{"id":195,"date":"2019-05-23T10:19:20","date_gmt":"2019-05-23T10:19:20","guid":{"rendered":"http:\/\/www.djblond.cz\/?p=195"},"modified":"2019-05-23T10:19:20","modified_gmt":"2019-05-23T10:19:20","slug":"unwanted-synchronization-of-time","status":"publish","type":"post","link":"https:\/\/www.djblond.cz\/index.php\/2019\/05\/23\/unwanted-synchronization-of-time\/","title":{"rendered":"Unwanted synchronization of time"},"content":{"rendered":"

Imagine following situation. You have virtual machine on VMware and clock are from time to time automaticaly sync, but not with NTP source you have, but from different source. First thing which will come to your mind is, lets check checkbox on Vmware which is enabling or disabling synchronization with host. But you will find out, that checkbox is unchecked.<\/p>\n

So lets start the troubleshooting.<\/p>\n

Open event viewer, go to system events and filter event ID 1, source Kernel-General<\/code>
\nYou will see something like this<\/p>\n

\"\"<\/p>\n

You see the prove, that „something“ is changing time. So lets review setting of NTP client
\nOpen CMD and run follwoing command<\/p>\n

w32tm \/query \/status<\/pre>\n
Result is something like this:<\/p>\n
\"\"<\/p>\n
You see, that IP and source are correct and in case of domain joined computer, you will see probably IP and FQDN of your domain controller.<\/p>\n
Ok, now we know that NTP server is set correctly, but our computer still getting the time from different source.<\/p>\n
To be able to find, what process is calling time change, you will need to enable\u00a0Audit privilege use<\/a> and then search for event ID 4616<\/strong><\/p>\n
Run the Local Security Policy<\/code> (secpol.msc), and go to\u00a0Local Policies\\Audit Policy,<\/code> open Audit privilege<\/code> use and check Success checkbox.<\/p>\n
\"\"<\/p>\n
Once the auditing will be enabled, we have to wait untli time change will occure. Then search in Security log event id 4616.<\/code><\/p>\n
BOOOM!<\/strong> we found the root cause! vmtoolsd.exe alias VMware<\/p>\n
\"\"<\/p>\n
Ok, now its comming question, how is possible, that time is change by VMware even if I have this setting disabled?<\/p>\n
I found article<\/a> on VMware, that this can sometimes happen. Especially time is resynchronized when you migrate the virtual machine using vMotion, take a snapshot, restore to a snapshot, shrink the virtual disk, or restart the VMware Tools service in the virtual machine (including rebooting the virtual machine).<\/p>\n
To completly disable time synchronization, we need to do change on VMware VM. More infomration here<\/a>.<\/p>\n
    \n
  1. Select the virtual machine in the vSphere Web Client inventory and power it off.<\/li>\n
  2. Right click the virtual machine and choose\u00a0Edit Settings<\/b>…<\/li>\n
  3. Click the\u00a0VM Options<\/b>\u00a0tab.<\/li>\n
  4. Expand the Advanced option.<\/li>\n
  5. Under\u00a0Configuration Parameters<\/b>\u00a0click\u00a0Edit Configuration<\/b>.<\/li>\n
  6. Click\u00a0Add Row<\/b>\u00a0and add this information<\/li>\n<\/ol>\n\n\n\n\n\n\n\n\n\n\n\n
    Name<\/strong><\/td>\nValue<\/strong><\/td>\n<\/tr>\n
    tools.syncTime<\/td>\nFalse<\/span><\/td>\n<\/tr>\n
    time.synchronize.continue<\/td>\nFalse<\/span><\/td>\n<\/tr>\n
    time.synchronize.restore<\/td>\nFalse<\/span><\/td>\n<\/tr>\n
    time.synchronize.resume.disk<\/td>\nFalse<\/span><\/td>\n<\/tr>\n
    time.synchronize.shrink<\/td>\nFalse<\/span><\/td>\n<\/tr>\n
    time.synchronize.tools.startup<\/td>\nFalse<\/span><\/td>\n<\/tr>\n
    time.synchronize.tools.enable<\/td>\nFalse<\/span><\/td>\n<\/tr>\n
    time.synchronize.resume.host<\/td>\nFalse<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
    Note<\/strong>: When adding\u00a0tools.syncTime<\/code>\u00a0via the\u00a0Configuration Parameters<\/strong>\u00a0in vSphere 5.x, it is not displayed again after the entry has been accepted and closed. When you view the\u00a0vm_name<\/em>.vmx<\/code>\u00a0file, you see the parameter inserted as\u00a0tools.syncTime = \"FALSE\"<\/code>.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Imagine following situation. You have virtual machine on VMware and clock are from time to time automaticaly sync, but not with NTP source you have, but from different source. First… Read more »<\/a><\/p>\n","protected":false},"author":1,"featured_media":206,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.djblond.cz\/index.php\/wp-json\/wp\/v2\/posts\/195"}],"collection":[{"href":"https:\/\/www.djblond.cz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.djblond.cz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.djblond.cz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.djblond.cz\/index.php\/wp-json\/wp\/v2\/comments?post=195"}],"version-history":[{"count":9,"href":"https:\/\/www.djblond.cz\/index.php\/wp-json\/wp\/v2\/posts\/195\/revisions"}],"predecessor-version":[{"id":209,"href":"https:\/\/www.djblond.cz\/index.php\/wp-json\/wp\/v2\/posts\/195\/revisions\/209"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.djblond.cz\/index.php\/wp-json\/wp\/v2\/media\/206"}],"wp:attachment":[{"href":"https:\/\/www.djblond.cz\/index.php\/wp-json\/wp\/v2\/media?parent=195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.djblond.cz\/index.php\/wp-json\/wp\/v2\/categories?post=195"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.djblond.cz\/index.php\/wp-json\/wp\/v2\/tags?post=195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}