cluster? Seems like there are all sorts of corner cases where one product has functionality the other doesn't yet. For 99% of things they are feature compatible. It's all about the management and operations tools now. Hypervisors are almost commoditised, and will be within the next version or two. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Saturday, 5 January 2013 6:26 AM To: NT System Admin Issues Subject: RE: Time sync Cost. HyperV give something that VMWare doesn't? I laughed so hard I think I peed myself a little... Sheesh, you can't even extend disks on a running virtual under HyperV. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, January 04, 2013 11:43 AM To: NT System Admin Issues Subject: RE: Time sync I was thinking the same thing. Actually IMHO VM still does more than Hyper-V does... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
You do know you can thin provision in both VMWare and HyperV, right? Thus, you can stipulate that a disk have a max size of 200GB, but if you're only using 50GB, it will only be 50GB in size. Thus, no reason for Windows users to howl. Plus, Windows doesn't mind extending non-boot disks, but it's not all that happy about having its boot disk extended, no matter what the underlying hypervisor. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Mon, Jan 7, 2013 at 10:05 AM, Ken Cornetet ken.corne...@kimball.comwrote: We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin *ASB* *http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker** *Providing Expert Technology Consulting Services for the SMB market…* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
On Mon, Jan 7, 2013 at 10:33 AM, Andrew S. Baker asbz...@gmail.com wrote: You do know you can thin provision in both VMWare and HyperV, right? Thus, you can stipulate that a disk have a max size of 200GB, but if you're only using 50GB, it will only be 50GB in size. I never use think disks, personally. Not for production use - possibly for a test VM. I'd be afraid of what would happen if the disk needed to expand, and there wasn't enough available disk space. With (hopefully) sensibly sized thick disks, you know the running machines will continue to run, up to the assigned disk maximum. And with an alerting system that notifies you of free disk left, you can deal with the situation ahead of time (usually). If a production server needs space in the middle of the night, and there's not enough room on that datastore, that can be bad altho I guess storage profiles (for VMware) might be able to help with that. I guess Hyper-V has a similar feature, to move VMs between datastores based on pre-defined profiles. Thus, no reason for Windows users to howl. Plus, Windows doesn't mind extending non-boot disks, but it's not all that happy about having its boot disk extended, no matter what the underlying hypervisor. True. But it's a lot better and easier with Win2008, and I imagine at least as easy with 2012. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
Yes, over subscribing can be an issue if you don't manage your capacity properly. It hasn't proved to be an issue in any of the environments where I have been. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet ken.corne...@kimball.comwrote: Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... *ASB* *http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker** *Providing Expert Technology Consulting Services for the SMB market…* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
How do you manage your capacity properly? I'm not being facetious - I really want to know since it looks like we are switching to HyperV. Microsoft's recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. Then, if a virtual's file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. For example: Let's say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual's drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 07, 2013 12:08 PM To: NT System Admin Issues Subject: Re: Time sync Yes, over subscribing can be an issue if you don't manage your capacity properly. It hasn't proved to be an issue in any of the environments where I have been. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.commailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.commailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.commailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Expert Technology Consulting Services for the SMB market... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com
Re: Time sync
http://technet.microsoft.com/en-us/systemcenter/hh278293Well, I wouldn't use a 1TB as the range, but let's use your example and say we doubled all of our expected minimums. Then you have all the flexibility that you pointed out before. *Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual’s drive letter for that VHD (is that even possible?), then add up all the file system sizes. * Why do you have to do that? I'd expect that you'd be using something like System Center VM Managerhttp://technet.microsoft.com/en-us/systemcenter/hh278293to manage your virtual hosts and give you a comprehensive view of storage consumption, utilization, etc. Right? *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Mon, Jan 7, 2013 at 3:33 PM, Ken Cornetet ken.corne...@kimball.comwrote: How do you “manage your capacity properly”? I’m not being facetious – I really want to know since it looks like we are switching to HyperV. ** ** Microsoft’s recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. ** ** Then, if a virtual’s file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. ** ** For example: Let’s say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) ** ** Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. ** ** This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual’s drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. ** ** *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Monday, January 07, 2013 12:08 PM *To:* NT System Admin Issues *Subject:* Re: Time sync ** ** Yes, over subscribing can be an issue if you don't manage your capacity properly. ** ** It hasn't proved to be an issue in any of the environments where I have been. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…* ** ** On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet ken.corne...@kimball.com wrote: Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I
