Debian server will not update from NTP from Windows Server 2003

c0dex · 08-14-2011, 02:21 PM

Hello everyone. My first post here although I have been lurking for a while. I hope I have put this in the right place and if not I'm sure someone will move it to it's correct home.

I am having an issue getting my Debian x64 server to sync time with my local NTP server on my network which is running Windows Server 2003. Both of these machines are running in a VM. I can sync time with another client on my network to the Server 2003 machine just fine with no issues. My Debian server can sync time with another time server, just not the Windows 2003 server on my LAN. The error that I am getting is the following:

"ntpdate[7988]: no server suitable for synchronization found"

I have googled and googled and googled and searched this forum to no avail. I have started over many, many times to no avail. I configured iptables correctly and the firewall on my router correctly and the firewall on Server 2003 correctly.

I don't know why this won't work and I'm at a loss. I hope that someone here can give me a hand in this. If there's any information you need from me please let me know and I'll provide it. Thank you in advance

acid_kewpie · 08-14-2011, 03:41 PM

you need to pay more attention to NTP, and not just live with that error code. add a few -v's and you'll more than likely find a firewall issue in place. add the AD server to your /etc/ntp.conf as "server 12.34.45.56" as appropriate and start the server. give it a few minutes, then run "ntp -pn" and then you'll see its long term view of the servers ntp, if it's listed as strata 16 then it can't even reach it.

c0dex · 08-14-2011, 04:40 PM

Quote:

Originally Posted by acid_kewpie

you need to pay more attention to NTP, and not just live with that error code. add a few -v's and you'll more than likely find a firewall issue in place. add the AD server to your /etc/ntp.conf as "server 12.34.45.56" as appropriate and start the server. give it a few minutes, then run "ntp -pn" and then you'll see its long term view of the servers ntp, if it's listed as strata 16 then it can't even reach it.

I tried switch -v with no success. Gives the same error. I also had already added the server to /etc/ntp.conf as well. The command "ntp -pn" doesn't work as it says "ntp: command not found". Tried to do a apt-get install ntp with no luck. Thank you for your help but I'm still stuck with this not working. If there's anything else you can think of, please let me know. Thank you.

EDIT: Also, when I try to do sudo ntpdate time.windows.com, I get the same error. However, if I try sudo ntpdate nist1-chi.ustiming.org, it works just fine. Is that not weird?

acid_kewpie · 08-14-2011, 04:41 PM

sorry, "ntpq -pn" (ntp query)

you'll still get the same errors, but you should get additional info to help you know what the problem is.

c0dex · 08-14-2011, 04:45 PM

Quote:

Originally Posted by acid_kewpie

sorry, "ntpq -pn" (ntp query)

you'll still get the same errors, but you should get additional info to help you know what the problem is.

Gives me a "ntpq: read: Connection refused". I am assuming the connection from my Windows Server is refusing the connection from my Debian server? That wouldn't make any sense as my Ubuntu client and my other Windows 7 client can get time updates just fine from the Windows 2003 server.

acid_kewpie · 08-15-2011, 02:54 AM

no, that means you're not running an ntp daemon locally. ignore that for now then and stick with ntpdate, adding -v's and posting useful output here.

c0dex · 08-15-2011, 01:16 PM

Here's what I have for output so far:

Code:

user@server:~$ sudo ntpdate -v 192.168.1.9
15 Aug 13:12:13 ntpdate[10219]: ntpdate 4.2.6p2@1.2194-o Sun Oct 17 13:35:14 UTC 2010 (1)
15 Aug 13:12:21 ntpdate[10219]: no server suitable for synchronization found

Works with a time server that's external just fine:

Code:

user@server:~$ sudo ntpdate -v 208.66.175.36
15 Aug 13:15:46 ntpdate[10226]: ntpdate 4.2.6p2@1.2194-o Sun Oct 17 13:35:14 UTC 2010 (1)
15 Aug 13:15:54 ntpdate[10226]: adjust time server 208.66.175.36 offset 0.063287 sec

Debug from ntpdate:

Code:

user@server:~$ sudo ntpdate -d 192.168.1.9
15 Aug 13:13:30 ntpdate[10223]: ntpdate 4.2.6p2@1.2194-o Sun Oct 17 13:35:14 UTC                      2010 (1)
transmit(192.168.1.9)
receive(192.168.1.9)
transmit(192.168.1.9)
receive(192.168.1.9)
transmit(192.168.1.9)
receive(192.168.1.9)
transmit(192.168.1.9)
receive(192.168.1.9)
transmit(192.168.1.9)
192.168.1.9: Server dropped: no data
server 192.168.1.9, port 123
stratum 1, precision -6, leap 00, trust 000
refid [LOCL], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time:    d1f32ec0.25374bc6  Mon, Aug 15 2011  0:36:00.145
originate timestamp: d1f3e04c.a5374bc6  Mon, Aug 15 2011 13:13:32.645
transmit timestamp:  d1f3e050.20bbc937  Mon, Aug 15 2011 13:13:36.127
filter delay:  0.00000  0.00000  0.00000  0.00000
         0.00000  0.00000  0.00000  0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
         0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000

15 Aug 13:13:38 ntpdate[10223]: no server suitable for synchronization found

c0dex · 08-18-2011, 01:38 PM

Shameless bump to the top. I still have not found a resolution for this.

acid_kewpie · 08-18-2011, 02:11 PM

OK, so it looks like it's a windows issue to me. There's a tool which you can use on windows, equivalent to the ntpq command on linux, which i *think* is "w32tm /query /status" it should largely mirror the later output of ntpdate in a different format.

Oh, but then it says the windows service is synced to itself (LOCL)? it's probably jsut discounting that data as that server isn't reliably synced to anything else, so the time is not in any way reliable.

c0dex · 08-18-2011, 05:11 PM

What's weird is that if try to sync time doing "sudo ntpdate time.windows.com" it won't sync the time but if I try any other server from http://tf.nist.gov/tf-cgi/servers.cgi, my Debian server will sync with any of them. Does that help maybe narrow the problem? Also, my iptables looks like the following:

Code:

target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp spt:ntp dpt:ntp

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp spt:ntp dpt:ntp