KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

Test NTP on VMware host

 
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting
View previous topic :: View next topic  
Author Message
RogerSpraggon



Joined: 19 Mar 2012
Posts: 59

PostPosted: Tue Aug 08, 2017 5:18 pm    Post subject: Test NTP on VMware host Reply with quote

I am having some trouble with my Windows Domain controllers occasionally getting wrong time and I suspect it is to do with VMware host (even though I have turned off all options to sync with host) and I want to set up an NTP test in HostMonitor to check the time on the VMware host but I can't get the normal NTP test to work. Is there a way to get this to work for VMware Host (Linux)?
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12791
Location: USA

PostPosted: Tue Aug 08, 2017 5:32 pm    Post subject: Reply with quote

What exactly means "I can't get NTP test to work"?
What test status do you see? No answer? Unknown? Bad? Host is alive?
Reply value?
HostMonitor version?

ntpd service running on Linux?
firewall allows connection from HostMonitor?
correct port specified?

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
RogerSpraggon



Joined: 19 Mar 2012
Posts: 59

PostPosted: Tue Aug 08, 2017 8:40 pm    Post subject: Reply with quote

I am using HostMonitor "NTP test"
Result is "No answer"
HM Version is 10.08
NTP client is running on VMware host
ntpClient firewall rule is "enabled" and UPD 123 reports as "Listening or Filtered"
Port is 123
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12791
Location: USA

PostPosted: Wed Aug 09, 2017 5:49 am    Post subject: Reply with quote

Sorry, I have no idea what is wrong on your system.
May be you enabled firewall rule for wrong interface?
May be you are using wrong IP in test settings?
Try to use strace and tcpdump to check what is going on...

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
RogerSpraggon



Joined: 19 Mar 2012
Posts: 59

PostPosted: Wed Aug 09, 2017 9:32 pm    Post subject: Reply with quote

It appears that the VMware ESXi host firewall is blocking the incoming NTP requests from HM since if I disable the firewall then the HM NTP test works.
I don't want to disable the entire firewall; I just have to tweak the firewall to accept incoming UDP 123; not straightforward with VMware and ESXi.
If I manage to get the configuration right I'll post an update in case someone else is trying to do same thing in the future
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12791
Location: USA

PostPosted: Thu Aug 10, 2017 9:54 am    Post subject: Reply with quote

Check /etc/vmware/firewall/service.xml file.

You may change existing rule for NTP port or create new one like
<service id="123">
<id>NTP</id>
<rule id='0000'>
<direction>inbound</direction>
<protocol>udp</protocol>
<porttype>dst</porttype>
<port>123</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
Note: service id must be unique

Please check VMWare docs for details
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2008226

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
RogerSpraggon



Joined: 19 Mar 2012
Posts: 59

PostPosted: Thu Aug 10, 2017 9:32 pm    Post subject: Reply with quote

I found this too and applied a new rule but it isn't persistent after a reboot.
You need to run the following 2 commands after making change:
tar -cvzf vnasfw.tgz /etc/vmware/firewall/service.xml
BootModuleConfig.sh --add=vnasfw.tgz
the following article explains the whole process:
http://cormachogan.com/2014/03/28/adding-bespoke-firewall-rules-to-esxi/
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12791
Location: USA

PostPosted: Fri Aug 11, 2017 7:48 am    Post subject: Reply with quote

Thank you

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index