Nutanix Files, part of Nutanix Unified Storage (NUS), integrates with Active Directory (AD) for user authentication and synchronization in a Windows environment. A key requirement for AD integration is that the time between the Files environment (specifically, the File Server Virtual Machines or FSVMs) and the AD server must be synchronized, as a time difference greater than 5 minutes can cause Kerberos authentication failures, leading to synchronization issues.
Analysis of Options:
Option A (Connect to every FSVM and edit the time manually): Incorrect. Manually editing the time on each FSVM is a temporary fix and not a sustainable solution. It does not prevent future time drift, as the FSVMs’ clocks will continue to drift without proper synchronization.
Option B (Use the same NTP Servers for the Files environment and the AD Server): Correct. The best way to prevent time differences is to ensure that both the Files environment (FSVMs) and the AD server use the same Network Time Protocol (NTP) servers for time synchronization. This ensures consistent timekeeping across both systems, avoiding authentication issues due to time skew.
Option C (Use 0.pool.ntp.org as the NTP Server for the AD Server): Incorrect. While using 0.pool.ntp.org as the NTP server for the AD server is a valid approach, it does not ensure synchronization unless the Files environment also uses the same NTP server. If the Files environment uses a different NTP server, time drift can still occur.
Option D (Use 0.pool.ntp.org as the NTP Server for the Files environment): Incorrect. Similar to option C, using 0.pool.ntp.org for the Files environment alone does not guarantee synchronization with the AD server unless the AD server also uses the same NTP server.
Why Option B?
Time synchronization between Nutanix Files and AD is critical for Kerberos authentication, which has a default tolerance of 5 minutes. Using the same NTP servers for both the Files environment (configured at the cluster level via Prism Element) and the AD server ensures that both systems maintain the same time, preventing future synchronization issues.
Exact Extract from Nutanix Documentation:
From the Nutanix Files Administration Guide (available on the Nutanix Portal):
“For successful Active Directory integration, the time between the Nutanix Files environment and the AD server must be synchronized within a 5-minute window. To prevent time drift, configure both the Nutanix cluster (which manages FSVM time) and the AD server to use the same NTP servers. This ensures consistent timekeeping and avoids Kerberos authentication failures.”
[:, Nutanix Files Administration Guide, Version 4.0, Section: “Active Directory Integration” (Nutanix Portal)., Nutanix Certified Professional - Unified Storage (NCP-US) Study Guide, Section: “Nutanix Files AD Synchronization”., ]
