This article will show you in few steps how-to turn your ESXi host into NTP server. It's not the best VMware practice for production environments, but excellent for home labbing and maybe for clients with single ESXi host, where there isn't any other physical server left which could assure an NTP service.
The ESXi host is usually configured as a client, where it keeps itself synchronized through a public NTP server or pool of servers. But that's for an ESXi acting as a client, right? What if we would want to point to our ESXi as a reliable local timesource?. The NTP daemon would allow that, as it does both – client and server. But, it's the firewall on the ESXi host which blocks the remote requests.
It's easy to create a rule which allows the firewall rule in the ESXi host, but it's not persistent through reboots. You might have already stumbled through this VMware KB article 2007381: User defined xml firewall configurations are not persistent across ESXi host reboots.
How to make the rules persistent? By creating a VIB file. Recently I have published an article on how-to install VIB on VMware ESXi host. We will do it with a help of someone who is an expert in that – Andreas Peetz. He is not an unknown person in VMware Communities, and I also list his tool ESXi Customizer ( an utility to create customized ISO images ) in my Free VMware Tools page.
In fact he has created that VIB with another cool utility which he is an author as well. It's a command line utility (a script with GUi) called TGZ2VIB5. By installing the VIB you permanently enable the firewall rule and even after the reboot it stays active.
Here is the command and the installation of the VIB from Andy's blog: (first line set the “Community Acceptance Level”, the second installs the VIB).
esxcli software acceptance set –level CommunitySupported
esxcli software vib install -v https://files.v-front.de/fwenable-ntpd-1.2.0.x86_64.vib
As I mentioned, the VIB was created by using the tgz2vib5.cmd You can download the Community Packaging Tools from Andy's page: https://www.v-front.de/p/esxi5-community-packaging-tools.html (it's a simple exe file, which after execution extract itself to a directory of your choice).
The script tgz2vib5.cmd will bring up a GUI window allowing to create VIB file… You can enter an OEM.tgz-style ESXi 5.x driver package and translate it into a VIB format. Advantage of VIB over the TGZ packaging is that its possible to add a descriptive metadata which can contain Author Data, version or your company.
Depending of your environment. In my lab, I'm having a DC which is a Windows 2012 Core, installed in a VM. I'm using one of my ESXi hosts as a time service (which is synced via external NTP pool). The only thing I'll have to think of is if I need to reinstall the ESXi host, then I must remember to re-add this rule to the firewall… -:)
I Used this command on the Windows Server 2012 to set the authoritative time source:
w32tm /config /manualpeerlist: peers /syncfromflags:MANUAL
Example:
w32tm /config /manualpeerlist: 10.10.5.30 /syncfromflags:MANUAL
All credits here goes to Andreas Peetz. Source: v-front.de
Michael says
I’ve been using this on demo systems that have to be moved around and don’t have internet access. The ESXi host is the only device that has consistent time. However, some of the devices still can’t get time from the ESXi host, and I can’t figure out why. I’m currently using ESXi V6.7.0 update 2.