Sometimes a network administrator will prefer to use Network Time Protocol (NTP) for synchronization of system clocks rather than having VAS synchronizing against an Active Directory Domain Controller. If you do have another NTP service running on our system you may see this message in the system logs:
The SNTP/NTP port 123 is bound. It appears as though another NTP daemon has been started. vasd will not synchronize time.
The vasd daemon will operate as a time synchronization agent for the Unix host if no other process is using the NTP port (123). It looks at port 123 when it starts up, and if it is not bound (i.e. the port is open) then vasd will query Active Directory (AD) Domain Controllers for the current time and ensure that the Unix host's clock is synchronized to ensure that Kerberos operations work correctly. Furthermore, if port 123 is open, then every 12 hours (default timesync interval) vasd will do a timesync against AD, setting the system clock to the appropriate time.
vasd when it starts, and by default every 12 hours, attempts to syncronize the time. To disable this set the [vasd] option timesync-interval to 0 in vas.conf.
timesync-interval = 0
If vasd detects NTP (by checking port 123 being bound) when it starts it completly skips all time synchronization, regardless of any timesync-interval setting.
- A reminder, VAS requires the client machines to be in sync with the DC.
The main authentication method for VAS, Kerberos, is time sensitive, and usually requires clocks be within 5 minutes to function.
You must use either the timesync from VAS or NTP to ensure that system clocks are synched. This might otherwise impede VAS from working properly.
Please see Solution SOL31756 for additional information regarding time synchronization for VAS.