VMware Cloud Community
storage_god
Contributor
Contributor

VCAC, Identity Appliance time sync issues

I am getting a weird time sync delta between VCAC Appliance and the Identity appliance.

The identity appliance goes out of sync for 5 minutes.. i.e. VCAC = 10:00 P.M. Identity appliance = 9:55 P.M. This behavior has me bouncing on a loop when login into VCAC between VCAC and Identity with a SUBMIT button on the upper left hand corner until I change the time on the Identity Appliance to match the VCAC.

I have tried Use Host Time or Sync with Network time and same results.. Any tips would be greatly appreciated.

Thanks Smiley Happy

Reply
0 Kudos
6 Replies
VirExprt
Expert
Expert

Go and check the host time sync and see if they are different... this happened with me as the Hosts were set to sync with localhost (such a stupid though Smiley Wink) but pointing them to right NTP server, resolved time drift issue for me.

Br,

MG

Regards, MG
Reply
0 Kudos
jlperez01
Enthusiast
Enthusiast

Hello.

Did you find out how to fix it?

I started experiencing the same problem today: Even if I disable time synchronization completely, and manually set the correct time from the CLI, a few minutes later the time changes back to 5 minutes behind...

My Identity appliance was working fine for several months. It just started doing this today.

Prior to this, I was using external NTP servers to keep it in sync, but that is not working anymore.

Reply
0 Kudos
SeanKohler
Expert
Expert

We are having a similar issue.  Only 2 minutes off between Identity Appliance and VCAC.  Both pointed to the same time source.  Neither set to follow host time.

We are researching....

Reply
0 Kudos
storage_god
Contributor
Contributor

I have not yet found a real solution to this.

Below is what I did:

1. Uncheck VM's for sync with host time

2. ESXI to sync with same NTP server (picked two out of the pool)

server 0.north-america.pool.ntp.org

server 1.north-america.pool.ntp.org

server 2.north-america.pool.ntp.org

server 3.north-america.pool.ntp.org

3. Ran NTP SYNC on all VMs to the same NTP server

  •      vCAC Appliance
  • Iaas
  • SSO
  • AppD

All seems to be working now

I hope that helps

Reply
0 Kudos
SeanKohler
Expert
Expert

We are pointing to a couple Windows domain controller servers which are running the time service for the windows domain.  It was working prior, but now isn't.
We did a couple of things...

1. Commented out the fudge value in ntp.conf.

2. Set the servers to iburst and burst.

Time is now syncing.  But now we have a case where a couple of changes occurred.... and you know how that goes...

burst is not recommended, especially for public domain ntp servers.  We are going to keep the fudge values commented out and leave the servers as iburst (which is set via the gui, and if you change it to both burst and iburst, it is overwritten), and we are going to wait 24 hours to see if we are drifting.

##

## Undisciplined Local Clock. This is a fake driver intended for backup

## and when no outside source of synchronized time is available.

##

#server 127.127.1.0

#fudge  127.127.1.0 stratum 10  # LCL is unsynchronized

Reply
0 Kudos
SeanKohler
Expert
Expert

With the above setting in ntp.conf, our time is stable  ( or more like not being set incorrectly), but we are still drifting slowly.  We ended up just creating a cron job to stamp the correct time nightly using sntp for now. (will revisit after 6.2 release) There isn't significant drift in a 24 hour period.  Our issue is possibly because we are leveraging windows domain controllers running the NTP service and maybe something isn't jiving.  We didn't have time issues pointed to external public pools, but we don't ideally want to run like that outside of lab.


Reply
0 Kudos