RE: Time sync
You might not want them - but other people might. Personally I've never had to extend a VM disk outside a maintenance window, so it's never really been an issue for me. Hyper-V supports shared-nothing migration as well - does VMWare do that? Actually, the statement was that Hyper-V has nothing that VMWare doesn't have. That statement is patently untrue. That was the point I was trying to make. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, 8 January 2013 12:31 AM To: NT System Admin Issues Subject: RE: Time sync Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Friday, January 04, 2013 8:50 PM To: NT System Admin Issues Subject: RE: Time sync Can ESX support 64 vCPUs or 4TB RAM per guest yet? Or 64 hosts per cluster? Seems like there are all sorts of corner cases where one product has functionality the other doesn't yet. For 99% of things they are feature compatible. It's all about the management and operations tools now. Hypervisors are almost commoditised, and will be within the next version or two. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Saturday, 5 January 2013 6:26 AM To: NT System Admin Issues Subject: RE: Time sync Cost. HyperV give something that VMWare doesn't? I laughed so hard I think I peed myself a little... Sheesh, you can't even extend disks on a running virtual under HyperV. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, January 04, 2013 11:43 AM To: NT System Admin Issues Subject: RE: Time sync I was thinking the same thing. Actually IMHO VM still does more than Hyper-V does... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Seriously? Are you an ITIL shop? Do you not have capacity management plans and systems/tools in place? Or do you just fly by the seat of your pants? Everything should be monitored, and you're getting nice trending graphs. Sure, sometimes things go unexpectedly wrong - but that can happen for all sorts of reasons and is a fact of IT - you need a proper incident system and recovery to handle it. This whole cloud thing you hear about is making sure you have resilient services Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, 8 January 2013 7:33 AM To: NT System Admin Issues Subject: RE: Time sync How do you manage your capacity properly? I'm not being facetious - I really want to know since it looks like we are switching to HyperV. Microsoft's recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. Then, if a virtual's file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. For example: Let's say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual's drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 07, 2013 12:08 PM To: NT System Admin Issues Subject: Re: Time sync Yes, over subscribing can be an issue if you don't manage your capacity properly. It hasn't proved to be an issue in any of the environments where I have been. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.commailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.commailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.commailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB
Re: Time sync
We run the product from Meinberg. It works very well except on HV guests. On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary richard.mccl...@aspca.orgwrote: Greetings! ** ** I’m sure I and many others have asked this (but are still stumped). Ken S’s reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. ** ** Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) – mainly meant to make Kerberos v5 work. ** ** Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. ** ** We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client’s telephone call is received. ** ** The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the “record created prior to the call” situation? ( http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) ** ** Thank you… -- richard ** ** The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
We run the Meinberg NTP port as well. We will soon start migrating from VMWare (where the Meinberg NTP port works great) to HyperV. Care to elaborate on what you mean by except on HV guests? From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] Sent: Friday, January 04, 2013 9:24 AM To: NT System Admin Issues Subject: Re: Time sync We run the product from Meinberg. It works very well except on HV guests. On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary richard.mccl...@aspca.orgmailto:richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Here is how I do it. I use the standard domain structure and have the PDC emulator sync to a good outside source. But the one thing I added was a scheduled task on every server that runs twice a day to stop and start the time service. That has helped dramatically, I can't remember the last time (pun intended) we had a time sync issue. From: Richard McClary [mailto:richard.mccl...@aspca.org] Sent: Friday, January 04, 2013 9:11 AM To: NT System Admin Issues Subject: Time sync Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
