Problem with time synchronisaton - NTP

This is a discussion on Problem with time synchronisaton - NTP ; Greetings, I have ntpd installed (ntpq 4.2.2p1@1.1570-o Mon Jun 4 15:13:06 UTC 2007 (1) and running but the time on the ntp host does not appear to be synching with the nominated external time references. Any assistance much appreciated. Details ...

+ Reply to Thread
Results 1 to 16 of 16

Thread: Problem with time synchronisaton

  1. Problem with time synchronisaton

    Greetings,

    I have ntpd installed (ntpq 4.2.2p1@1.1570-o Mon Jun 4 15:13:06 UTC 2007
    (1) and running but the time on the ntp host does not appear to be
    synching with the nominated external time references. Any assistance much
    appreciated.

    Details as follows:

    [root@maitproddns etc]# ntpq -p
    remote refid st t when poll reach delay offset
    jitter
    ================================================== ============================
    wireless.org.au .INIT. 16 u - 256 0 0.000 0.000
    0.000
    pond.thecave.ws .INIT. 16 u - 256 0 0.000 0.000
    0.000
    cust6381.nsw01. .INIT. 16 u - 256 0 0.000 0.000
    0.000
    core.narx.net .INIT. 16 u - 256 0 0.000 0.000
    0.000
    *LOCAL(0) .LOCL. 10 l 3 64 377 0.000 0.000
    0.001

    The logs don't seem to indicate a problem:

    Apr 11 15:53:05 maitproddns ntpd[11595]: ntpd 4.2.2p1@1.1570-o Mon Jun 4
    15:13:02 UTC 2007 (1)
    Apr 11 15:53:05 maitproddns ntpd[11596]: precision = 1.000 usec
    Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface wildcard,
    0.0.0.0#123 Disabled
    Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface wildcard,
    ::#123 Disabled
    Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface lo,
    ::1#123 Enabled
    Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface eth0,
    fe80::250:56ff:fe8d:45f3#123 Enab
    led
    Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface lo,
    127.0.0.1#123 Enabled
    Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface eth0,
    203.11.159.13#123 Enabled
    Apr 11 15:53:05 maitproddns ntpd[11596]: kernel time sync status 0040
    Apr 11 15:53:08 maitproddns ntpd[11596]: frequency initialized 0.000 PPM
    from /var/lib/ntp/drift
    Apr 11 15:56:25 maitproddns ntpd[11596]: synchronized to LOCAL(0), stratum
    10
    Apr 11 15:56:25 maitproddns ntpd[11596]: kernel time sync enabled 0001

    My ntp.conf file is out of thebox with the exception of the external time
    servers

    ntp.conf
    ---------------------------------------------------------
    [root@maitproddns etc]# more ntp.conf
    # Permit time synchronization with our time source, but do not
    # permit the source to query or modify the service on this system.
    restrict default kod nomodify notrap nopeer noquery
    restrict -6 default kod nomodify notrap nopeer noquery

    # Permit all access over the loopback interface. This could
    # be tightened as well, but to do so would effect some of
    # the administrative functions.
    restrict 127.0.0.1
    restrict -6 ::1

    # Hosts on local network are less restricted.
    #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

    # Use public servers from the pool.ntp.org project.
    # Please consider joining the pool (http://www.pool.ntp.org/join.html).
    # server 0.rhel.pool.ntp.org
    # server 1.rhel.pool.ntp.org
    # server 2.rhel.pool.ntp.org
    server 0.au.pool.ntp.org
    server 1.au.pool.ntp.org
    server 2.au.pool.ntp.org
    server 3.au.pool.ntp.org

    #broadcast 192.168.1.255 key 42 # broadcast server
    #broadcastclient # broadcast client
    #broadcast 224.0.1.1 key 42 # multicast server
    #multicastclient 224.0.1.1 # multicast client
    #manycastserver 239.255.254.254 # manycast server
    #manycastclient 239.255.254.254 key 42 # manycast client

    # Undisciplined Local Clock. This is a fake driver intended for backup
    # and when no outside source of synchronized time is available.
    server 127.127.1.0 # local clock
    fudge 127.127.1.0 stratum 10

    # Drift file. Put this in a directory which the daemon can write to.
    # No symbolic links allowed, either, since the daemon updates the file
    # by creating a temporary in the same directory and then rename()'ing
    # it to the file.
    driftfile /var/lib/ntp/drift

    # Key file containing the keys and key identifiers used when operating
    # with symmetric key cryptography.
    keys /etc/ntp/keys

    # Specify the key identifiers which are trusted.
    #trustedkey 4 8 42

    # Specify the key identifier to use with the ntpdc utility.
    #requestkey 8

    # Specify the key identifier to use with the ntpq utility.
    #controlkey 8



    This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of their organisation.

