Appliance Time Sync

Overview

Ensuring accurate system time on your AuthControl Sentry appliance is critical for the functionality of time-based authentication methods.

Why is this important? OATH TOTP (Time-based One-Time Password) authentication methods depend on the server time being precise. This applies to:

  • The AuthControl Mobile App (proprietary).

  • Third-party applications (Google Authenticator, Microsoft Authenticator).

  • OATH TOTP Hardware Tokens.

If the appliance time drifts significantly from the actual time (UTC), the one-time code generated by the user’s token will not match the code expected by the server, resulting in authentication failure.

Warning

Conflict Avoidance: You must never enable Network Time Protocol (NTP) on the appliance while simultaneously syncing time from the Virtual Machine (VM) Host (e.g., via VMware Tools, XenTools, or Nutanix Guest Tools). Using both methods simultaneously will cause a “fighting” condition where the clock fluctuates erratically, leading to service instability.

Our Best Practice Recommendation

We strongly recommend using the VM Host time synchronization method.

Modern hypervisors (VMware ESXi, Hyper-V, Nutanix, Citrix XenServer) maintain highly accurate time on the physical host hardware. Allowing the appliance to sync strictly from the host ensures consistency and simplifies configuration.

Checking Current Time and Status

You can verify the current time and the status of the virtualization tools directly from the appliance Console Management Interface (CMI).

Via the CMI Main Menu

  1. Log in to the appliance console (CMI).

  2. Check Current Time: On the Main Menu, look at the header information. The current system time is displayed in the top-right corner or just below the IP information as Date & Time.

    Alternatively, select 8) System Status to view detailed uptime and load information.

  3. Check VM Tools Version: From the Main Menu, select 9) Version Information.

    • Look for the line VMware Tools Version.

    • Ensure a valid version number is displayed (e.g., 12.4.0.48309).

    • If this reads “Not Installed” or “Stopped”, the appliance is not receiving time updates from the host.

Advanced Verification (Command Line)

For a granular check of the installed tools package:

  1. From the Main Menu, select 5) Tools and Utilities.

  2. Select 5) Command Line.

  3. Enter the CMI password when prompted.

  4. Run the following command to verify the installed open-vm-tools package:

    rpm -qa | grep open-vm-tools

    • Expected Output: You should see a package name similar to open-vm-tools-12.4.0….

    • Action: If no output is returned, the tools may need to be reinstalled.

How to Disable NTP (To Avoid Conflicts)

If you are following our recommendation to sync time from the VM Host, you must ensure NTP is disabled on the appliance to prevent clock drift battles.

  1. From the Main Menu, select 2) Network.

  2. Select 6) NTP Servers.

  3. Select 5) Stop NTP Service. * Note: If the service is already stopped, you may verify this by attempting to stop it again or checking the status.

    Note

    Ensure you do not have any active NTP servers configured in Option 1) Add NTP Server if you intend to rely solely on the Host.

Summary of Hypervisor Settings

Once the appliance is configured as above (NTP Disabled), ensure your Hypervisor is set to push time to the guest:

  • VMware: Edit Settings > VM Options > VMware Tools > Check “Synchronize guest time with host”.

  • Hyper-V: Settings > Integration Services > Check “Time synchronization”.

  • Nutanix: Ensure NGT (Nutanix Guest Tools) are installed and the time synchronization feature is active.