This article discusses how to configure an ESXi 6.7 host to synchronize time with an upstream NTP server and how to verify that it’s actually working.

NTP Configuration

The first step is to configure time synchronization on the ESXi host(s).  This can be done using the VMware Host Client, the vSphere Web Client or the vSphere Client.  Let’s look at using the VMware Host Client or the vSphere Client.

VMware Host Client Configuration

  • Connect to the ESXi host client by opening a browser and connecting to https://esxi_host_name/ui
  • Log into the host with the root credentials
  • Navigate to Host > Manage > System > Time & date
  • Click “Edit settings”
  • Select “Use Network Time Protocol (Enable NTP client)”
  • Select your service startup policy.  I normally use “Start and stop with host”.
  • Specify your NTP server(s)
  • Click “Save”
  • The ESXi host is now configured for NTP time synchronization

vSphere Client Configuration

  • Connect to the vCenter client by opening a browser and connecting to https://vcenter_host_name/ui
  • Log into vCenter
  • Select the ESXi host to configure.  For example, navigate to “Hosts and Clusters”, then vCenter Server > Data Center > Cluster > Host
  • Select the Configure tab, then navigate to System > Time Configuration
  • Click “Edit”
  • Select “Use Network Time Protocol (Enable NTP client)”
  • Specify your NTP server(s)
  • Select your service startup policy.  I normally use “Start and stop with host”.
  • Click “OK”
  • The ESXi host is now configured for NTP time synchronization

Verify NTP Operation

To verify that the ESXi host is receiving NTP updates from the NTP server:

  • Ensure the SSH service is running on the ESXi host
  • Connect to the host using an SSH client such as putty
  • Log into the host using root credentials
  • Enter the following command “ntpq -p” and press enter

This will return the following information:

  • remote – Name or IP of the NTP server
  • refid – Host the NTP server is using for synchronization
  • st – Stratum, position in the NTP server hierarchy.  The lower the number, the closer to the NTP root time sources
  • t – type of communication.  u = unicast.
  • when – Seconds since last poll
  • poll – Poll interval in seconds
  • reach – See below
  • delay – Delay in milliseconds (ms) between the NT server and the ESXi host
  • offset – Difference in time between the NTP server and the ESXi system clock
  • jitter – Variation between the received clock pulses from the NTP server

Reach Value

The reach value represents the success and failure of the last eight polls to the NTP server.  It is a bit-shift register, which means the values are added to the right.  A value of 0 means the NTP server was not contacted, while a value of 1 means a successful synchronization.  Here are some possible reach values:

  • 00000000 – decimal value 0 –  No successful synchronizations
  • 00000001 – decimal value 1 – One successful synchronization
  • 00100101 – decimal value 37 – Three successful synchronizations, but not in a row
  • 11111111 – decimal value 377 – Eight successful synchronizations

Once the NTP client has been running for several hours on the ESXi host, the desired result would be a reach value of 377.  This would be a 100% successful synchronization rate.  If the reach value remains 0 after several hours, it’s time to troubleshoot NTP.  I would look at things like:

  • Was the correct NTP server specified during configuration
  • Is the NTP server reachable from the host.  Can you ping it?
  • Is there a firewall blocking access to the NTP server?  Verify that UDP port 123 is not being blocked.