  2. Re: Problem with time synchronisaton

    tony.carter@dpi.nsw.gov.au wrote:
    > Greetings,
    >
    > I have ntpd installed (ntpq 4.2.2p1@1.1570-o Mon Jun 4 15:13:06 UTC
    > 2007 (1) and running but the time on the ntp host does not appear to
    > be
    > synching with the nominated external time references. Any assistance
    > much
    > appreciated.
    >
    > Details as follows:
    >
    > [root@maitproddns etc]# ntpq -p
    > remote refid st t when poll reach delay offset
    > jitter
    > ================================================== ============================
    > wireless.org.au .INIT. 16 u - 256 0 0.000 0.000
    > 0.000
    > pond.thecave.ws .INIT. 16 u - 256 0 0.000 0.000
    > 0.000
    > cust6381.nsw01. .INIT. 16 u - 256 0 0.000 0.000
    > 0.000
    > core.narx.net .INIT. 16 u - 256 0 0.000 0.000
    > 0.000
    > *LOCAL(0) .LOCL. 10 l 3 64 377 0.000 0.000
    > 0.001
    >
    > The logs don't seem to indicate a problem:


    If the reach column is 0, then you are not seeing the remote servers. You
    should see 377. Look for a network or connectivity issue. Can you ping
    the remote servers? Ask them an NTP query like:

    ntpq -p wirelss.org.au

    By the way, that query doesn't work for me, so are you sure that server is
    running NTP? Do you have permission to access it? You might be better
    off with "pool" servers:

    0.pool.ntp.org
    1.pool.ntp.org

    Cheers,
    David



  3. Re: Problem with time synchronisaton

    David J Taylor wrote:
    []
    > By the way, that query doesn't work for me, so are you sure that
    > server is running NTP? Do you have permission to access it? You
    > might be better off with "pool" servers:
    >
    > 0.pool.ntp.org
    > 1.pool.ntp.org
    >
    > Cheers,
    > David


    Oops, I see you are using the Australian pool servers. However,
    0.au.pool.ntp.org didn't answer my ntpq, and 1.au.pool.ntp.org returned
    incomplete data, so I would still check the servers carefully. They are
    (should be) dynamically allocated, to load balance. Check network
    connectivity first. You can add the iburst qualifiers for faster initial
    sync.

    server 0.pool.ntp.org iburst
    server 1.pool.ntp.org iburst

    David



  4. Re: Problem with time synchronisaton

    tony.carter@dpi.nsw.gov.au wrote:

    > I have ntpd installed (ntpq 4.2.2p1@1.1570-o Mon Jun 4 15:13:06 UTC 2007


    That is not a standard version number. Who allocated the "@1.1570-o"
    part of the version number? You may be better off getting support from
    them.

    > (1) and running but the time on the ntp host does not appear to be
    > synching with the nominated external time references. Any assistance much
    > appreciated.


    That's because no (valid) replies have been received from any of them.
    The two common causes of this are over-aggressive restrict lines and
    firewalls.

    I think your restrict lines may be OK, but I'd suggest confirming that
    it works without any. Using pool servers limits your ability to use
    restrict and the defaults must permit your client to use any times it
    receives.

    Another possibility is that they have restrict kod set on the servers,
    and you are using multiple clients and NAT, in a way that causes the
    rate limits to be exceeded.

    People often overlook the Linux iptables firewall.

    You should run ntpq rv on the associations from your servers, to see if
    they are responding, but the responses are being rejected, and if so
    why. You should also try running tcpdump, etc., at appropriate places
    on the network to find out if they are getting blocked at some point.

    > My ntp.conf file is out of thebox with the exception of the external time
    > servers


    Whose box? I believe the official box doesn't have a configuration file
    in it.

    > # Permit time synchronization with our time source, but do not
    > # permit the source to query or modify the service on this system.


    Note this answers the recent question about ntpq peers not working!

    >
    > # Undisciplined Local Clock. This is a fake driver intended for backup
    > # and when no outside source of synchronized time is available.


    This description is incomplete, and, in my view, no out of the box
    configuration should have these lines enabled. They should only be
    enabled on servers and only if you understand the risks. However, that
    is not an issue here.

