NTP

claforce · 05-05-2015, 01:46 PM

Hello,
A few months ago we switched the NTP servers that our Linux servers use to point to a couple of windows servers that the rest of the company uses. Since that time we have been having issues with time staying synced up on some of these servers. The servers are all Redhat or CentOS 5.x or 6.x. The strange thing is I can do a ntpd -gq to force an update and it works. I have verified that port 123 is open via "nc -uvz INTERNALSERVER1 123".

Below are a few strange things I have noticed on the servers that are not updating time correctly:

Code:

# ntpq -p
No association ID's returned

Stratum is 16 which I believe means out of sync:

Code:

# ntpq -c readlist
assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
version="ntpd 4.2.2p1@1.1570-o Fri Dec 19 18:27:47 UTC 2014 (1)",
processor="x86_64", system="Linux/2.6.18-238.9.1.el5", leap=11,
stratum=16, precision=-20, rootdelay=0.000, rootdispersion=150.435,
peer=0, refid=INIT,
reftime=00000000.00000000  Thu, Feb  7 2036  0:28:16.000, poll=6,
clock=d8f38d56.a53e9da7  Tue, May  5 2015 13:41:26.645, state=1,
offset=0.000, frequency=0.000, jitter=0.001, noise=0.001,
stability=0.000, tai=0

Offset showing as 0 even when time is obviously off:

Code:

# /usr/sbin/ntpq -c "rv 0 offset"
assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
offset=0.000

Code:

#  ntpdc -c loopinfo
offset:               0.000000 s
frequency:            0.000 ppm
poll adjust:          0
watchdog timer:       10225 s

The server these examples are from is a Red Hat Enterprise Linux Server release 5.11 (Tikanga).

Let me know if there is more information I can provide.

Below is my ntp.conf:

Code:

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).

server INTERNALSERVER1 iburst
server INTERNALSERVER2 iburst

# Drift file.  Put this in a directory which the daemon can write to.
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

Thanks,

Chris.

michaelk · 05-06-2015, 07:46 AM

How are windows servers configured for time?

Are there other linux computers synching with the windows servers? Do they have an internal fudge setting in their ntp.conf file?

Not enough information but in general windows servers only using w32time do not provide enough accuracy to be used by ntp.

claforce · 05-06-2015, 08:07 AM

michaelk,
Thanks for the response. I don't have access to the windows servers, but can try and get some of that information from their admins. There are serveral of our linux servers that are staying in sync using these servers, however, with the same ntp.conf configuration. The only correlation I've been able to find so far is that the servers having issues are RH 5.6 and 5.11. Some of the servers not having issues are RH 5.8 and 6.6. Is there anything else I can provide besides windows server configuration?
Thanks,

Chris.

michaelk · 05-06-2015, 08:47 AM

What happens if you restart ntp?

claforce · 05-06-2015, 08:55 AM

It restarts and resyncs the time, but does not sync with the peers. All of the commands return the same as my initial post.
Thanks,

Chris.

Vernicronz · 05-08-2015, 04:09 AM

Hello claforce ,

Try this ,

1. empty the /etc/ntp.conf and add your ntp server IP

>/etc/ntp.conf
vi /etc/ntp.conf
and add the ip

example
[root@airpal ~]# cat /etc/ntp.conf
server 10.0.0.5

2. start the ntp daemon

/etc/init.d/ntpd start

3. check the connection / sync with your ntp server using ntpstat

example
[root@airpal ~]# ntpstat 10.0.0.5
synchronised to NTP server (10.0.0.5) at stratum 4
time correct to within 134 ms
polling server every 1024 s

4. you can verify with ntpq -pn

example
[root@airpal ~]# ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
*10.0.0.5 2xx.2xx.1x.1xx 3 u 859 1024 377 2.106 29.718 36.905

hope this helps