VMware ESX 3.5 ntpdate strangeness | spiralbound.net

VMware ESX 3.5 ntpdate strangeness

Data and Technology

Posted on April 9th, 2008

Written by cliff

Related Posts
Tags
esx. esx server, firewall esxcfg-firewall, iptables, nptdate, ntp, ntpClient, ntpd, outbound UDP, port 123, time, time servr, udp, vmware
We just noticed that the time was very far off on our sparkly new VMware EXS 3.5 server. When I went to run ntpdate to bring it up to sync, I was suprised to find that it could not make a connection to the time server because outbound UDP 123 traffic was blocked by the internal firewall. Here is what I got:

# /usr/sbin/ntpdate -u time.nist.gov
9 Apr 03:47:53 ntpdate[20245]: sendto(192.43.244.18): Operation not permitted
9 Apr 03:47:54 ntpdate[20245]: sendto(192.43.244.18): Operation not permitted
9 Apr 03:47:55 ntpdate[20245]: sendto(192.43.244.18): Operation not permitted
9 Apr 03:47:56 ntpdate[20245]: sendto(192.43.244.18): Operation not permitted
9 Apr 03:47:57 ntpdate[20245]: no server suitable for synchronization found

Normally I would just add a rule to the “/etc/sysconfig/iptables” file to allow traffic out on this port, but Vmware ESX server does not use iptables… It uses its own firewall, so I had to figure out how to change it. Happily, it turns out that there is a handy “esxcfg-firewall” command built just for such things.

Running this:
/usr/sbin/esxcfg-firewall -q | grep 123
```
12300 1803K valid-tcp-flags  tcp  --  *   *     0.0.0.0/0        0.0.0.0/0
```
Confirmed that UDP port 123 outbound was disallowed.

Running this opened it up:
/usr/sbin/esxcfg-firewall -e ntpClient

Grep out “123″ again just to be sure:
/usr/sbin/esxcfg-firewall -q | grep 123
```
1  76 ACCEPT  udp  --  *    *    0.0.0.0/0      0.0.0.0/0     udp dpt:123
```
And you can now run ntpdate to sync up the time:
/usr/sbin/ntpdate -u time.nist.gov
```
9 Apr 09:52:54 ntpdate[20319]: step time server 192.43.244.18 offset 21689.039217 sec
```
Related items
This entry was posted on Wednesday, April 9th, 2008 at 10:07 am and is filed under Data and Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
0 Comments

Take a look at some of the responses we've had to this article.
Leave a Reply

Let us know what you thought. Click here to cancel reply.
Name (required):

Email (required):

Website:

Message:

Visitors have tagged this post: t (145) - ntpdate (63) - ntpdate operation not permitted (47) - esxcfg-firewall command not found (40) - bash: esxcfg-firewall: command not found (38) - esx iptables (32) - esxcfg command not found (26) - esx set time (24) - vmware ntpdate (23) - esx ntpdate (22) - vmware ntp (18) - ntpd sendto operation not permitted (18) - esx 3.5 ntp (17) - iptables esx (15) - ntpdate vmware (14) - vmware esx iptables (13) - esxcfg-firewall: command not found (13) - ntpdate no server suitable for synchronization found (12) - NTP ESX 3.5 (12) - ntpdate esx (11) - ESX no server suitable for synchronization found (11) - set time on esx server (11) - vmware ntpd (10) - esx 3 5 ntp (10) - no server suitable for synchronization found vmware (10) - set time esx (10) - ntpdate sendto Operation not permitted (10) - esx ntp (9) - vmware esx time (9) - vmware esx set time (9) - vmware set time (9) - ESX set date (9) - f (8) - esxcfg-firewall (8) - esx ntpdate operation not permitted (8) - vmware esx firewall (8) - set time on esx (8) - esxcfg-firewall not found (7) - esx change date (7) - ntpd vmware (7) - vmware esx ntp (7) - esx 3.5 commands (7) - change time vmware esx (7) - esx 0.0.0.0 (7) - vmware udp (6) - linux ntpdate operation not permitted (6) - vmware esx time sync (6) - ntp Operation not permitted (6) - esx command not found (6) - ESX change time (6) - vmware esx change time (6) - set time in esx (6) - ntp vmware (6) - Installing and Configuring NTP on VMware ESX Server 3.5 (6) - vmware time synchronization (6) - esx service command not found (6) - esx ntp log (6) - ntpdate sendto (5) - ntpdate sendto not permitted (5) - Vmware ESX time off (5) - esx bash (5) - firewall esx (5) - vmware ntp server (5) - ntpdate no server suitable esx (5) - change time on esx server (5) - vmware esx firewall port (5) - enable esx firewall (5) - esx ntpdate no server suitable for synchronization found (5) - vmware esx set date (5) - ntp vmware esx (5) - esxcfg-auth command not found (5) - mss (4) - ntp esx 3 5 (4) - vmware ntp no server suitable for synchronization found (4) - esx bash command not found (4) - ntpdate[]: sendto(): Operation not permitted (4) - vmware no server suitable for synchronization found (4) - ntpdate firewall (4) - vmware firewall ports (4) - ntpdate Operation not permitted esx (4) - esx firewall ntp (4) - esx 3 5 firewall commands (4) - vmware ntpdate no server suitable for synchronization f (4) - bash: esxcfg-auth: command not found (4) - vmware esx time synchronization (4) - Vmware ESX ntpdate (4) - vmware ntp client (4) - vmware esx 3.5 enable ssh (4) - ntpdate operation not permitted vmware (4) - vmware esx 0.0.0.0 (4) - esx firewall command (4) - esxcfg-firewall commands (4) - ntp server vmware esx (4) - vmware time command (4) - bash: ntpdate: command not found (4) - esxcfg not found (4) - esxcfg esx 3.5 (4) - esx 4 (4) - Installing and Configuring NTP on VMware ESX Server (4) - bash: esxcfg: command not found (4) - esxcfg-firewall ntp (4) - esx ntp sett (4) - esx time command (4) - ntpdate port (3) - no server suitable for synchronization found ESX (3) - esxcfg-firewall command (3) - esxcfg-firewall -o (3) - esx firewall port (3) - ntpdate no server suitable (3) - vmware operation not permitted (3) - vmware ntp log (3) - esx time sync (3) - esx time synchronization (3) - configure ntp esx 3 5 (3) - ESX 3 5 time (3) - esxcfg ssh command not found (3) - esx firewall ports (3) - esx firewall start (3) - ssh is not working on esx 3 5 (3) - set time vmware (3) - time esx (3) - esx linux time sync (3) - vmware esx 3 5 ntp (3) - esxcfg-firewall ntpdate (3) - vmware ntp not working (3) - esxcfg firewall commands (3) - ESX Operation not permitted (3) - vmare esxcfg-firewall sample (3) - ESX ip tables (3) - esx ntpd (3) - vmware esx 4 (3) - set date esx (3) - esx time (3) - vmware ntp port (3) - esx firewall (3) - esx ntpd operation not permitted (3) - ssh esx (3) - esx 3.5 firewall (3) - change date in esx (3) - set time esx 3.5 (3) - change date in vmware esx (3) - how to change firewall ports on esx (3) - vmware esx 3.5 time (3) - operation not permitted vmware (3) - service command not found esx (3) - vmware esx server tcp port (3) - change ntp on esx 3.5 (3) - vmware esx no server suitable for synchronization found (3) - ssh ESX 3.5 (3) - set time in vmware esx (3) -