I hate NTP. I hate time sync issues. I hate time skew issues on ESXi.
So now that I’ve got that out I feel a whole lot better. I can now talk about how to configure and importantly validate your NTP settings on an ESXi host.
Setting and syncing time on an ESXi host is done within Time Configuration on the Settings tab of an ESXi host.
The time can either be set manually or it can be set via NTP. Setting the time manually is self explanatory. Basically change your time and click OK. It’s not something I’m going to go into any further. Ideally, though, you want to be setting your time with NTP. Using NTP is relatively easy too, the hardest part will be making sure you have the correct ports open on all parts of the network. NTP generally uses UDP port 123 btw.
So firstly you want to select Use Network Time Protocol. You next want to head over to http://www.pool.ntp.org and find your closest NTP time sources. Understanding how the underlying technology of how NTP works is actually quite interesting but beyond what this post is about. Wikipedia is a good start on NTP. Each region around the world has a number of NTP pools and within those regions many countries have pools of their own. For me my closest pool is Australia within the Oceania region. Australia has 4 pools. Within these pools are actually a number of servers. I can use one of these pools or I can use them all. I’ll be using them all for redundancy. Once I enter these pool addresses and separate them with commas I click the Start button and click OK.
The Time Configuration should now look something similar to below. The time change in not instant and can take… well… time.
But how do you test that these settings are correct, considering that the time sync process is not instant. Further more, NTP uses UDP port 123 which is connectionless. Well, we can query the output our NTP sources gives us, which can be done from the CLI of the ESXi host.
Log into the console of the ESXi host using whatever method you prefer. The simplest is usually just starting and connecting to SSH.
We use the NTPQ command and type the following.
ntpq -p localhost
The output should be sometime similar to below. VMware have a good KB article which explains what it all means if your really want to know.
If we see something similar we know we’re good and the time should start to change shortly. If we get all zeros we probably have network and DNS working but NTP is block at the firewall somewhere.