It is vital, especially in a clustered environment, that the clocks on each PGP Encryption Server (Symantec Encryption Management Server) show the correct time.

The Encryption Management Server time is displayed in the administration console on the top right of the Reporting / Overview page.

To set the time, do the following after logging into the administration console:

1. Navigate to System / General Settings.
2. Click on the Set Time button.
3. Select the appropriate time zone.
4. Optionally change the Time Format from the default of AM/PM to 24-hour.
5. Optionally change the Date Format from the default of ddd MM DD YYYY (MM/DD/YYYY) to ddd DD MM YYYY (DD/MM/YYYY).
6. If you have an NTP server available, enable the Use NTP Server option and enter the DNS name or IP address of the NTP server.
7. If you do not have an NTP server available, enable the Set Time Manually option and enter the correct time and date.
8. Click the Save button.

If the Use NTP Server option is already enabled but the time displayed is inaccurate, it means either:

1. The NTP server name or IP is no longer valid. 
2. Encryption Management Server is a VMware Virtual Machine and the VMware ESXi server is attempting to set the time in addition to PGP Encryption Server setting the time using NTP.

Ensure that the NTP server name or IP address is valid. To do this, reach out to Symantec Encryption Support for further guidance. You will want to configure  ssh to the PGP Encryption Server as part of these steps.

154069 - Best Practices: Environmental Requirements for Symantec Encryption Management Server clustering (AKA PGP Server)