Online Expert Day - HPE Data Storage - Live Now
April 24/25 - Online Expert Day - HPE Data Storage - Live Now
Read more
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

NTP - how to force synchronization without an association?

SOLVED
Go to solution
habyor
Occasional Advisor

NTP - how to force synchronization without an association?

Hello,

the HP-UX troubleshooting NTP documentation says that:

"
Every NTP time hierarchy must have at least one stratum-1 server,
with an external time source configured, either an attached radio clock
or the local system clock. If there is no stratum-1 server in the hierarchy,
no associations will be formed.
"

Is it possible to force NTP client to synchronize its time with a local (LAN)
NTP server despite the fact there is no stratum-1 server in the hierarchy?

I have a local (LAN) NTP server. When I type ntpq -p, it shows this:

remote refid st t when poll reach delay offset jitter
==============================================================================
ixi26.internetd .INIT. 16 u - 1024 0 0.000 0.000 0.000
ntp.ipartners.p .INIT. 16 u - 1024 0 0.000 0.000 0.000
vega.cbk.poznan .INIT. 16 u - 1024 0 0.000 0.000 0.000
smtp.certum.pl .INIT. 16 u - 1024 0 0.000 0.000 0.000
europium.canoni .INIT. 16 u - 1024 0 0.000 0.000 0.000

There is no '*' in the remote column, meaning there is no associacion.

When I type ntpq -p from my HP-UX client, it shows this:

remote refid st t when poll reach delay offset disp
==============================================================================
repepwd 0.0.0.0 16 u 5 64 0 0.00 0.000 16000.0

where repepwd is the local NTP server I want to synchronize with. There is
also no '*' in the remote column.

When I stop xntpd on the HP-UX client, and try sync the time by typing
"ntpdate repepwd", it shows this error message:

10 Dec 14:19:51 ntpdate[5250]: no server suitable for synchronization found

Do I understand correctly that it's because of the missing association?
If so, can I force NTP client to ignore the fact there is no stratum-1
server in the hierarchy?

Thanks in advance for any help.

Greetings,
Tomek.
19 REPLIES
Johnson Punniyalingam
Honored Contributor

Re: NTP - how to force synchronization without an association?

how about try with ip address

ntpdate
Problems are common to all, but attitude makes the difference
James R. Ferguson
Acclaimed Contributor

Re: NTP - how to force synchronization without an association?

Hi:

Synchronization will fail if your server's time is more than ~ 1000 seconds wrong. Verify that your server's time is correct with:

# date -u

If not, adjust it. If you need to set the server's time backwards, either reboot or stop time-sensitive processes like databases. Moving time forward is usually not a problem.

Regards!

...JRF...
Johnson Punniyalingam
Honored Contributor

Re: NTP - how to force synchronization without an association?

suggesting that the problem may be related to busy or remote network

ntpdate -b -t 4 -p 4

-t 4 sets the timeout to 4 seconds (from 1, "suitable for LAN applicatons") and -p 8 sets the number of averaged samples back to the default, After the initial ntpdate config, everything will sync up with ntpq which defaults to 5000 msec
Problems are common to all, but attitude makes the difference
habyor
Occasional Advisor

Re: NTP - how to force synchronization without an association?

The time difference between the NTP server and the HP-UX client is only about 4 minutes.

Trying ntpdate returns the same error message:

10 Dec 15:03:33 ntpdate[5559]: no server suitable for synchronization found

The same error message appears when I try:

ntpdate -b -t 4 -p 4 repepwd

or

ntpdate -b -t 4 -p 4

Am I wrong thinking that it's a problem with a missing associacion?

Tomek.
habyor
Occasional Advisor

Re: NTP - how to force synchronization without an association?

PS. ping repepwd shows very fast replies:

PING repepwd: 64 byte packets
64 bytes from 172.26.0.100: icmp_seq=0. time=0. ms
64 bytes from 172.26.0.100: icmp_seq=1. time=0. ms
64 bytes from 172.26.0.100: icmp_seq=2. time=0. ms
...

Tomek.
Julián Aimar
Frequent Advisor

Re: NTP - how to force synchronization without an association?

Hi, can you paste output

# telnet 123

tks
habyor
Occasional Advisor

Re: NTP - how to force synchronization without an association?