How far is your drift? What it the tolerance for drift in the application? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com From: Richard McClary richard.mccl...@aspca.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 01/04/2013 09:11 AM Subject:Time sync Greetings! I’m sure I and many others have asked this (but are still stumped). Ken S’s reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322 ) – mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client’s telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the “record created prior to the call” situation? ( http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you… -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin image/jpeg
RE: Time sync
Slightly OT, Ken, but why are you moving away from VM? Cost or something else that HyperV gives you that VM doesn't? Paul Chinnery Network Admin Memorial Medical Center 231.845.2319 From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Friday, January 04, 2013 10:30 AM To: NT System Admin Issues Subject: RE: Time sync We run the Meinberg NTP port as well. We will soon start migrating from VMWare (where the Meinberg NTP port works great) to HyperV. Care to elaborate on what you mean by except on HV guests? From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] Sent: Friday, January 04, 2013 9:24 AM To: NT System Admin Issues Subject: Re: Time sync We run the product from Meinberg. It works very well except on HV guests. On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary richard.mccl...@aspca.orgmailto:richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
How much time skew are we talking about here? While MSFT will only support w32tm accuracy within 1-2 seconds, in practice I have found it to be stable within a tenth of a second or less, and would not feel compelled to look into very-high-accuracy NTP clients for regular non-scientific applications. Do you have separate systems recording the timestamps of an incoming call and the creation of a linked medical record, or are things unreliable even on a single host? --Steve On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary richard.mccl...@aspca.org wrote: Greetings! I’m sure I and many others have asked this (but are still stumped). Ken S’s reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) – mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client’s telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the “record created prior to the call” situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you… -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
I was thinking the same thing. Actually IMHO VM still does more than Hyper-V does... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, January 04, 2013 11:23 AM To: NT System Admin Issues Subject: RE: Time sync Slightly OT, Ken, but why are you moving away from VM? Cost or something else that HyperV gives you that VM doesn't? Paul Chinnery Network Admin Memorial Medical Center 231.845.2319 From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Friday, January 04, 2013 10:30 AM To: NT System Admin Issues Subject: RE: Time sync We run the Meinberg NTP port as well. We will soon start migrating from VMWare (where the Meinberg NTP port works great) to HyperV. Care to elaborate on what you mean by except on HV guests? From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] Sent: Friday, January 04, 2013 9:24 AM To: NT System Admin Issues Subject: Re: Time sync We run the product from Meinberg. It works very well except on HV guests. On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Thanks to all so far! The drift goes off into minutes apart. I presume somewhere in those TechNet articles is something (registry hack to workstations via GPO) that can have servers and workstations sync with the DC every 1-2 hours? (At first skimming, it's not all that clear.) Thanks again -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, January 04, 2013 10:32 AM To: NT System Admin Issues Subject: Re: Time sync How much time skew are we talking about here? While MSFT will only support w32tm accuracy within 1-2 seconds, in practice I have found it to be stable within a tenth of a second or less, and would not feel compelled to look into very-high-accuracy NTP clients for regular non-scientific applications. Do you have separate systems recording the timestamps of an incoming call and the creation of a linked medical record, or are things unreliable even on a single host? --Steve On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
If it's minutes, something's wrong. My experience is much the same as Steve's. Other than some very specialized applications, w32time is sufficient. We do have a very intricate Time Synchronization Network with multiple atomic clocks and other sources but it's not needed on the majority of windows clients. We used to run the ntp.org software on the NT DCs in lieu of timeserv but w32time has been sufficient since we moved to AD. My DCs in the domain I just checked are all within 15 ms of Stratum 1, actually only one is over 10ms. My laptop is on VPN over LTE and hasn't been in the office in months and it is only +70ms from Stratum 2. Biggest problem I've had over the years is with meddlers who *think* they know better and fool around with it. Usually setting things back to default and w32tm /resync fixes it. -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, January 04, 2013 8:32 AM To: NT System Admin Issues Subject: Re: Time sync How much time skew are we talking about here? While MSFT will only support w32tm accuracy within 1-2 seconds, in practice I have found it to be stable within a tenth of a second or less, and would not feel compelled to look into very-high-accuracy NTP clients for regular non-scientific applications. Do you have separate systems recording the timestamps of an incoming call and the creation of a linked medical record, or are things unreliable even on a single host? --Steve On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Cost. HyperV give something that VMWare doesn't? I laughed so hard I think I peed myself a little... Sheesh, you can't even extend disks on a running virtual under HyperV. