ESXi与Windws搭建NTP服务器不能同步的原因（数据包分析）。

ESXi与Windws搭建NTP服务器不能同步，为分析原因，本文对ESXi与Windows搭建的NTP服务器之间的来往数据包进行抓包分析，并对比了Linux搭建的NTP服务器，分析不能同步的原因。
ESXi与NTP服务器同步的抓包测试

问题：

ESXi配置NTP时间同步时，当指向由Windows系统搭建的NTP服务器时，无法实现同步，而指向由Linux系统搭建的NTP服务器时，则可以实现同步。为查找问题根源，专门搭建了测试环境，进行抓包分析，研究其中发生的过程。

测试环境：

序号	名称	IP Address	系统版本	作用
1	ESXi Server	192.168.131.222	ESXi5.0	ESXi服务器，作为NTP客户端
2	Router	192.168.131.119 192.168.130.119	Windows 2003	配置了路由功能，并安装抓包工具
3	NTP Server1	192.168.130.3	Windows2003	搭建NTP服务器
4	NTP Server2	192.168.130.4	Rhel5.5	搭建NTP服务器

拓扑图：

测试ESXi使用Windows 2003搭建NTP的服务器

按照VMware提供KB的建议，http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1035833&sliceId=1&docTypeID=DT_KB_1_1&dialogID=970332905&stateId=10 970354356

1.配置Windows 2003，搭建NTP客户端

修改注册表，步骤如下：1.Enable NTP mode:
LocateHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Set the Type value to NTP.


2.Enable the NTP Client:
LocateHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Set the AnnounceFlags value to 5.



3.Specify the upstream NTP servers to syncfrom:

LocateHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders
Set the NtpServer value to a list of atleast 3 NTP servers.

Example: You might set the value to:

pool.ntp.org,0x1 2.pool.ntp.org,0x13.pool.ntp.org,0x1


Note: Ona Windows 2008 Domain Controller, NtpServer is located inHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.
4.Specify a 15-minute update interval:
Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Set the SpecialPollInterval value to 900.



5.Restart the W32time service for thechanges to take effect.

2.配置ESXi Server，将其NTP服务器指向由Windows搭建的NTP服务器

1.Open the /etc/ntp.conf file in a texteditor. For more information, see Editing configuration files in VMware ESXiand ESX (1017022).



2.Add the tos maxdist command on its ownline:
tos maxdist 30



3.Save and close the configuration file.

4.Make the /etc/likewise/lsassd.conf filewritable by running the command:
chmod +w /etc/likewise/lsassd.conf



5.Open the /etc/likewise/lsassd.conf filein a text editor. For more information, see Editing configuration files inVMware ESXi and ESX (1017022).


6.Locate the sync-system-time option,uncomment it, and set the value to no:
sync-system-time = no



7.Save and close the configuration file.

8.On ESXi, save the configuration changesto the boot bank so they persist across reboots by running the command:
/sbin/auto-backup.sh



9.Restart the ntpd and lsassd services forthe configuration changes to take effect by running the commands:
service lsassd restartservice ntpd restartNote: To restart the ntpd and lsassdservices on an ESXi host, run these commands:
./etc/init.d/lsassd restart./etc/init.d/ntpd restart

3.配置ESXi的NTP服务器地址

4.监控数据包

只有从ESXi发出的NTP包，NTP server没有回复。

5.在KB的基础上做调整，修改注册表，启动NTP服务

修改注册表的键值:Run->regeditHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer内的Enabled为1，打开NTP服务器功能（默认是不开启NTP Server服务

重启W23Time服务

6.启动NTP服务后，抓包显示NTP服务器有了回复

7.NTP数据包

ESXi 发出的NTP请求包是NTP版本4.


Windows搭建的NTP Server的响应包是NTP版本3

ESXi未完成时间同步，NTP服务器发回的响应包并未被接受。

测试ESXi使用Linux搭建NTP的服务器

1.配置Linux作为NTP服务器

1.编辑ntp.conf



2.Ntp.conf配置示例：

# Permit time synchronization with our time source, but do not# permit the source to query or modify the service on this system. restrict default nomodify # Permit all access over the loopback interface.This could# be tightened as well, but to do so would effect some of# the administrative functions.restrict 127.0.0.1 # -- CLIENT NETWORK -------# Permit systems on this network to synchronize with this# time service.Do not permit those systems to modify the# configuration of this service.Also, do not use those# systems as peers for synchronization.# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # --- OUR TIMESERVERS ----- server 0.pool.ntp.orgserver 1.pool.ntp.orgserver 2.pool.ntp.org # --- NTP MULTICASTCLIENT ---#multicastclient# listen on default 224.0.1.1# restrict 224.0.1.1 mask 255.255.255.255 nomodify notrap# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # --- GENERAL CONFIGURATION ---## Undisciplined Local Clock. This is a fake driver intended for backup# and when no outside source of synchronized time is available. The# default stratum is usually 3, but in this case we elect to use stratum# 0. Since the server line does not have the prefer keyword, this driver# is never used for synchronization, unless no other other# synchronization source is available. In case the local host is# controlled by some external source, such as an external oscillator or# another protocol, the prefer keyword would cause the local host to# disregard all other synchronization sources, unless the kernel# modifications are in use and declare an unsynchronized condition.#server127.127.1.0# local clockfudge127.127.1.0 stratum 10 ## Drift file.Put this in a directory which the daemon can write to.# No symbolic links allowed, either, since the daemon updates the file# by creating a temporary in the same directory and then rename()'ing# it to the file.#driftfile /var/lib/ntp/driftbroadcastdelay0.008 ## Keys file.If you want to diddle your server at run time, make a# keys file (mode 600 for sure) and define the key number to be# used for making requests.## PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote# systems might be able to reset your clock at will. Note also that# ntpd is started with a -A flag, disabling authentication, that# will have to be removed as well.#keys/etc/ntp/keys

3. Linux防火墙启动123端口

2.更改ESXi的NTP服务器，将其指向Linux服务器的IP：192.168.130.4

3.NTP数据包内容

1.总共发了20个ntp请求包，才实现同步




2.客户端请求包是NTP版本4

3.服务器端响应包是NTP版本4

总结

测试结果表明，按照VMware提供的KB，使用Windows2003搭建的NTP Server，ESXi5.0无法实现与其同步。使用Linux搭建的NTP Server，ESXi5.0可以实现与其同步。从NTP数据包内容分析，ESXi5.0发出的NTP同步请求包是NTP版本4，Windows系统搭建的NTPServer回复的数据包是NTP版本3。Linux系统搭建的NTP Server回复的数据包是NTP版本4。

本文出自 “快乐一派” 博客，转载请与作者联系！