This article discusses how to configure an ESXi 6.7 host to synchronize time with an upstream NTP server and how to verify that it's actually working.
NTP Configuration
The first step is to configure time synchronization on the ESXi host(s). This can be done using the VMware Host Client, the vSphere Web Client or the vSphere Client. Let's look at using the VMware Host Client or the vSphere Client.
VMware Host Client Configuration
- Connect to the ESXi host client by opening a browser and connecting to https://esxi_host_name/ui
- Log into the host with the root credentials
- Navigate to Host > Manage > System > Time & date
- Click "Edit settings"
- Select "Use Network Time Protocol (Enable NTP client)"
- Select your service startup policy. I normally use "Start and stop with host".
- Specify your NTP server(s)
- Click "Save"
- The ESXi host is now configured for NTP time synchronization
vSphere Client Configuration
- Connect to the vCenter client by opening a browser and connecting to https://vcenter_host_name/ui
- Log into vCenter
- Select the ESXi host to configure. For example, navigate to "Hosts and Clusters", then vCenter Server > Data Center > Cluster > Host
- Select the Configure tab, then navigate to System > Time Configuration
- Click "Edit"
- Select "Use Network Time Protocol (Enable NTP client)"
- Specify your NTP server(s)
- Select your service startup policy. I normally use "Start and stop with host".
- Click "OK"
- The ESXi host is now configured for NTP time synchronization
Verify NTP Operation
To verify that the ESXi host is receiving NTP updates from the NTP server:
- Ensure the SSH service is running on the ESXi host
- Connect to the host using an SSH client such as putty
- Log into the host using root credentials
- Enter the following command "ntpq -p" and press enter
This will return the following information:
- remote - Name or IP of the NTP server
- refid - Host the NTP server is using for synchronization
- st - Stratum, position in the NTP server hierarchy. The lower the number, the closer to the NTP root time sources
- t - type of communication. u = unicast.
- when - Seconds since last poll
- poll - Poll interval in seconds
- reach - See below
- delay - Delay in milliseconds (ms) between the NT server and the ESXi host
- offset - Difference in time between the NTP server and the ESXi system clock
- jitter - Variation between the received clock pulses from the NTP server
Reach Value
The reach value represents the success and failure of the last eight polls to the NTP server. It is a bit-shift register, which means the values are added to the right. A value of 0 means the NTP server was not contacted, while a value of 1 means a successful synchronization. The reach value will be displayed as an octal (base 8) value. Here are some possible reach values:
| BINARY VALUE |
OCTAL VALUE |
RESULT |
| 00000000 |
0 |
No successful synchronizations |
| 00000001 |
1 |
One successful synchronization |
| 00100101 |
45 |
Three successful synchronizations, but not in a row |
| 11111111 |
377 |
Eight successful synchronizations |
To learn more about binary to octal conversion, click here.
Once the NTP client has been running for several hours on the ESXi host, the desired result would be a reach value of 377. This would be a 100% successful synchronization rate. If the reach value remains 0 after several hours, it’s time to troubleshoot NTP. I would look at things like:
- Was the correct NTP server specified during configuration
- Is the NTP server reachable from the host. Can you ping it?
- Is there a firewall blocking access to the NTP server? Verify that UDP port 123 is not being blocked.
