Hi,
I'm facing this issue where the NTP does not sync, NTP is the firewall interface which can be pinged by the vCenter and DNS resolves fine as well. The below is what I got from the logs but it only says Server Unreachable, nothing else.
2020-12-30T14:04:55.308 [2449]DEBUG:vmware.appliance.timesync.impl:com.vmware.appliance.timesync.get()
2020-12-30T14:04:55.308 [2449]DEBUG:vmware.appliance.timesync.impl:Executing operation /sbin/service ['ntpd', 'status']
2020-12-30T14:04:55.346 [2449]DEBUG:vmware.appliance.timesync.impl:Operation output = b'\xe2\x97\x8f ntpd.service - Network Time Service\n Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: enabled)\n Active: active (running) since Wed 2020-12-30 13:40:05 UTC; 24min ago\n Docs: man:ntpd\n Main PID: 1384 (ntpd)\n Tasks: 2\n Memory: 1.3M\n CPU: 180ms\n CGroup: /system.slice/ntpd.service\n \xe2\x94\x94\xe2\x94\x801384 /usr/bin/ntpd -g -u ntp:ntp\n\nDec 30 13:40:05 vCSAP.vlab.lab ntpd[1384]: restrict default: KOD does nothing without LIMITED.\nDec 30 13:40:05 vCSAP.vlab.lab ntpd[1384]: Listen and drop on 0 v6wildcard [::]:123\nDec 30 13:40:05 vCSAP.vlab.lab ntpd[1384]: Listen and drop on 1 v4wildcard 0.0.0.0:123\nDec 30 13:40:05 vCSAP.vlab.lab ntpd[1384]: Listen normally on 2 lo 127.0.0.1:123\nDec 30 13:40:05 vCSAP.vlab.lab ntpd[1384]: Listen normally on 3 eth0 192.168.31.133:123\nDec 30 13:40:05 vCSAP.vlab.lab ntpd[1384]: Listening on routing socket on fd #20 for interface updates\nDec 30 13:40:05 vCSAP.vlab.lab ntpd[1384]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized\nDec 30 13:40:05 vCSAP.vlab.lab ntpd[1384]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized\nDec 30 13:48:47 vCSAP.vlab.lab ntpd[1384]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized\nDec 30 07:49:13 vCSAP.vlab.lab ntpd[1384]: frequency error -66179369 PPM exceeds tolerance 500 PPM\n', error = b'' returncode = 0
2020-12-30T14:04:55.346 [2449]DEBUG:vmware.appliance.timesync.impl:NTP status Up
*** *** *** *** *** *** *** *** *** *** *** ***
2020-12-30T14:04:55.385 [2449]DEBUG:vmware.appliance.timesync.impl:com.vmware.appliance.ntp.get()
2020-12-30T14:04:55.418 [2449]DEBUG:vmware.vherd.transport.vapi:State 'UP_TO_DATE'
2020-12-30T14:04:55.418 [2449]DEBUG:vmware.appliance.timesync.impl:com.vmware.appliance.ntp.test(['192.168.31.146'])
2020-12-30T14:04:55.418 [2449]DEBUG:vmware.appliance.timesync.ntpTestUtils:Testing connection to: ['192.168.31.146']
2020-12-30T14:04:55.543 [2449]DEBUG:vmware.appliance.timesync.ntpTestUtils:NTP test out: b'server 192.168.31.146, stratum 12, offset -21574.474246, delay 0.02652\n', err: b'30 Dec 14:04:55 ntpdate[13883]: no server suitable for synchronization found\n', returncode: 1
2020-12-30T14:04:55.545 [2449]DEBUG:root:TestRunStatuses: servers=['192.168.31.146']
statuses=['SERVER_UNREACHABLE']
messages=[Structure('LocalizableMessage', dict(id='com.vmware.appliance.ntp_sync.failure', args=[], defaultMessage='Unable to sync to NTP server.'))]
2020-12-30T14:04:55.557 [2449]INFO:twisted:"127.0.0.1" - - [30/Dec/2020:14:04:54 +0000] "POST /rest/appliance/ntp/test HTTP/1.0" 200 186 "https://vcsap.vlab.lab:5480/ui/time" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
2020-12-30T14:04:58.703 [2449]INFO:vmware.vherd.transport.ssh_access_collector:Feature switch: VCSA_SSH_ACCESS_EVENT disabled.
