I made a fresh install on two IBM x3850 Server with ESX 3.5. On the first Server I configured our NTP Server with the gui successfully. On the second Server I added our NTP Server too, but when I click on OK, I get this error. "Failed to change host configuration".
Have anybody an idea? Please help!
Talke,
You should be able to run '/etc/init.d/mgmt-vmware restart' in the Service Console. However, be sure to read KB article 1003312 [Restarting hostd (mgmt-vmware) on ESX Server Hosts Restarts Hosted
Virtual Machines Where Virtual Machine Startup/Shutdown is Enabled]. So, this may not be desirable on an ESX server running in a production environment.
Joe
Did you enable the firewall port?
Yes, sure!
Do you have your ESX servers syncing with the IP address of the NTP server...or hostname? If hostname, double check your DNS settings on your ESX servers.
Chris
I'm syncing with the IP-Adress of the NTP Server.
Can you double check your gateway settings on your ESX server...or from a Putty session to the Service Console, can the ESX server ping the NTP server?
Chris
Yes, I can ping the NTP Server. I also added the server in the /etc/hosts.
Odd NTP issues can happen when your NTP server is not sending information as expected. I am not saying it is wrong, only that there seems to be some odd inconsistencies out there for 'NTP'. I have seen one variant of Linux not accept another variant of Linux as a time source. I know it sounds odd, but it happened to us.
I checked the DNS name of the NTP server and the ESX host. Everything is correct. The NTP server is working fine with other systems. No matter which IP-Adress I enter under "Time Configuration" in the VI, I get this error "Failed to change host configuration".
I don't suppose the old "Microsoft fix" of rebooting and then trying the NTP configuration again would be worth a shot here would it? Worst case, what if you configured this ESX host manually following the KB 1339 article: http://kb.vmware.com/vmtnkb/search.do?cmd=displayKC&docType=kc&externalId=1339&sliceId=SAL_Public
I also found a shell script that helps you setup NTP from the Service Console. I'm attaching it to this post.
Chris
Your NTP source is Windows 2003? I have same. And also use AIX server as NTP source, working fine. You do have 3 separate IPs in the ntp.conf file yes? Older versions of NTP wanted to see 3 unique values. Our DNS servers echo NTP master source.
Hello,
To use the NTP Time setup configuration option, your ESX server must also be in Maintenance mode. Once that is done, it works just fine.
Best regards,
Edward L. Haletky, author of the forthcoming 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', publishing January 2008, Copyright 2008 Pearson Education. Available on Rough Cuts at http://safari.informit.com/9780132302074
I wonder what the logic is behind that? You can change the time or stop NTP, but you can't change the source????
I will set the host in to maintenance mode when I moved the VMs to another host. Then I hope it will work over the gui.
I'm having the same problem. Maintenance mode doesn't resolve the problem.
The problem appears to be when you modify the ntp source. If I leave the default entry and simply press OK it works. Anytime I add a host entry it gives the error.
I haven't been able to reproduce this issue. Can you please post the contents of your /etc/ntp.conf and /etc/ntp/step-tickers from the ESX Service Console?
Joe
Hello,
Are you using an IP address or a hostname?
I used an IP address and it works fine. If you add a hostname, make sure that hostname is referenced in /etc/hosts or is resolvable. If I use a hostname I use an /etc/hosts entry so that I do not depend on a DNS server finding the host.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the forthcoming 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', publishing January 2008, Copyright 2008 Pearson Education. Available on Rough Cuts at http://safari.informit.com/9780132302074
this is my...
/etc/ntpd.conf
restrict 127.0.0.1
restrict default kod nomodify notrap
server sms.de.int.talke.com
driftfile /var/lib/ntp/drift
/etc/ntp/step-tickers
sms.de.int.talke.co
/etc/hosts
127.0.0.1 localhost.localdomain localhost
172.16.1.9 bm-vm-03.de.int.talke.com bm-vm-03
172.16.1.199 sms.de.int.talke.com
I tried using IP and it fails.
It worked on a new server that was installed with 3.5. It is failing on any server that I upgraded from 3.0.2 to 3.5. Not sure if there is any significance there, or not.
Prohibit general access to this service.
restrict default ignore
Permit all access over the loopback interface. This could
be tightened as well, but to do so would effect some of
the administrative functions.
restrict 127.0.0.1
-- CLIENT NETWORK
-----
Permit systems on this network to synchronize with this
time service. Do not permit those systems to modify the
configuration of this service. Also, do not use those
systems as peers for synchronization.
restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
--- OUR TIMESERVERS
-----
or remove the default restrict line
Permit time synchronization with our time source, but do not
permit the source to query or modify the service on this system.
restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap noquery
server mytrustedtimeserverip
--- NTP MULTICASTCLIENT ---
#multicastclient # listen on default 224.0.1.1
restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap
restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
--- GENERAL CONFIGURATION ---
#
Undisciplined Local Clock. This is a fake driver intended for backup
and when no outside source of synchronized time is available. The
default stratum is usually 3, but in this case we elect to use stratum
0. Since the server line does not have the prefer keyword, this driver
is never used for synchronization, unless no other other
synchronization source is available. In case the local host is
controlled by some external source, such as an external oscillator or
another protocol, the prefer keyword would cause the local host to
disregard all other synchronization sources, unless the kernel
modifications are in use and declare an unsynchronized condition.
#
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
#
Drift file. Put this in a directory which the daemon can write to.
No symbolic links allowed, either, since the daemon updates the file
by creating a temporary in the same directory and then rename()'ing
it to the file.
#
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
#
Authentication delay. If you use, or plan to use someday, the
authentication facility you should make the programs in the auth_stuff
directory and figure out what this number should be on your machine.
#
authenticate yes
#
Keys file. If you want to diddle your server at run time, make a
keys file (mode 600 for sure) and define the key number to be
used for making requests.
#
PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
systems might be able to reset your clock at will. Note also that
ntpd is started with a -A flag, disabling authentication, that
will have to be removed as well.
#
keys /etc/ntp/keys
And there is no contents in the step-tickers file.