For authentication to work correctly, NSX Manager, vIDM and other service providers such as Active Directory must all be time synchronized. This section describes how to time synchronize these components.

VMware Infrastructure

Follow the instructions in the following KB articles to synchronize ESXi hosts.

For information about synchronizing VMs and the host, see https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.vm_admin.doc/GUID-C0D8326A-B6E7-4E61-8470-6C173FDDF656.html. The VMs might be running NSX Manager, vIDM, Active Directory, or other service providers.

Third-Party Infrastructure

Follow the vendor's documentation on how synchronize VMs and hosts.

Configuring NTP on the vIDM Server (Not Recommended)

If you are not able to synchronize time across the hosts, you can disable synchronizing to host and configure NTP on the vIDM server. This method is not recommend because it requires the opening of UDP port 123 on the vIDM server

  • Check the clock on the vIDM server and make sure it is correct.

        # hwclock
        Tue May  9 12:08:43 2017  -0.739213 seconds
  • Edit /etc/ntp.conf and add the following entries if they don't exist.

        server server time.nist.gov
        server server pool.ntp.org
        server server time.is dynamic
  • Open UDP port 123.

        # iptables -A INPUT -p udp --dport 123 -j ACCEPT

    Run the following command to check that the port is open.

        # iptables -L –n

  • Start the NTP service.

        /etc/init.d/ntp start
  • Make NTP run automatically after a reboot.

        # chkconfig --add ntp
        # chkconfig ntp on
  • Check that the NTP server can be reached.

        # ntpq -p

    The reach column should not show 0. The st column should show some number other than 16..