VMware Cloud Community
dauphin77
Enthusiast
Enthusiast
Jump to solution

NTP and MD5 Hash Authorization issue - VCSA 6.7

Hello All-

I'm running into an issue where I receive "NTP server is unreachable" under my Time / Time Synchronization settings in VMware Appliance Management.

I have received an MD5 hash key from my network team and wonder if it's possible to configure vCSA NTP for authorization using MD5 hash? If so, where can this be done and how? I have tried the steps listed in the two links below via the shell but still cannot get vCSA to reach our NTP server. I can ping the NTP server with no problem from the shell.

https://uplogix.com/docs/control-center-user-guide/managing-the-control-center/ntp-settings

How To Configure Authenticated NTP Using Symmetric Keys (compatibility with FIPS 140-2) - Red Hat Cu...

Additionally, I did apply security/patch updates to my vSphere environment last week and wondering if that may be part of my problem. I'm currently at Version 6.7.0.30000, Build 13010631.

Any guidance would be appreciated.

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
Jump to solution

Nothing in vSphere can use authenticated NTP, to my knowledge.

View solution in original post

3 Replies
daphnissov
Immortal
Immortal
Jump to solution

Nothing in vSphere can use authenticated NTP, to my knowledge.

dauphin77
Enthusiast
Enthusiast
Jump to solution

daphnissov,

Appreciate the response. I was beginning to think the same thing. So if my network team was required to enable NTP authentication due to security requirements, should I just be pointing time, to lets say, my virtualized DC or maybe one of my ESXi hosts instead? This is an enclosed environment that does not maintain access to the internet.

Reply
0 Kudos
daphnissov
Immortal
Immortal
Jump to solution

No, you should be pointing to three (at a minimum) or more internal NTP servers. Those servers can take their time from a higher level stratum server, and there you can secure the routes/traffic. You shouldn't be pointing internal services at external, Internet-facing NTP servers otherwise.