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, January 04, 2013 11:43 AM To: NT System Admin Issues Subject: RE: Time sync I was thinking the same thing. Actually IMHO VM still does more than Hyper-V does... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, January 04, 2013 11:23 AM To: NT System Admin Issues Subject: RE: Time sync Slightly OT, Ken, but why are you moving away from VM? Cost or something else that HyperV gives you that VM doesn't? Paul Chinnery Network Admin Memorial Medical Center 231.845.2319 From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Friday, January 04, 2013 10:30 AM To: NT System Admin Issues Subject: RE: Time sync We run the Meinberg NTP port as well. We will soon start migrating from VMWare (where the Meinberg NTP port works great) to HyperV. Care to elaborate on what you mean by except on HV guests? From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] Sent: Friday, January 04, 2013 9:24 AM To: NT System Admin Issues Subject: Re: Time sync We run the product from Meinberg. It works very well except on HV guests. On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary richard.mccl...@aspca.orgmailto:richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body
Re: Time sync
Ken, On HV guests the time snch feature really doesn't work. I contacted Meinberg and they told me that their product is not made to run on a Guest OS. VMware or HV. Our experience with NTP on HV guests is that there is way too much fluctuation and the time never stays within the limits. When you look at the server's clock the time is always what it should be. So it is getting off by 500ms or whatever the limit is. On Fri, Jan 4, 2013 at 9:29 AM, Ken Cornetet ken.corne...@kimball.comwrote: We run the Meinberg NTP port as well. We will soon start migrating from VMWare (where the Meinberg NTP port works great) to HyperV. Care to elaborate on what you mean by “except on HV guests”? ** ** *From:* Eric Wittersheim [mailto:eric.wittersh...@gmail.com] *Sent:* Friday, January 04, 2013 9:24 AM *To:* NT System Admin Issues *Subject:* Re: Time sync ** ** We run the product from Meinberg. It works very well except on HV guests. On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary richard.mccl...@aspca.org wrote: Greetings! I’m sure I and many others have asked this (but are still stumped). Ken S’s reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) – mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client’s telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the “record created prior to the call” situation? ( http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you… -- richard ** ** The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
Hmm, could be your VM host has the wrong time, and is jamming that bad time into its guests occasionally. Disable the host-guest time sync and, provided w32tm is set up properly, you may find everything is good. Also it wouldn't hurt to make sure the host has a solid time configuration, as *fully* disabling host-guest sync, at least under VMWare, takes a little more poking than one might think. Definitely would sort this out before considering 3rd party NTP solutions... anything more than a couple seconds of skew isn't w32tm's fault. --Steve On Fri, Jan 4, 2013 at 12:11 PM, Richard McClary richard.mccl...@aspca.org wrote: Thanks to all so far! The drift goes off into minutes apart. I presume somewhere in those TechNet articles is something (registry hack to workstations via GPO) that can have servers and workstations sync with the DC every 1-2 hours? (At first skimming, it's not all that clear.) Thanks again -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, January 04, 2013 10:32 AM To: NT System Admin Issues Subject: Re: Time sync How much time skew are we talking about here? While MSFT will only support w32tm accuracy within 1-2 seconds, in practice I have found it to be stable within a tenth of a second or less, and would not feel compelled to look into very-high-accuracy NTP clients for regular non-scientific applications. Do you have separate systems recording the timestamps of an incoming call and the creation of a linked medical record, or are things unreliable even on a single host? --Steve On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
Re: Time sync
The drift is to far. We peer servers to DC's, DC's to vPDC The DC's all peer to our routers and the routers are chained to each other and the root outside source we use. Our servers are within seconds. We do not sync with the hosts. On Fri, Jan 4, 2013 at 12:48 PM, Steve Kradel skra...@zetetic.net wrote: Hmm, could be your VM host has the wrong time, and is jamming that bad time into its guests occasionally. Disable the host-guest time sync and, provided w32tm is set up properly, you may find everything is good. Also it wouldn't hurt to make sure the host has a solid time configuration, as *fully* disabling host-guest sync, at least under VMWare, takes a little more poking than one might think. Definitely would sort this out before considering 3rd party NTP solutions... anything more than a couple seconds of skew isn't w32tm's fault. --Steve On Fri, Jan 4, 2013 at 12:11 PM, Richard McClary richard.mccl...@aspca.org wrote: Thanks to all so far! The drift goes off into minutes apart. I presume somewhere in those TechNet articles is something (registry hack to workstations via GPO) that can have servers and workstations sync with the DC every 1-2 hours? (At first skimming, it's not all that clear.) Thanks again -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, January 04, 2013 10:32 AM To: NT System Admin Issues Subject: Re: Time sync How much time skew are we talking about here? While MSFT will only support w32tm accuracy within 1-2 seconds, in practice I have found it to be stable within a tenth of a second or less, and would not feel compelled to look into very-high-accuracy NTP clients for regular non-scientific applications. Do you have separate systems recording the timestamps of an incoming call and the creation of a linked medical record, or are things unreliable even on a single host? --Steve On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please
