Virtual machines and their clocks can be quite nasty – at least if I am working with them. Maybe it is because it is impossible to kick against virtual machines? Are they that nasty because they know they are safe?

The story: I was starting to separate services into virtual machines on a Xen-Host to avoid having one machine doing it all, being a big target. One of the services I was trying to virtualize was the NTPd, that should poll pool.ntp.org and make the time available on the internal network. But the service refused to work properly.

So let’s check the facts: As there is no constant time difference, it cannot be a wrong timezone messing it up. The ntp-servers outside are reachable – so it isn’t the firewall. ntpq -c peers gives me a list of peers that are actually working. A bug in the daemon?

I would wish that this was the case, but the problem is the Xen host which simulates a cmos clock for the virtual guests, but somehow it seems that it isn’t modifiable for the guests. Asking Google gave me the independant wallclock option, which solved the problem as long as you watch it. As soon as you turn your back on the service, it freaks again.

At the end I have given up and installed the NTPd at the Dom-0 as I was running out of ideas.