    > server 127.127.1.0 # local clock
    > fudge 127.127.1.0 stratum 10


  5. Re: Problem with time synchronisaton

    tony.carter@dpi.nsw.gov.au wrote:
    > Greetings,
    >
    > I have ntpd installed (ntpq 4.2.2p1@1.1570-o Mon Jun 4 15:13:06 UTC 2007
    > (1) and running but the time on the ntp host does not appear to be
    > synching with the nominated external time references. Any assistance much
    > appreciated.
    >
    > Details as follows:
    >
    > [root@maitproddns etc]# ntpq -p
    > remote refid st t when poll reach delay offset
    > jitter
    > ================================================== ============================
    > wireless.org.au .INIT. 16 u - 256 0 0.000 0.000
    > 0.000
    > pond.thecave.ws .INIT. 16 u - 256 0 0.000 0.000
    > 0.000
    > cust6381.nsw01. .INIT. 16 u - 256 0 0.000 0.000
    > 0.000
    > core.narx.net .INIT. 16 u - 256 0 0.000 0.000
    > 0.000
    > *LOCAL(0) .LOCL. 10 l 3 64 377 0.000 0.000
    > 0.001
    >
    > The logs don't seem to indicate a problem:


    The problem should be clear from the above ntpq -p banner!! None of the
    servers you have configured have responded to requests sent by your system!

    Can you ping these servers and get a response? Do you have a firewall
    that is blocking Port 123?

    BTW, if you didn't wait at least 30 minutes between starting ntpd and
    getting the ntpq banner, you wasted your time! Ntpd generally requires
    about that much time to figure out exactly what time it is and to beat
    your clock into submission.

  6. Re: Problem with time synchronisaton

    On 2008-04-12, David Woolley wrote:

    > tony.carter@dpi.nsw.gov.au wrote:
    >
    >> I have ntpd installed (ntpq 4.2.2p1@1.1570-o Mon Jun 4 15:13:06 UTC
    >> 2007

    >
    > That is not a standard version number.


    Really? On my system running 4.2.5p54 built from sources downloaded from
    www.ntp.org I see:

    $ ntpq -c"rv 0 version"
    assID=0 status=0654 leap_none, sync_ntp, 5 events, event_peer/strat_chg,
    version="ntpd 4.2.5p54@1.1533-o Fri Jun 22 14:26:20 UTC 2007 (2)"

    > Who allocated the "@1.1570-o" part of the version number?


    ntp.org

    > You may be better off getting support from them.


    I believe he's in the right place.

    >> (1) and running but the time on the ntp host does not appear to be
    >> synching with the nominated external time references. Any assistance much
    >> appreciated.

    >
    > That's because no (valid) replies have been received from any of them.
    > The two common causes of this are over-aggressive restrict lines and
    > firewalls.
    >
    > I think your restrict lines may be OK,


    They are.

    > but I'd suggest confirming that it works without any.


    It won't.

    > Using pool servers limits your ability to use restrict and the
    > defaults must permit your client to use any times it receives.


    They do.

    > Another possibility is that they have restrict kod set on the servers,
    > and you are using multiple clients and NAT, in a way that causes the
    > rate limits to be exceeded.


    If that were the case you would see .KOD. in the ntpq peers billboard.

    > People often overlook the Linux iptables firewall.


    Port 123/UDP must be open to receive packets from the remote time
    servers.

    --
    Steve Kostecke
    NTP Public Services Project - http://support.ntp.org/

  7. Re: Problem with time synchronisaton

    Tony,

    Why do you have a local refclock configured?

    Why are you not using the 'iburst' keyword on your server lines?

    Have you seen http://support.ntp.org/bin/view/Support/ConfiguringNTP ?

    --
    Harlan Stenn
    http://ntpforum.isc.org - be a member!

  8. Re: Problem with time synchronisaton

    >>> In article , "Richard B. Gilbert" writes:

    Richard> BTW, if you didn't wait at least 30 minutes between starting ntpd
    Richard> and getting the ntpq banner, you wasted your time! Ntpd generally
    Richard> requires about that much time to figure out exactly what time it is
    Richard> and to beat your clock into submission.

    Which is why we recommend using 'iburst', as with a good drift file ntpd
    will have everything ready to go in about 11 seconds' time.

    --
    Harlan Stenn
    http://ntpforum.isc.org - be a member!

  9. Re: Problem with time synchronisaton

    Harlan Stenn wrote:
    >
    > Why do you have a local refclock configured?


