By default, VMWware ESX/ESXi hosts setup guest virtual machines to sync the time with the host (or hypervisor). This is great if you’ve remembered to set the host up to sync itself with an external Network Time Protocol (NTP) server or NTP pool like pool.ntp.org. If you forgot, however, then you can be in a world of trouble fast. Here’s why: The correct time matters in an Active Directory environment: Kerberos tickets are used to authenticate logins and secure sessions between workstations and servers. These tickets have timestamps and if those tickets have timestamps are more than 5 minutes apart they’re considered to be unsafe and are rejected. Long story short, issues with time sync can be a real problem in active directory causing loss of trust relationship and other authentication related problems. Here’s how to avoid all that if you’re running VMWare.
[the problem]
VMWare ESXI guest virtual machines sync time with the VMWare host, but the VMWare host’s time is not synced to an external NTP source. Consequently time on the VMWare host falls behind or gets out of sync.
[the solution]
[step 1] Configuring Network Time Protocol (NTP) on ESX/ESXi hosts using the vSphere Client.
- Connect to the ESX/ESXi host using the vSphere Client.
- Select a host in the inventory.
- Click the Configuration tab.
- Click Time Configuration.
- Click Properties.
- Click Options.
- Click NTP Settings.
- Click Add.
- Enter the NTP Server name. For example, pool.ntp.org.
[step 2] If you are running w32time on your guest, disable the VMware Tools periodic time sync. Timekeeping best practices for Windows, including NTP.
That’s it.