Accurate time synchronization is critical for environment stability. Incorrect time negatively impacts authentications, cryptographic algorithms, distributed systems such as SQL and Exchange, and Active Directory replication. This article provides diagnostic steps and resolutions for common NTP synchronization failures on VMware ESXi.

• "Time skew" alerts reported by environment monitoring systems.
• The vCenter Server UI for NTP settings does not refresh or provide real-time feedback during the synchronization process.
• Host logs (/var/run/log/hostd.log) contain errors such as: kernel reports TIME_ERROR: 0x4041: Clock Unsynchronized.
• NTP test scripts return failure.
• Advanced log analysis shows the leap_alarm string.
• The reach value in NTP diagnostics is displayed as 0 or any value other than 377.

• VMware ESXi 7.x
• VMware ESXi 8.0.x
• VMware vCenter Server 7.x / 8.x

• Network communication failure or intermediate firewall blocking UDP port 123.

• The upstream NTP server is unreachable or provides inconsistent polling replies.

• High root dispersion (greater than 1500 ms).

• Version mismatch between NTPv3 and NTPv4.

• vCenter Server UI delay in reflecting the real-time synchronization status of the host.

1. Validate Network Connectivity - Verify network connectivity between the ESXi host and the NTP server:

• Execute the vmkping command from the management VMkernel interface.(Typically vmk0)

          vmkping -I vmk# <NTP server IP>

• Use `traceroute` to identify the packet path and identify potential blocks in the network.

 2. Query NTP Service -Use the `ntpq` utility to check synchronization status from the ESXi  command line:

• Run  the following command to monitor real-time polling:

              watch ntpq -pn

• Monitor the output for 30 seconds. A reach value of 377 indicates successful contact over the last eight polls.
• If refid column displays INIT, the host has not received a valid response from the NTP server.

3. Capture Network Traffic - Verify if NTP packets are being successfully transmitted and received:

• Identify the VMkernel interface by running command:

              esxcfg-vmknic -l

• Capture traffic specifically on UDP  port 123:

             tcpdump-uw -c 5 -n -i vmk# host <NTP_Server_IP> and port 123

4. Adjust Root Dispersion (tos maxdist) - If the NTP server is a Windows Domain Controller or reports high dispersion:

• Back up configuration:

             cp /etc/ntp.conf /etc/ntp.conf.bak

• Append the maxdist setting to the config file:

              echo "tos maxdist 15" >> /etc/ntp.conf

• Apply the changes  and restart the NTP service:

             esxcli system ntp set -f /etc/ntp.conf.bak && esxcli system ntp set -e 0 && esxcli system ntp set -e 1

 5. Restart NTP Daemon - If configuration is correct but synchronization is stalled:

• Restart the service: /etc/init.d/ntpd restart

*Note: It may take one to fifteen minutes for time to synchronize to reflect accurately after the service restart.

Additional Information

• vCenter Server UI Behavior: If the vCenter Server interface does not show the updated synchronization status immediately after configuration, allow several minutes for the synchronization interval to complete and refresh the browser page.
• Log Collection: For further diagnostic details, collect host logs as described in Collecting diagnostic information for VMware ESXi using vSphere Client
• Configuration Guide: For detailed setup instructions, refer to the vCenter Server and Host Management
• Software Downloads: To ensure your environment is on the latest release, visit Download Broadcom products, patches and software
• Contact Broadcom Support:  To open a new case to engage Broadcom Technical support, visit Creating and managing Broadcom cases

Troubleshooting NTP on ESX and the ESXi 7.x / 8.x.

ESXi NTP test fails with error Configuration is not working normally