    Because he's using an out of the box configuration. That, is probably
    the main reason that people have them configured. You really need to
    ask the people who put in the box, but I suspect they don't know, either.

  10. Re: Problem with time synchronisaton

    On 2008-04-12, David Woolley wrote:

    > Harlan Stenn wrote:
    >
    >> Why do you have a local refclock configured?

    >
    > Because he's using an out of the box configuration. That, is probably
    > the main reason that people have them configured. You really need to
    > ask the people who put in the box, but I suspect they don't know,
    > either.


    The problem here is that the distribution does not contain a decent
    assortment of example configuration files for common configurations. So
    the OS distributors/aggregators/vendors each cobble together their own
    one size fits all configuration file.

    --
    Steve Kostecke
    NTP Public Services Project - http://support.ntp.org/

  11. Re: Problem with time synchronisaton

    On 2008-04-12, Richard B. Gilbert wrote:

    > BTW, if you didn't wait at least 30 minutes between starting ntpd and
    > getting the ntpq banner, you wasted your time!


    Nonsense.

    After only two polls you can see if your ntpd is able to contact the
    remote time servers. You don't need to wait 30 minutes for that.

    As ntpd continues to poll you can see if a step was required or if
    the clock is being steered in the right direction .

    > Ntpd generally requires about that much time to figure out exactly
    > what time it is and to beat your clock into submission.


    That's not the issue here.

    --
    Steve Kostecke
    NTP Public Services Project - http://support.ntp.org/

  12. Re: Problem with time synchronisaton


    >The problem here is that the distribution does not contain a decent
    >assortment of example configuration files for common configurations. So
    >the OS distributors/aggregators/vendors each cobble together their own
    >one size fits all configuration file.


    But does a local refclock make sense in a typical setup?

    Does the wiki have a good collection of examples? and the discussion
    that goes with them? How much effort would it take to make one?

    Would it make sense to encourage distributions to include
    a URL at the top of their prototype config file?

    --
    These are my opinions, not necessarily my employer's. I hate spam.


  13. Re: Problem with time synchronisaton

    "Hal Murray" wrote in message
    news:yeadnZdIFojuyZzVnZ2dnUVZ_vninZ2d@megapath.net ...

    >> The problem here is that the distribution does not contain a decent
    >> assortment of example configuration files for common configurations.
    >> So the OS distributors/aggregators/vendors each cobble together their
    >> own one size fits all configuration file.


    I suspect they would do that anyway. Because they usually want one size
    to fit all.


    > But does a local refclock make sense in a typical setup?


    Given the above, yes. It doesn't actually hurt a client (if a server
    is available), and an isolated server needs it.

    Differentiating between leaf node, dependent server, and isolated
    server is too hard for some. Especially since the difference is
    only in the configuration, and a dependent server, while it could
    use the Pool, would often need manual configuration. And I'm not
    even talking about broadcast/multicast.

    The logical end result is a distribution with three or four Pool
    servers and a local clock. It falls down with multiple installations
    in an isolated network, but works everywhere else. It may not be
    optimal, but it's the best you can do under a wide set of
    circumstances.

    Groetjes,
    Maarten Wiltink



  14. Re: Problem with time synchronisaton

    On Sat, 12 Apr 2008 06:34:57 +0000, David J Taylor wrote:

    > David J Taylor wrote:
    > []
    >> By the way, that query doesn't work for me, so are you sure that
    >> server is running NTP? Do you have permission to access it? You
    >> might be better off with "pool" servers:
    >>
    >> 0.pool.ntp.org
    >> 1.pool.ntp.org
    >>
    >> Cheers,
    >> David

    >
    > Oops, I see you are using the Australian pool servers. However,
    > 0.au.pool.ntp.org didn't answer my ntpq, and 1.au.pool.ntp.org returned
    > incomplete data, so I would still check the servers carefully. They are
    > (should be) dynamically allocated, to load balance. Check network
    > connectivity first. You can add the iburst qualifiers for faster initial
    > sync.
    >
    > server 0.pool.ntp.org iburst
    > server 1.pool.ntp.org iburst


    They all work. None of them are in use by my *.au.pool.ntp.org config.

    Only one of them is currently listed by [0123].au.pool.ntp.org.

