Provisioning Services time sync requirements

Ever had the problem that your PVS streaming process becomes unresponsive when a time change occurs on the server or a hosted client? If you have HA enabled, a failover event will be triggered. But when all PVS servers see the time change occuring your targets will not be able to work. This is caused by the fact that PVS relies on the Kerberos method for authentication. Tthis makes a number of PVS services sensitive to time changes (just as your DC in Windows is sensitive for this). If there is a five minute (or more) difference between the Provisioning Server and your DC’s, Kerberos authentication will be broken, preventing PVS services from authenticating to the vDisk store and database.

How to fix this

Make sure that you use NTP and apply the best practices to be sure that all of your servers and clients are on the same time. Check with the vendor specific documentation on how to configure your host or client to setup the NTP correctly.

This post is based on the following KB article.

Why is synced time essential for Active Directory?

Windows AD needs timestamps for resolving AD replication conflicts and for Kerberos authentication. Kerberos uses them to protect against replay attacks—where an authentication packet is intercepted on the network and then resent later to authenticate on the original sender’s behalf.  Continue reading “Why is synced time essential for Active Directory?”

Time Synchronization in Hyper-V

There is a lot of confusion about how time synchronization works in Hyper-V – so I wanted to take the time to sit down and write up all the details. 

There are actually multiple problems that exist around keeping time inside of virtual machines – and Hyper-V tackles these problems in different ways.

Problem #1 – Running virtual machines lose track of time. Continue reading “Time Synchronization in Hyper-V”