Linux – NTP failing to update

clock-synchronizationlinuxntptime

I am attempting to use ntp on the server.

Checking ps the ntpd process seems to be running:

ntpd -u ntp:ntp -p /var/run/ntpd.pid -g

However the time is not being corrected, any ideas?

The drift is about 2 minutes per month, which is not a problem according to an answer to an earlier question I asked. I understand it can take some time to correct a badly drifted time but I corrected the time recently to an accurate value.

(Server details – Cent OS, Linux version 2.6.9.)

Results of ntpq -pn

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 72.14.188.52    .INIT.          16 u  62h 1024    0    0.000    0.000 4000.00
 4.79.132.217    .INIT.          16 u  10d 1024    0    0.000    0.000 4000.00
 72.14.179.211   .INIT.          16 u  62h 1024    0    0.000    0.000 4000.00
*127.127.1.0     LOCAL(0)        10 l    2   64  377    0.000    0.000   0.004

Contents of /etc/log/messages

Jan 10 04:21:36 server1 ntpd[18417]: sendto(72.14.188.52): Operation not permitted
Jan 10 04:21:41 server1 ntpd[18417]: sendto(72.14.179.211): Operation not permitted
Jan 10 04:22:13 server1 ntpd[18417]: sendto(4.79.132.217): Operation not permitted
Jan 10 04:38:41 server1 ntpd[18417]: sendto(72.14.188.52): Operation not permitted
....

Update

Thanks for the responses. I've updated the firewall settings and no more messages have been appended to etc/log/messages, so it looks like a problem has been resolved. I'll give it some more time to see what happens.

Best Answer

Are there any ntpd messages in /var/log/messages? As I was dealing with my EC2 NTP issues I noticed that NTP didn't like being too far out of sync and wanted a manual update. Perhaps you're too far out for it to decide it will update for you.

Related Solutions

Public NTP servers

http://www.pool.ntp.org/

If you are in the US: United States — us.pool.ntp.org To use this pool zone, add the following to your ntp.conf file:

   server 0.us.pool.ntp.org
   server 1.us.pool.ntp.org
   server 2.us.pool.ntp.org
   server 3.us.pool.ntp.org

Other pools around the world are available and can be found at the http://www.pool.ntp.org/ site.

WS2008 NTP – Using time.windows.com,0x9 – Time always skewed forwards

I had the same issue and finally resolved it this morning. Here is what I did:

Have a look in the registry (all hives and keys in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time) on both the server with the time issue and another member server that is syncing ntp correctly.

I found a few discrepancies and exported the required keys \ hives from the working server to the broken one. The following keys had been messed up, here is the good keys I exported from the working box onto the broken one. Please note that these values may not be the same as yours so please dont use the keys below:

The security Hive was missing so I recreated with this:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Security]
"Security"=hex:01,00,04,80,84,00,00,00,90,00,00,00,00,00,00,00,14,00,00,00,02,\
  00,70,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,\
  00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
  00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,\
  8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,9d,01,02,00,01,\
  01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00

And noticed that the NtpServer hive had missing keys, this was fixed by importing:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer]
"DllName"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,\
  00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
"Enabled"=dword:00000000
"InputProvider"=dword:00000000
"AllowNonstandardModeCombinations"=dword:00000001
"EventLogFlags"=dword:00000000
"ChainEntryTimeout"=dword:00000010
"ChainMaxEntries"=dword:00000080
"ChainMaxHostEntries"=dword:00000004
"ChainDisable"=dword:00000000
"ChainLoggingRate"=dword:0000001e

I then amended the following existing keys to reduce phase:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config] 
"MaxAllowedPhaseOffset"=dword:00000001 
"SpecialPollInterval"=dword:00000005 
"SpecialInterval"=dword:00000001

Once you are sure the registry is correct, Issue the following commands via Command Line as Administrator:

w32tm /config /manualpeerlist:"YOURNTPSERVER-OR-DCHERE.YOURDOMAIN.COM,0x01" /syncfromflags:MANUAL /update
net stop w32time && net start w32time
w32tm /resync /computer:YOURNTPSERVER-OR-DCHERE.YOURDOMAIN.COM /rediscover

Waited a few minutes then checked sync

w32tm /monitor /computers:YOURNTPSERVER-OR-DCHERE.YOURDOMAIN.COM

It should look a bit like this:

YOURNTPSERVER-OR-DCHERE.YOURDOMAIN.COM[IPOFYOUR.NTP.OR.DC:123]:
    ICMP: 0ms delay
    NTP: +0.0496804s offset from local clock
        RefID: YOURNTPSERVER-OR-PDCHERE [IPOFYOUR.NTP.OR.PDC]
        Stratum: 3

Then check phase:

w32tm /stripchart /computer:YOURNTPSERVER-OR-DCHERE.YOURDOMAIN.COM

It should look like this:

10:08:42 d:+00.0000000s o:+00.0139224s  [           *           ]
10:08:44 d:+00.0000000s o:-00.0015659s  [           *           ]
10:08:46 d:+00.0000000s o:-00.0014534s  [           *           ]
10:08:48 d:+00.0000000s o:-00.0013418s  [           *           ]
10:08:50 d:+00.0000000s o:-00.0012421s  [           *           ]

Hope this helps!

Best Answer

Related Solutions

Public NTP servers

WS2008 NTP – Using time.windows.com,0x9 – Time always skewed forwards

Related Topic