Bingo, telnet can't connect on port 123:

telnet repepwd 123
Trying...
telnet: Unable to connect to remote host: Connection refused

On repepwd in ntp.conf there is a line:

restrict 172.27.0.0 mask 255.255.255.128 nomodify notrap

but apparently it's not enough or there is some error I can't see. 255.255.255.128 is the netmask of the HP-UX
client.
Julián Aimar
Frequent Advisor

Re: NTP - how to force synchronization without an association?

give me the points.... hahahaha

Saludos

JEA
habyor
Occasional Advisor

Re: NTP - how to force synchronization without an association?

Points granted, still I don't know why it is refusing connections on port 123.

There is no firewall on repepwd, and netstat shows
that port 123 is open:

udp 0 0 172.26.0.100:123 0.0.0.0:*
udp 0 0 127.0.0.1:123 0.0.0.0:*
udp 0 0 0.0.0.0:123 0.0.0.0:*
udp6 0 0 fe80::21d:7dff:fe0d:123 :::*
udp6 0 0 ::1:123 :::*
udp6 0 0 :::123 :::*

When I try ntpdate repepwd, it gives me the same error:

# ntpdate -b -t 4 -p 4 172.26.0.100
10 Dec 16:37:05 ntpdate[6320]: no server suitable for synchronization found

Julián Aimar
Frequent Advisor

Re: NTP - how to force synchronization without an association?

habyor
Occasional Advisor

Re: NTP - how to force synchronization without an association?

Julian,

I already read this document - hence my first question:

Is it possible to force NTP client to synchronize its time with a local (LAN)
NTP server despite the fact there is no stratum-1 server in the hierarchy?

I know I have to first figure out why I can't connect on port 123,
but my question remains valid. If I am able to connect, will I be able to force time sync despite the fact there is no stratum-1 server in the hierarchy?

Greetings,
Tomek.
BUPA IS
Respected Contributor
Solution

Re: NTP - how to force synchronization without an association?

Hello ,
The Fundamental problem here is that the LAN NTP server is not in sync with anything at all and it can't and won't therefore share out the time to any other system . You probably need to get the external communications and firewalls investigated .

The lines like
> smtp.certum.pl .INIT. 16 u - 1024 0 0.000 0.000 0.000
> europium.canoni .INIT. 16 u - 1024 0 0.000 0.000 0.000
indicate that your LAN NTP server is not "in sync" and that it has never reached any of the time servers listed .
It is possible to allow the LAN server to advertise its own internal (probably wrong) clock at any stratum you choose. A stratum 1 server is not required .
The method used depends on the release of NTP running in your LAN server.
Is it possible to post the output of
ntpq -c rv
ntpq -c v
and the ntp.conf file from your LAN server as well as its make, OS, and OS release.
then I can suggest an answer
I hope this is of some help
Mike
Help is out there always!!!!!
rick jones
Honored Contributor

Re: NTP - how to force synchronization without an association?

Only if the NTP server with which it is trying to sync has a "fudge" entry for its local clock, the ntp.conf syntax for that escapes me but it should be findable via web search.

If you have any interest in the *correct* time rather than merely *consistent* time, definitely fix the issue with reachability to the lower stratum NTP servers. ntp.isc.org may have some pointers on public servers to try to connect.
there is no rest for the wicked yet the virtuous have no pillows
habyor
Occasional Advisor

Re: NTP - how to force synchronization without an association?

Hello,

thanks a lot to all of you who replied. What I want to achieve is to have
consistent (rather than correct) time across several servers.


The repepwd NTP server is Debian (Linux repepwd 2.6.24-22-server).


ntpq -c rv returns this:

assID=0 status=c011 sync_alarm, sync_unspec,
1 event, event_restart,
version="ntpd 4.2.4p4@1.1520-o Wed May 13 21:05:57 UTC 2009 (1)",
processor="i686", system="Linux/2.6.24-22-server", leap=11, stratum=16,
precision=-20, rootdelay=0.000, rootdispersion=952.620, peer=0,
refid=INIT, reftime=00000000.00000000 Thu, Feb 7 2036 7:28:16.000,
poll=6, clock=cecc9bc6.58cde28c Fri, Dec 11 2009 11:21:58.346, state=1,
offset=0.000, frequency=0.000, jitter=0.001, noise=0.001,
stability=0.000, tai=0


ntpq -c v returns this:

ntpq 4.2.4p4@1.1520-o Wed May 13 21:06:04 UTC 2009 (1)

There are no fudge settings in ntp.conf (only servers settings).

