ESXi与Windws搭建NTP服务器不能同步的原因（数据包分析）。

ESXi与Windws搭建NTP服务器不能同步，为分析原因，本文对ESXi与Windows搭建的NTP服务器之间的来往数据包进行抓包分析，并对比了Linux搭建的NTP服务器，分析不能同步的原因。

ESXi与NTP服务器同步的抓包测试

问题：

ESXi配置NTP时间同步时，当指向由Windows系统搭建的NTP服务器时，无法实现同步，而指向由Linux系统搭建的NTP服务器时，则可以实现同步。为查找问题根源，专门搭建了测试环境，进行抓包分析，研究其中发生的过程。

测试环境：

序号	名称	IP  Address	系统版本	作用
1	ESXi  Server	192.168.131.222	ESXi5.0	ESXi服务器，作为NTP客户端
2	Router	192.168.131.119 192.168.130.119	Windows 2003	配置了路由功能，并安装抓包工具
3	NTP  Server1	192.168.130.3	Windows2003	搭建NTP服务器
4	NTP  Server2	192.168.130.4	Rhel5.5	搭建NTP服务器

拓扑图：

测试ESXi使用Windows 2003搭建NTP的服务器

按照VMware提供KB的建议，http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1035833&sliceId=1&docTypeID=DT_KB_1_1&dialogID=970332905&stateId=10 970354356

1.配置Windows 2003，搭建NTP客户端

修改注册表，步骤如下：

1.Enable NTP mode:

LocateHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

Set the Type value to NTP.

2.Enable the NTP Client:

LocateHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

Set the AnnounceFlags value to 5.

3.Specify the upstream NTP servers to syncfrom:

LocateHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders

Set the NtpServer value to a list of atleast 3 NTP servers.

Example: You might set the value to:

pool.ntp.org,0x1 2.pool.ntp.org,0x13.pool.ntp.org,0x1

Note: Ona Windows 2008 Domain Controller, NtpServer is located inHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.

4.Specify a 15-minute update interval:

Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient

Set the SpecialPollInterval value to 900.

5.Restart the W32time service for thechanges to take effect.

2.配置ESXi Server，将其NTP服务器指向由Windows搭建的NTP服务器

1.Open the /etc/ntp.conf file in a texteditor. For more information, see Editing configuration files in VMware ESXiand ESX (1017022).

2.Add the tos maxdist command on its ownline:

tos maxdist 30

3.Save and close the configuration file.

4.Make the /etc/likewise/lsassd.conf filewritable by running the command:

chmod +w /etc/likewise/lsassd.conf

5.Open the /etc/likewise/lsassd.conf filein a text editor. For more information, see Editing configuration files inVMware ESXi and ESX (1017022).

6.Locate the sync-system-time option,uncomment it, and set the value to no:

sync-system-time = no

7.Save and close the configuration file.

8.On ESXi, save the configuration changesto the boot bank so they persist across reboots by running the command:

/sbin/auto-backup.sh

9.Restart the ntpd and lsassd services forthe configuration changes to take effect by running the commands:

service lsassd restart

service ntpd restart

Note: To restart the ntpd and lsassdservices on an ESXi host, run these commands:

./etc/init.d/lsassd restart

./etc/init.d/ntpd restart

3.配置ESXi的NTP服务器地址

4.监控数据包

只有从ESXi发出的NTP包，NTP server没有回复。

5.在KB的基础上做调整，修改注册表，启动NTP服务

修改注册表的键值:Run->regeditHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer内的Enabled为1，打开NTP服务器功能（默认是不开启NTP Server服务

重启W23Time服务

6.启动NTP服务后，抓包显示NTP服务器有了回复

7.NTP数据包

ESXi 发出的NTP请求包是NTP版本4.

Windows搭建的NTP Server的响应包是NTP版本3

ESXi未完成时间同步，NTP服务器发回的响应包并未被接受。

测试ESXi使用Linux搭建NTP的服务器

1.配置Linux作为NTP服务器

1.编辑ntp.conf

2.Ntp.conf配置示例：

# Permit  time synchronization with our time source, but do not #  permit the source to query or modify the service on this system. restrict  default nomodify #  Permit all access over the loopback interface.This could # be  tightened as well, but to do so would effect some of # the  administrative functions. restrict  127.0.0.1 # --  CLIENT NETWORK ------- #  Permit systems on this network to synchronize with this # time  service.Do not permit those systems  to modify the #  configuration of this service.Also,  do not use those #  systems as peers for synchronization. #  restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # ---  OUR TIMESERVERS ----- server  0.pool.ntp.org server  1.pool.ntp.org server  2.pool.ntp.org # ---  NTP MULTICASTCLIENT --- #multicastclient# listen on default  224.0.1.1 #  restrict 224.0.1.1 mask 255.255.255.255 nomodify notrap #  restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # ---  GENERAL CONFIGURATION --- # #  Undisciplined Local Clock. This is a fake driver intended for backup # and  when no outside source of synchronized time is available. The #  default stratum is usually 3, but in this case we elect to use stratum # 0.  Since the server line does not have the prefer keyword, this driver # is  never used for synchronization, unless no other other #  synchronization source is available. In case the local host is #  controlled by some external source, such as an external oscillator or #  another protocol, the prefer keyword would cause the local host to # disregard  all other synchronization sources, unless the kernel #  modifications are in use and declare an unsynchronized condition. # server127.127.1.0# local clock fudge127.127.1.0 stratum 10 # #  Drift file.Put this in a directory  which the daemon can write to. # No  symbolic links allowed, either, since the daemon updates the file # by  creating a temporary in the same directory and then rename()'ing # it  to the file. # driftfile  /var/lib/ntp/drift broadcastdelay0.008 # # Keys  file.If you want to diddle your  server at run time, make a # keys  file (mode 600 for sure) and define the key number to be # used  for making requests. # #  PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote #  systems might be able to reset your clock at will. Note also that # ntpd  is started with a -A flag, disabling authentication, that # will  have to be removed as well. # keys/etc/ntp/keys

3. Linux防火墙启动123端口

2.更改ESXi的NTP服务器，将其指向Linux服务器的IP：192.168.130.4

3.NTP数据包内容

1.总共发了20个ntp请求包，才实现同步

2.客户端请求包是NTP版本4

3.服务器端响应包是NTP版本4

总结

测试结果表明，按照VMware提供的KB，使用Windows2003搭建的NTP Server，ESXi5.0无法实现与其同步。使用Linux搭建的NTP Server，ESXi5.0可以实现与其同步。

从NTP数据包内容分析，ESXi5.0发出的NTP同步请求包是NTP版本4，Windows系统搭建的NTPServer回复的数据包是NTP版本3。Linux系统搭建的NTP Server回复的数据包是NTP版本4。

转载于:https://blog.51cto.com/tgqty/1338214