Yes, sure!

I'm syncing with the IP-Adress of the NTP Server.

Can you double check your gateway settings on your ESX server...or from a Putty session to the Service Console, can the ESX server ping the NTP server?

Chris

Yes, I can ping the NTP Server. I also added the server in the /etc/hosts.

Odd NTP issues can happen when your NTP server is not sending information as expected. I am not saying it is wrong, only that there seems to be some odd inconsistencies out there for 'NTP'. I have seen one variant of Linux not accept another variant of Linux as a time source. I know it sounds odd, but it happened to us.

I checked the DNS name of the NTP server and the ESX host. Everything is correct. The NTP server is working fine with other systems. No matter which IP-Adress I enter under "Time Configuration" in the VI, I get this error "Failed to change host configuration".

I don't suppose the old "Microsoft fix" of rebooting and then trying the NTP configuration again would be worth a shot here would it? Worst case, what if you configured this ESX host manually following the KB 1339 article: http://kb.vmware.com/vmtnkb/search.do?cmd=displayKC&docType=kc&externalId=1339&sliceId=SAL_Public

I also found a shell script that helps you setup NTP from the Service Console. I'm attaching it to this post.

Chris

Your NTP source is Windows 2003? I have same. And also use AIX server as NTP source, working fine. You do have 3 separate IPs in the ntp.conf file yes? Older versions of NTP wanted to see 3 unique values. Our DNS servers echo NTP master source.

Hello,

To use the NTP Time setup configuration option, your ESX server must also be in Maintenance mode. Once that is done, it works just fine.

Best regards,

Edward L. Haletky, author of the forthcoming 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', publishing January 2008, Copyright 2008 Pearson Education. Available on Rough Cuts at http://safari.informit.com/9780132302074

I wonder what the logic is behind that? You can change the time or stop NTP, but you can't change the source????

I will set the host in to maintenance mode when I moved the VMs to another host. Then I hope it will work over the gui.

I'm having the same problem. Maintenance mode doesn't resolve the problem.

The problem appears to be when you modify the ntp source. If I leave the default entry and simply press OK it works. Anytime I add a host entry it gives the error.

I haven't been able to reproduce this issue. Can you please post the contents of your /etc/ntp.conf and /etc/ntp/step-tickers from the ESX Service Console?

Joe

Hello,

Are you using an IP address or a hostname?

I used an IP address and it works fine. If you add a hostname, make sure that hostname is referenced in /etc/hosts or is resolvable. If I use a hostname I use an /etc/hosts entry so that I do not depend on a DNS server finding the host.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the forthcoming 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', publishing January 2008, Copyright 2008 Pearson Education. Available on Rough Cuts at http://safari.informit.com/9780132302074

this is my...

/etc/ntpd.conf

restrict 127.0.0.1

restrict default kod nomodify notrap

server sms.de.int.talke.com

driftfile /var/lib/ntp/drift

/etc/ntp/step-tickers

sms.de.int.talke.co

/etc/hosts

127.0.0.1 localhost.localdomain localhost

172.16.1.9 bm-vm-03.de.int.talke.com bm-vm-03

172.16.1.199 sms.de.int.talke.com

I tried using IP and it fails.

It worked on a new server that was installed with 3.5. It is failing on any server that I upgraded from 3.0.2 to 3.5. Not sure if there is any significance there, or not.

1. Prohibit general access to this service.

restrict default ignore

1. Permit all access over the loopback interface. This could

2. be tightened as well, but to do so would effect some of

3. the administrative functions.

restrict 127.0.0.1

1. -- CLIENT NETWORK
   -----

2. Permit systems on this network to synchronize with this

3. time service. Do not permit those systems to modify the

4. configuration of this service. Also, do not use those

5. systems as peers for synchronization.

6. restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap

1. --- OUR TIMESERVERS
   -----

2. or remove the default restrict line

3. Permit time synchronization with our time source, but do not

4. permit the source to query or modify the service on this system.

1. restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap noquery

2. server mytrustedtimeserverip

1. --- NTP MULTICASTCLIENT ---

#multicastclient # listen on default 224.0.1.1

1. restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap

2. restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap

1. --- GENERAL CONFIGURATION ---

#

1. Undisciplined Local Clock. This is a fake driver intended for backup

2. and when no outside source of synchronized time is available. The

3. default stratum is usually 3, but in this case we elect to use stratum

4. 0. Since the server line does not have the prefer keyword, this driver

5. is never used for synchronization, unless no other other

6. synchronization source is available. In case the local host is

7. controlled by some external source, such as an external oscillator or

8. another protocol, the prefer keyword would cause the local host to

9. disregard all other synchronization sources, unless the kernel

10. modifications are in use and declare an unsynchronized condition.

#

server 127.127.1.0 # local clock

fudge 127.127.1.0 stratum 10

#

1. Drift file. Put this in a directory which the daemon can write to.

2. No symbolic links allowed, either, since the daemon updates the file

3. by creating a temporary in the same directory and then rename()'ing

4. it to the file.

#

driftfile /var/lib/ntp/drift

broadcastdelay 0.008

#

1. Authentication delay. If you use, or plan to use someday, the

2. authentication facility you should make the programs in the auth_stuff

3. directory and figure out what this number should be on your machine.

#

authenticate yes

#

1. Keys file. If you want to diddle your server at run time, make a

2. keys file (mode 600 for sure) and define the key number to be

3. used for making requests.

#

1. PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote

2. systems might be able to reset your clock at will. Note also that

3. ntpd is started with a -A flag, disabling authentication, that

4. will have to be removed as well.

#

keys /etc/ntp/keys

And there is no contents in the step-tickers file.