To get some more flexibility in my Homelab I added another domain controller (Active Directory, DNS and DHCP). Unlike my first domain controller, which runs directly on the physical ESXi host (details can be found here), I installed the second domain controller inside the nested vSAN cluster. After configuring all services I wanted to use the new domain controller as an additional DNS server in my VMware vSphere environment. So I quickly adjusted the network and NTP settings of the vCenter Server appliance and the ESXi hosts and then everything should be fine. So far so good. No problem until then. Shortly after I added the additional domain controller in all locations a warning message appeared in my vSphere cluster.
My first guess was that I misconfigured a host or the vCenter Server appliance. So I briefly checked all components involved. Each host and also the vCenter Server Appliance are configured correctly and identically. So let’s take a closer look. The vSAN Health Check (Cluster -> Monitor -> vSAN – Skyline Health showed some additional details.
But what are these desired settings? I did what anyone would do in this situation: I started the search engine of trust and tried my luck with the error description. The only useful entry led me to the following thread from the VMTN forum. Here I also found the link to a KB article which explains where these desired settings come from.
4. NTP setting
NTP setting on hosts should be the same with the specifications. NTP setting will be persistent if it's configured via QuickStart and health check reports a warning if the NTP setting on the host is not consistent with the cluster level. If NTP is not configured in QuickStart, the health check will not validate NTP compliance status, then the user can configure it on the host later.
When I created my vSAN cluster using the Quickstart Wizard, there was only a single domain controller in my environment that served as an NTP server. Therefore I only specified this one in the wizard. So by adding the additional NTP server I have violated the underlying cluster setting that Sykline Health refers to. As you can see in the thread in the VMTN forum, there was no possibility to change the configuration of the Quickstart Wizard in the versions 6.7 U3 and 7.0 GA. Unfortunately, this has not changed with the ESXi Version 7.0 Update 1b. At least I haven’t found a way until now. I currently have vCenter Server Appliance 7.0 U1a (build 17005016) and ESXi 7.0 Update 1b (build 17168206) running in my homelab.
Wrap-Up
So if you have created your cluster with the Quickstart Wizard in the past and now you are about to change your NTP servers, keep this behaviour in mind. If you or your customer do not want to have any warnings or errors in vCenter, you have no choice but to mute the alarm. Not very elegant but currently the only way to get rid of the warning. If this behaviour changes in the near future I will of course change this post accordingly.