Tomek.
habyor
Occasional Advisor

Re: NTP - how to force synchronization without an association?

I have found another NTP server in our LAN, which seems to be working as it should.
After switching the HP-UX clients to this new server, everything is OK.

Once again, many thanks to all of you for your kind help.

Tomek.
mvpel
Trusted Contributor

Re: NTP - how to force synchronization without an association?

Tomek - for future reference:

In order to have your time consistent, if not correct, you need to configure at least one of your systems to use the local clock as a time source, like so:

server 127.127.1.1
fudge 127.127.1.1 stratum 10

The first line tells the NTP daemon to use the system's local clock as a time source, and the second line tells NTP that it should use "stratum 10" for the clock. (An atomic clock is stratum 0, and a server attached to an atomic clock is stratum 1.)

Needless to say, NTP will be able to associate with the local system clock, and then any other system which uses that machine as a server or peer will also be able to associate with it, at stratum 11, and will maintain the same time as the local clock on the first system.

You can set up a few different machines to use their local clocks, and set them as NTP "peers" - using the "peer" config line instead of "server" - which means that they'll negotiate with one another to find the best clock and choose that one as the server. Without an external time source, it won't be the correct time, but it will be a consistent time.

You never want to set a freewheeling local system clock to a low stratum number. If you later add a GPS/WWVB clock to your network, you don't want the free-spinning clock to compete with the authoritative clock - you want to be sure that NTP clients have a way of knowing that the stratum 0 GPS clock should always be used if it's available, instead of the freewheeling clock.

For correct time, you should look into SpectraCom or Brandywine Communications - they both offer standalone GPS-sourced Ethernet NTP appliances, 1U rack-mountable with available window-mount GPS antennas. They're not very expensive - maybe $1,000 to $2,000 a pop - and they're brain-dead simple and maintenance-free.
rick jones
Honored Contributor

Re: NTP - how to force synchronization without an association?

One more bit of advice, perhaps repeated.

One should "always" configure at least three independent time sources. This will, among other things:

1) provide redundancy/high availability
2) give NTP the ability to detect a "bad" time source
there is no rest for the wicked yet the virtuous have no pillows
BUPA IS
Respected Contributor

Re: NTP - how to force synchronization without an association?

Hello,
Sorry that I did not get back to you sooner. the reason I asked for the rv information was to get the release of NTP
Since you are running NTP 4.2 you should use the new orphan mode feature in the v 4.2 NTP server,
This removes the need to advertise the local hardware clock (unlees of course you have installed a high precsion one) it also avoids the situation where the server with a poor internal clock keeps swapping from internal to external sychronisation.
in my experience it is far superior to the local clock driver and fudge method
please replace these lines
server 127.127.1.1
fudge 127.127.1.1 stratum 10
and use
tos orphan 10
instead in the Server where 10 is the stratum this server becomes when it is orphaned .
I hope this helps
Mike
P.S. the full NTP documentaion can be found here
http://www.eecis.udel.edu/~mills/ntp/html/index.html
tos is decsribed here
http://www.eecis.udel.edu/~mills/ntp/html/miscopt.html#tos
Help is out there always!!!!!
mvpel
Trusted Contributor

Re: NTP - how to force synchronization without an association?

BUPA: Thanks for the tip! I wasn't aware of the orphan mode option.

http://support.ntp.org/bin/view/Support/OrphanMode

NTP versions prior to 4.2.4p5 [August 2008] and 4.2.5p101 [2009] will not start up properly in Orphan Mode unless at least one time source is configured in ntp.conf. If no time sources are specified the refid stays at .INIT. and the rootdispersion continually increases. This makes these versions unsuitable for use as stand alone Orphan Mode servers in a time island.

NTP versions after, and including, 4.2.5p101 will start up correctly in pure Orphan Mode.
========

Version 4.2.6 was just released on Saturday.