Here is the results of an ESX server that is a little out of sync:

server 172.16.151.246, stratum 4, offset 43.101731, delay 0.04207

20 Nov 10:25:01 ntpdate[24697]: step time server 172.16.151.246 offset 43.101731 sec

Here is another that is a little off:

server 172.16.151.246, stratum 4, offset 63.482701, delay 0.04201

20 Nov 10:26:40 ntpdate[28789]: step time server 172.16.151.246 offset 63.482701 sec

What NTP servers are the DNS servers using to synch their clocks? 172.16.151.246 or something different?

###############

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!

They are using a different address I assume (I sent an e-mail to one of our domain admins to see how they are getting the time for our DNS servers), 172.16.151.246 is the address of one of our DNS servers.

ntp.conf file

1. Prohibit general access to this service.

restrict default ignore

1. Permit all access over the loopback interface. This could

2. be tightened as well, but to do so would effect some of

3. the administrative functions.

restrict 127.0.0.1

1. -- CLIENT NETWORK -------

2. Permit systems on this network to synchronize with this

3. time service. Do not permit those systems to modify the

4. configuration of this service. Also, do not use those

5. systems as peers for synchronization.

6. restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap

1. --- OUR TIMESERVERS -----

2. or remove the default restrict line

3. Permit time synchronization with our time source, but do not

4. permit the source to query or modify the service on this system.

1. restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap noquery

2. server mytrustedtimeserverip

restrict default kod nomodify notrap

server 172.16.151.246

server 172.16.151.247

server 172.16.151.248

1. --- NTP MULTICASTCLIENT ---

#multicastclient # listen on default 224.0.1.1

1. restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap

2. restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap

1. --- GENERAL CONFIGURATION ---

#

1. Undisciplined Local Clock. This is a fake driver intended for backup

2. and when no outside source of synchronized time is available. The

3. default stratum is usually 3, but in this case we elect to use stratum

4. 0. Since the server line does not have the prefer keyword, this driver

5. is never used for synchronization, unless no other other

6. synchronization source is available. In case the local host is

7. controlled by some external source, such as an external oscillator or

8. another protocol, the prefer keyword would cause the local host to

9. disregard all other synchronization sources, unless the kernel

10. modifications are in use and declare an unsynchronized condition.

#

server 127.127.1.0 # local clock

fudge 127.127.1.0 stratum 10

#

1. Drift file. Put this in a directory which the daemon can write to.

2. No symbolic links allowed, either, since the daemon updates the file

3. by creating a temporary in the same directory and then rename()'ing

step-tickers.conf file

172.16.151.246

172.16.151.247

172.16.151.248

The problem seems to be with your ntp.conf file.

Do the following:

mv /etc/ntp.conf /etc/ORIG.ntp.conf

Then

vi /etc/ntp.conf

and insert only the following in the file:

restrict 127.0.0.1

restrict default kod nomodify notrap

server 172.16.151.246

server 172.16.151.247

server 172.16.151.248

driftfile /var/lib/ntp/drift

The save the file and do a service ntpd restart

Message was edited by: dkfbp

I'm pointing my ESX servers at our Domain Controllers (the 172.16.151.246 address) and those are using the following to sync their time:

ntp-1.vt.edu or ntp-2.vt.edu or ntp-3.vt.edu

Would it help to just point our ESX servers to these addresses instead of Domain Controllers?

Todd H.

Was something in my file causing the time not to sync on its own?

the ntp.conf file you pasted seems to have a strange format. I don't know if it is because you have pasted it into this forum or what.

But it is best practise to clear the file and only use what I told you to. This is how I manage my 55 hosts.

You could probably see the ntp error in /var/log/messages if I remember correctly ntp logs to that file. I am not 100% sure, I don't have access

to any esx console from this PC.

Frank

I'm not sure if altering the ntp.conf file solved the issue.

If not, I would go ahead and just have the ESX hosts synch of off the same NTP servers the DCs are synching off of.

###############

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!

I made the changes to my ntp.conf file in one of our ESX clusters, I'll give it a couple of days and see how it goes. If this doesn't seem to keep them insync I'll try pointing them at the external NTP servers that our domain controllers use.

Thanks for the help guys, I'll reply back to the thread when I have some results.

Our ntp.conf is very similar to yours apart from a few differences.

I've commented out the restrict default ignore line and the server 127.127.1.0 # local clock after talking to our networking/ntp guy. Also commented out keys /etc/ntp/keys

We sync ESX with the router that is in sync with an atomic clock out there somewhere - the AD also syncs to the router(s) - it seems to work ok.

Did you configure your step-tickers file too?

Jon