2020-12-30T14:04:58.893 [2449]INFO:vmware.appliance.vapi.auth:Authorization request for service_id: com.vmware.appliance.ntp, operation_id: test
2020-12-30T14:04:58.893 [2449]DEBUG:vmware.appliance.extensions.authorization.authorization_sso:Required privileges = ['ModifyConfiguration']
*** *** *** *** *** *** *** *** *** *** *** ***
2020-12-30T14:04:58.914 [2449]DEBUG:vmware.vherd.transport.vapi:State 'UP_TO_DATE'
2020-12-30T14:04:58.914 [2449]DEBUG:vmware.appliance.timesync.impl:com.vmware.appliance.ntp.test(['192.168.31.146'])
2020-12-30T14:04:58.914 [2449]DEBUG:vmware.appliance.timesync.ntpTestUtils:Testing connection to: ['192.168.31.146']
2020-12-30T14:04:59.41 [2449]DEBUG:vmware.appliance.timesync.ntpTestUtils:NTP test out: b'server 192.168.31.146, stratum 12, offset -21574.474228, delay 0.02660\n', err: b'30 Dec 14:04:59 ntpdate[13903]: no server suitable for synchronization found\n', returncode: 1
2020-12-30T14:04:59.44 [2449]DEBUG:root:TestRunStatuses: servers=['192.168.31.146']
statuses=['SERVER_UNREACHABLE']
messages=[Structure('LocalizableMessage', dict(id='com.vmware.appliance.ntp_sync.failure', args=[], defaultMessage='Unable to sync to NTP server.'))]
*** *** *** *** *** *** *** *** *** *** *** ***
2020-12-30T14:05:03.703 [2449]INFO:vmware.vherd.transport.ssh_access_collector:Feature switch: VCSA_SSH_ACCESS_EVENT disabled.
2020-12-30T14:05:08.704 [2449]INFO:vmware.vherd.transport.ssh_access_collector:Feature switch: VCSA_SSH_ACCESS_EVENT disabled.
2020-12-30T14:05:13.704 [2449]INFO:vmware.vherd.transport.ssh_access_collector:Feature switch: VCSA_SSH_ACCESS_EVENT disabled.
2020-12-30T14:05:18.707 [2449]INFO:vmware.vherd.transport.ssh_access_collector:Feature switch: VCSA_SSH_ACCESS_EVENT disabled.
2020-12-30T14:05:23.705 [2449]INFO:vmware.vherd.transport.ssh_access_collector:Feature switch: VCSA_SSH_ACCESS_EVENT disabled.
Any way to get this working as I believe this is what is causing failure to join Active Directory domain as well.
Nothing being blocked in firewall either.
Thank You
you can try checking for port 123 to ntp if not reachable. if ping is working then icmp is working but port 123 may have communication issues.
Thanks but where do I check 123 port, on firewall ?
Firewall has all ports and protocols open/allowed.
check this and see if it helps
ON VCSA, you can try packet capture .. I dont know if nc commands works on vcsa
if it works, you can use nc -uz ntpserverfqdn/ip 123 to test connectivity
AD and NTP has same time?
thanks,
MS
Thanks for the link,
I have been through the link before, unfortunately did not help.
I have done this before just not with through a firewall, plus there's windows default firewall as well. So that's getting me confused.
I had been trying to setup NTP and only after posting came to know about vCenter syncing from AD domain and not through NTP directly.
So now I'm trying to get the AD joining to work.
I'll test the port 123 and see whats going on.
Appreciate the help @msripada
I finally found the issue with VCSA not joining AD, and it makes no sense to me as to why.
I had 2 interfaces on the Windows Server for redundancy 192.168.31.162 (main), 10.0.31.162 (Backup, IP configured, but not connected anywhere).
When I ran the netstat -tcp command in vcsa ssh it showed ldap communicating back via the 10.0.31.162 interface, I completely removed the backup interface to test and it joined AD instantly. Not sure if this is a windows server behavior.
Any thoughts on this as to why its doing this.
Thanks again
Hi,
Not sure why the communication going to second nic however we are unsure if there is any dns or other entry for that nic/ip address which might have lead to the problem or as you mentioned it may be windows behavior. Good to know issue is fixed now
thanks,
Ms