    Maybe there are restrict entries for non-APNIC addresses.

    server 203.23.237.200, port 123
    stratum 2, precision -20, leap 00, trust 000
    refid [203.23.237.200], delay 0.05562, dispersion 0.00015
    transmitted 4, in filter 4
    reference time: cbac6bca.c1f1aab8 Sun, Apr 13 2008 21:23:54.757
    originate timestamp: cbac6f6a.8f9cf7d4 Sun, Apr 13 2008 21:39:22.560
    transmit timestamp: cbac6f6a.8cb76f6d Sun, Apr 13 2008 21:39:22.549
    filter delay: 0.05701 0.05721 0.05562 0.05666
    0.00000 0.00000 0.00000 0.00000
    filter offset: -0.00414 -0.00417 -0.00401 -0.00422
    0.000000 0.000000 0.000000 0.000000
    delay 0.05562, dispersion 0.00015
    offset -0.004013

    server 203.82.209.217, port 123
    stratum 2, precision -20, leap 00, trust 000
    refid [203.82.209.217], delay 0.09946, dispersion 0.00058
    transmitted 4, in filter 4
    reference time: cbac6d14.feb85f75 Sun, Apr 13 2008 21:29:24.995
    originate timestamp: cbac6f6a.e88e94ad Sun, Apr 13 2008 21:39:22.908
    transmit timestamp: cbac6f6a.e173eab3 Sun, Apr 13 2008 21:39:22.880
    filter delay: 0.10147 0.09981 0.09978 0.09946
    0.00000 0.00000 0.00000 0.00000
    filter offset: -0.00788 -0.00944 -0.00991 -0.00917
    0.000000 0.000000 0.000000 0.000000
    delay 0.09946, dispersion 0.00058
    offset -0.009178

    server 203.171.85.237, port 123
    stratum 1, precision -20, leap 00, trust 000
    refid [PPS], delay 0.08073, dispersion 0.00037
    transmitted 4, in filter 4
    reference time: cbac6f64.3a0d3f1f Sun, Apr 13 2008 21:39:16.226
    originate timestamp: cbac6f6b.0ed6fa80 Sun, Apr 13 2008 21:39:23.057
    transmit timestamp: cbac6f6b.06a582db Sun, Apr 13 2008 21:39:23.025
    filter delay: 0.08232 0.08218 0.08073 0.08098
    0.00000 0.00000 0.00000 0.00000
    filter offset: 0.003776 0.003835 0.003507 0.004039
    0.000000 0.000000 0.000000 0.000000
    delay 0.08073, dispersion 0.00037
    offset 0.003507

    server 203.34.87.2, port 123
    stratum 2, precision -20, leap 00, trust 000
    refid [203.34.87.2], delay 0.09901, dispersion 0.00012
    transmitted 4, in filter 4
    reference time: cbac6610.859c6410 Sun, Apr 13 2008 20:59:28.521
    originate timestamp: cbac6f6b.50404692 Sun, Apr 13 2008 21:39:23.313
    transmit timestamp: cbac6f6b.47cf3dc0 Sun, Apr 13 2008 21:39:23.280
    filter delay: 0.10069 0.10120 0.09901 0.10210
    0.00000 0.00000 0.00000 0.00000
    filter offset: -0.00560 -0.00551 -0.00541 -0.00529
    0.000000 0.000000 0.000000 0.000000
    delay 0.09901, dispersion 0.00012
    offset -0.005417

    13 Apr 21:39:23 ntpdate[11563]: adjust time server 203.171.85.237 offset 0.003507 sec

    --
    2008/04/13:11:40:28UTC Slackware Linux 2.4.32
    up 16 days, 15:36, 6 users, load average: 2.24, 2.11, 2.08


  15. Re: Problem with time synchronisaton

    David Woolley wrote:
    > tony.carter@dpi.nsw.gov.au wrote:
    >
    >> I have ntpd installed (ntpq 4.2.2p1@1.1570-o Mon Jun 4 15:13:06 UTC 2007

    >
    > That is not a standard version number. Who allocated the "@1.1570-o"
    > part of the version number? You may be better off getting support from
    > them.
    >

    We do. It's the standard version string. The number following the @ is a
    bitkeeper version number.

    Note that 4.2.2 is old. I don't believe that orphan mode is supported
    until 4.2.4 so please install the latest version.

    Danny

  16. Re: Problem with time synchronisaton

    >> tony.carter@dpi.nsw.gov.au wrote:
    >>> I have ntpd installed (ntpq 4.2.2p1@1.1570-o Mon Jun 4 15:13:06 UTC 2007


    Please see http://support.ntp.org/bin/view/Dev/...nStringContent

    --
    Harlan Stenn
    http://ntpforum.isc.org - be a member!

+ Reply to Thread