Re: Time sync
Oh, I should mention the PBX gets time from the routers as well, etc. We do insurance and if the phones and customer call center apps and the time clock apps are off by more then a second or two we all have to go to irritating meetings On Fri, Jan 4, 2013 at 12:59 PM, Steven Peck sep...@gmail.com wrote: The drift is to far. We peer servers to DC's, DC's to vPDC The DC's all peer to our routers and the routers are chained to each other and the root outside source we use. Our servers are within seconds. We do not sync with the hosts. On Fri, Jan 4, 2013 at 12:48 PM, Steve Kradel skra...@zetetic.net wrote: Hmm, could be your VM host has the wrong time, and is jamming that bad time into its guests occasionally. Disable the host-guest time sync and, provided w32tm is set up properly, you may find everything is good. Also it wouldn't hurt to make sure the host has a solid time configuration, as *fully* disabling host-guest sync, at least under VMWare, takes a little more poking than one might think. Definitely would sort this out before considering 3rd party NTP solutions... anything more than a couple seconds of skew isn't w32tm's fault. --Steve On Fri, Jan 4, 2013 at 12:11 PM, Richard McClary richard.mccl...@aspca.org wrote: Thanks to all so far! The drift goes off into minutes apart. I presume somewhere in those TechNet articles is something (registry hack to workstations via GPO) that can have servers and workstations sync with the DC every 1-2 hours? (At first skimming, it's not all that clear.) Thanks again -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, January 04, 2013 10:32 AM To: NT System Admin Issues Subject: Re: Time sync How much time skew are we talking about here? While MSFT will only support w32tm accuracy within 1-2 seconds, in practice I have found it to be stable within a tenth of a second or less, and would not feel compelled to look into very-high-accuracy NTP clients for regular non-scientific applications. Do you have separate systems recording the timestamps of an incoming call and the creation of a linked medical record, or are things unreliable even on a single host? --Steve On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally
RE: Time sync
I presume that you have at least 2 redondant, stable, time sources for your telecom eqpt and that you use them to redistribute time to your PDC and others non windows material. I also assume you have specific Stratum level define for your time sources and that you are not deasy chaining your router NTP too many level... One solution would be to install a real NTP client on all the windows stations and servers part of your insurance setup (no need for the non critical stuff). With this, you could make sure the sync is every 2 hours for example. As long as the DC don't drift too much, there would be no problem with auth. If they are drifting, well, here is your problem... PS: With your VM, where do you take the time? From ESX or from the PDC/DC servers? Here, we have 2 GPS base NTP source (Stratum 1) feeding the Cisco 6509 or Main router of each site (Stratum 2). In turn, they redistribute time in their site using the same anycast address. That way, an eqpt can allways reach one good time source. I also run the Meinberg NTP Time source Monitor to check my PC station agains all the NTP source (stratum 1 and 2) I have defined in those sites. If any timesource offset more then 100msec, It generate an e-mail alert. De : Steven Peck [mailto:sep...@gmail.com] Envoyé : 4 janvier 2013 16:25 À : NT System Admin Issues Objet : Re: Time sync Oh, I should mention the PBX gets time from the routers as well, etc. We do insurance and if the phones and customer call center apps and the time clock apps are off by more then a second or two we all have to go to irritating meetings On Fri, Jan 4, 2013 at 12:59 PM, Steven Peck sep...@gmail.com wrote: The drift is to far. We peer servers to DC's, DC's to vPDC The DC's all peer to our routers and the routers are chained to each other and the root outside source we use. Our servers are within seconds. We do not sync with the hosts. On Fri, Jan 4, 2013 at 12:48 PM, Steve Kradel skra...@zetetic.net wrote: Hmm, could be your VM host has the wrong time, and is jamming that bad time into its guests occasionally. Disable the host-guest time sync and, provided w32tm is set up properly, you may find everything is good. Also it wouldn't hurt to make sure the host has a solid time configuration, as *fully* disabling host-guest sync, at least under VMWare, takes a little more poking than one might think. Definitely would sort this out before considering 3rd party NTP solutions... anything more than a couple seconds of skew isn't w32tm's fault. --Steve On Fri, Jan 4, 2013 at 12:11 PM, Richard McClary richard.mccl...@aspca.org wrote: Thanks to all so far! The drift goes off into minutes apart. I presume somewhere in those TechNet articles is something (registry hack to workstations via GPO) that can have servers and workstations sync with the DC every 1-2 hours? (At first skimming, it's not all that clear.) Thanks again -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, January 04, 2013 10:32 AM To: NT System Admin Issues Subject: Re: Time sync How much time skew are we talking about here? While MSFT will only support w32tm accuracy within 1-2 seconds, in practice I have found it to be stable within a tenth of a second or less, and would not feel compelled to look into very-high-accuracy NTP clients for regular non-scientific applications. Do you have separate systems recording the timestamps of an incoming call and the creation of a linked medical record, or are things unreliable even on a single host? --Steve On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5
