For authentication to work correctly, NSX Manager, vIDM and other service providers such as Active Directory must all be time synchronized. This section describes how to time synchronize these components.
Follow the instructions in the following KB articles to synchronize ESXi hosts.
For information about synchronizing VMs and the host, see https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.vm_admin.doc/GUID-C0D8326A-B6E7-4E61-8470-6C173FDDF656.html. The VMs might be running NSX Manager, vIDM, Active Directory, or other service providers.
Follow the vendor's documentation on how synchronize VMs and hosts.
Configuring NTP on the vIDM Server (Not Recommended)
If you are not able to synchronize time across the hosts, you can disable synchronizing to host and configure NTP on the vIDM server. This method is not recommend because it requires the opening of UDP port 123 on the vIDM server
Check the clock on the vIDM server and make sure it is correct.
# hwclock Tue May 9 12:08:43 2017 -0.739213 seconds
Edit /etc/ntp.conf and add the following entries if they don't exist.
server server time.nist.gov server server pool.ntp.org server server time.is dynamic
Open UDP port 123.
# iptables -A INPUT -p udp --dport 123 -j ACCEPT
Run the following command to check that the port is open.
# iptables -L –n
Start the NTP service.
Make NTP run automatically after a reboot.
# chkconfig --add ntp # chkconfig ntp on
Check that the NTP server can be reached.
# ntpq -p
The reach column should not show 0. The st column should show some number other than 16..