If your ESXi time sync configuration is off, then your VMs, applications and file servers could be in trouble....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Once you've successfully installed ESXi 6.5, one of the most important things for an administrator to do is configure time synchronization.
If your host is out of sync, your VMs are out of sync and could fail. If your VMs are out of sync, some applications might stop working. For example, file servers might stop providing access to resources, because of expiring Kerberos tickets, or domain controllers won't sync across sites.
Computers and servers more than five minutes out of sync will not authenticate. It's very important to configure a manual time source for the primary domain controller emulator in the forest root domain.
Configure ESXi time sync and NTP settings
In order to configure ESXi time sync, edit the Network Time Protocol (NTP) settings in the vSphere Web Client. Open the vSphere Web Client, select the proper ESXi host and then click Configure > Time Configuration > Edit and select "Use Network Time Protocol (Enable NTP client)."
Next, open the NTP Service Startup Policy drop-down menu and choose "Start and stop with the host." Add all your NTP servers to the NTP Servers text box (Figure A).
For this example, I used "vmware.pool.ntp.org" -- a pool of NTP servers hosted at VMware.
When you've finished adding NTP servers, it's important to remember to restart to update the NTP service settings. If you don't restart, the service goes into a "stop" state and doesn't apply the settings right away.
Once you've followed these steps and restarted, you've successfully configured the ESXi host to fetch the time from an external source. This is the best setting for most environments.
What about other alternatives?
It's rare that one configuration is the perfect fit for every situation. There might be times when the host doesn't have access to the internet and, in turn, doesn't have access to use an NTP server. Or the configuration might be an isolated, highly secured environment where using the internet isn't an option. In these scenarios, you need an alternative plan.
Usually, the best alternative is to sync with your domain controller. The domain controller's NTP settings must be up to date because it provides the time services for all the desktops and server systems within your organization.
So, instead of putting "vmware.pool.ntp.org" in the NTP Servers text box, enter a fully qualified domain name or IP address of the Windows domain controller server(s) from your organization.
No matter the method you choose, you need to restart the NTP service after every change in order for the changes to take effect.
How to set up server time synchronization on SUSE Linux Enterprise Server
Security issues caused by unsynchronized system clocks
Is there a better way to sync XP systems?
Dig Deeper on VMware how-tos
Related Q&A from Vladan Seget
New to vSphere 6.5, the secure boot feature protects VMs and ESXi hosts from viruses, malware and spyware -- and enabling it is as easy as checking ...continue reading
Introduced in vSphere 6.0, the Content Library was a nifty tool, but had some serious limitations. VSphere 6.5 changes that with a number of new ...continue reading
Admins have options when it comes to changing an ESXi 6.5 host name, but only the vSphere Web Client has full functionality in the latest release.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.