RE: Time sync
Can ESX support 64 vCPUs or 4TB RAM per guest yet? Or 64 hosts per cluster? Seems like there are all sorts of corner cases where one product has functionality the other doesn't yet. For 99% of things they are feature compatible. It's all about the management and operations tools now. Hypervisors are almost commoditised, and will be within the next version or two. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Saturday, 5 January 2013 6:26 AM To: NT System Admin Issues Subject: RE: Time sync Cost. HyperV give something that VMWare doesn't? I laughed so hard I think I peed myself a little... Sheesh, you can't even extend disks on a running virtual under HyperV. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, January 04, 2013 11:43 AM To: NT System Admin Issues Subject: RE: Time sync I was thinking the same thing. Actually IMHO VM still does more than Hyper-V does... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time Sync to outside NTP server in NT4
w32time.exe is also available free from microsoft and handles NTP sources ... Joe -Original Message- From: Luberti, Carl [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 11:08 AM To: NT System Admin Issues Subject: RE: Time Sync to outside NTP server in NT4 You'll need a third party app to sync. I like Dimension4Time (d4time.exe). Carlo Luberti EDS Northeast Region Infrastructure Engineering Services 25 Northpointe Pkwy. Suite A Amherst, NY 14228 * phone: +01-716-564-6678 * pager: +01-716-623-9062 * mailto:[EMAIL PROTECTED] http://www.eds.com -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 12:27 PM To: NT System Admin Issues Subject: Time Sync to outside NTP server in NT4 I know I can get my NT workstation to sync time with my PDC or other server when specified through a logon script... How do I get my PDC to sync with a NTP server outside my network? Using NET TIME only seems to allow netbios names for the destination computer and not FQDNs. Any idea? Thanks Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ This email communication is intended as a private communication for the sole use of the primary addressee and those individuals listed for copies in the original message. The information contained in this email is private and confidential and if you are not an intended recipient you are hereby notified that copying, forwarding or other dissemination or distribution of this communication by any means is prohibited. If you are not specifically authorized to receive this email and if you believe that you received it in error please notify the original sender immediately. We honour similar requests relating to the privacy of email communications. Cette communication par courrier électronique est une communication privée à l'usage exclusif du destinataire principal ainsi que des personnes dont les noms figurent en copie. Les renseignements contenus dans ce courriel sont confidentiels et si vous n'êtes pas le destinataire prévu, vous êtes avisé, par les présentes que toute reproduction, tout transfert ou toute autre forme de diffusion de cette communication par quelque moyen que ce soit est interdit. Si vous n'êtes pas spécifiquement autorisé à recevoir ce courriel ou si vous croyez l'avoir reçu par erreur, veuillez en aviser l'expéditeur original immédiatement. Nous respectons les demandes similaires qui touchent la confidentialité des communications par courrier électronique. Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Time Sync to outside NTP server in NT4
W32Time See the following: http://www.ultratech-llc.com/KB/?File=TimeSync.TXT - ASB -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 12:27 PM To: NT System Admin Issues Subject: Time Sync to outside NTP server in NT4 I know I can get my NT workstation to sync time with my PDC or other server when specified through a logon script... How do I get my PDC to sync with a NTP server outside my network? Using NET TIME only seems to allow netbios names for the destination computer and not FQDNs. Any idea? Thanks Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Time Sync to outside NTP server in NT4
We use W32Time on all servers making our Domain Controllers primary and our servers secondaries only the clients use net time. The PDC gets its time from an NTP source. Steve Sauer, Technical Lead - Systems Operations NCI Information Systems WIPP Site, Carlsbad, NM www.wipp.ws -Original Message- From: Andrew Baker [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 11:52 AM To: NT System Admin Issues Subject: RE: Time Sync to outside NTP server in NT4 W32Time See the following: http://www.ultratech-llc.com/KB/?File=TimeSync.TXT - ASB -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 12:27 PM To: NT System Admin Issues Subject: Time Sync to outside NTP server in NT4 I know I can get my NT workstation to sync time with my PDC or other server when specified through a logon script... How do I get my PDC to sync with a NTP server outside my network? Using NET TIME only seems to allow netbios names for the destination computer and not FQDNs. Any idea? Thanks Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
Re: Time Sync to outside NTP server in NT4
I have a perl script that I run from sql executive as a job to sync time with bitsy.mit.edu Jim Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/