hello after upgrading our zerto zvm 2 sites to 8.5 patch 1, we’re seeing NTP port 123 quries from VRA’s and seems to be scanning for various outside ntp sites. like to Ziply 50.39.170.40, 78.46.162.102 in germany, and ips in austrilia. its currently blocked at firewall. we traced it back to all/any of the VRA’s. and we can see it started right after we upgraded to 8.5 patch1 which included an upgrade of the VRA’s after the site ZVM servers. since its a debian based distro, I can turn off the ntp service on vra but I’m guessing it would impact replication and change tracking. support ticket submitted.
We had upgraded to 8.5 and are also noticing the same issue, we edited the ntp.conf file and commented out the pool 0.debian.pool.ntp.org (zero through 3 or all pool settings)
Then we added our ESXi NTP settings under the server ntp.your-provider.example and restarted the VRA in vCenter, used NSX Netflow to monitor traffic and confirmed NTP settings under server were being used.
Hope that helps, BTW, you can use the ssh.ppk from the ZVM to putty into the VRA’s as root
yes its a problem with linux distro they user for the VRA on this upgrade. they gave me a tweak tool and some instructions to edit out the ntp broadcasts.
Ralph H.
