Announcement

Collapse
No announcement yet.

Hyper-V Host and Guest Dependencies

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hyper-V Host and Guest Dependencies

    I've recently built a 3 node Hyper-V failover cluster on Windows Server 2012 Datacenter Edition for a client and I'm having some difficulty getting my head around a few "dependencies" related to the hosts and the AD domain to which they're joined.

    1. Failover Clustering requires AD. CSV's also require AD. When the Domain Controllers for the host domain are virtualized on those hosts how do you get around the seeming dependency loop that's created if the DC's are on the CSV? We've taken to storing the DC VM's on local storage so that if we experience a failure of all 3 nodes we can have the DC's start up thus allowing the failover cluster members to communicate with the DC's thus allowing the CSV to be accessed and for failover clustering initialization and operations to proceed. The standard recommendation to maintain at least one physical DC seems to fly in the face of reason. I can virtualize my entire infrastructure but I need to maintain 1 physical DC? My entire infrastructure is dependent on this lone physical DC? I can spend thousands (or hundreds of thousands) of dollars on host servers, shared storage, redundant networking, etc., etc. but it all hinges on 1 standalone physical server that is the DC? Ridiculous!

    2. Time Sync? Our PDCe is set to sync to an external time source. All domain clients are configured to sync to the domain hierarchy, including the host servers. When starting a VM the host "injects" it's time into the VM (since a VM has no RTC) and thereafter the client VM should sync it's time with the domain hierarchy. We're finding that isn't the case. When running "w32tm /query /source" on our VM's we're finding that the time source is "VM IC Time Synchronization Provider", even on our PDCe. In Googling this I've found a lot of differing and conflicting information on how to sync domain time in Hyper-V guests. Some posts say to disable time integration between the host and guest and some say to "partially" disable it. What is the correct way to deal with this?
    Last edited by joeqwerty; 10th September 2013, 16:06.

  • #2
    Re: Hyper-V Host and Guest Dependencies

    For #1, yes, it does seem daft, but a physical DC is still recommended (alternatively a virtual DC on a host that is not a domain member)

    For #2, you can untick the Time Sync option (VM Settings - Integration Services) That has always worked for me
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Hyper-V Host and Guest Dependencies

      Pretty much what Ossian said, although in some cases we have also added a virtual, but non-clustered, DC on each Hyper-V host. Most of our networks have a physical backup server anyway, seeing as SCSI and USB aren't supported under Hyper-V.

      Note though that this was a 2008 R2 issue, the requirement for a DC to bring the CSVs online has been removed in 2012.
      Source:-
      http://www.windowsnetworking.com/art...ing-Part1.html
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      sigpic
      Cruachan's Blog

      Comment


      • #4
        Re: Hyper-V Host and Guest Dependencies

        Originally posted by cruachan View Post
        Pretty much what Ossian said, although in some cases we have also added a virtual, but non-clustered, DC on each Hyper-V host. Most of our networks have a physical backup server anyway, seeing as SCSI and USB aren't supported under Hyper-V.

        Note though that this was a 2008 R2 issue, the requirement for a DC to bring the CSVs online has been removed in 2012.
        Source:-
        http://www.windowsnetworking.com/art...ing-Part1.html
        I had no idea that the CSV/AD dependency had been resolved. Thanks much for the info and the link.

        As for time sync issues. I'm seeing all of our VM's showing the VM IC Time Synchronization Provider as their time source and I've got boat loads of W32Time events in my System event logs. I'm just not sure how to address this. Do I disable host time sync on our DC's? Do I partially disable it on our DC's? Do I disable or partially disable it on our member servers? What about the hosts that are joined to the domain? There seems to be a lot of conflicting information on this subject.

        Comment


        • #5
          Re: Hyper-V Host and Guest Dependencies

          The VMICTimeProvider you see in the registry is necessary, but not all the time. We ran into the same issues with sync, but here's what we did to fix it:
          *-On each VM properties \ Integration Services, check the box which refers to Time Sync. This enables the VMICTimeProvider when the VM starts up, because it needs a time to run from, but doesn't have a Real-Time Clock (RTC) like a physical PC does.

          *-On each VM, go to the following Reg key:
          HKLM\System\CurrentControlSet\Services\W3Ttime\Tim eProviders\VMICTimeProvider
          Look for a key called 'Enabled' with a value of '1'. Change that to '0' (zero.) If it isn't there, create it as a reg_dword entry with a value of '0'. This means that the VM's clock won't be updated regularly by the Integration Services after Startup, they'll poll the DCs as normal through domain enforcement.

          *-Set up your PDC holder to update through whatever means you'd expect it to. Probably not necessary, but restart all the VMs, the PDC first and then the others. Then check the system logs for w32time entries to verify they updated from the DCs rather than the Integration Services.
          *RicklesP*
          MSCA (2003/XP), Security+, CCNA

          ** Remember: credit where credit is due, and reputation points as appropriate **

          Comment


          • #6
            Re: Hyper-V Host and Guest Dependencies

            Just to reiterate, the DC requirement for clusters and CSVs has been resolved in 2012.

            For the time sync issue, I would un-tick the time sync in the integration services for the PDC Emulator only. All other VMs should sync with the hosts and the hosts should sync with the PDC and the PDC should sync with your choice of time source.

            I have this setup at a few clients and it works fine for me so far.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: Hyper-V Host and Guest Dependencies

              Also, concur with the advice below. In our case, we have a number of VMware Farms and Hyper-V clusters in our datacenters. They are based within it's own AD environment separate to the AD environment of the Guest VMs. We have a physical DC for the Domain that the Hyper-V Hosts connect to for clustering and the Guest VMs, which belong to varioud customers, are always virtual. As for time sync, we point everything, where supported at the PDC holder, which in turn points to an external time source. All PDCs always point to the same external time source and if we can't point to a PDC for whatever reason, we point to the same extenrnal time source.

              Comment

              Working...
              X