cancel
Showing results for 
Search instead for 
Did you mean: 

NTPDATE - Help please

SOLVED
Go to solution
BiancaP.
Frequent Advisor

NTPDATE - Help please

I am trying to configure a NTPDATE in my server. But i can't.
With this command:

[root@lab1 sbin]# ntpdate -qv clock2.redhat.com
I didn't get any answer.

But ntpdate is running in my server.
[root@lab1 sbin]# /sbin/service ntpd status
ntpd (pid 8962 8959) is running...


this command:
[root@lab1 sbin]# /usr/sbin/ntpq
ntpq> peer
localhost.localdomain: timed out, nothing received
***Request timed out


The /etc/ntp.conf
:

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.

restrict default nomodify notrap noquery

# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1


# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service. Do not permit those systems to modify the
# configuration of this service. Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap


restrict 172.27.109.42 mask 255.255.255.0 nomodify notrap

# --- OUR TIMESERVERS -----
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org


restrict 66.187.224.4 mask 255.255.255.255 nomodify notrap noquery
# The server listed below is clock2.redhat.com
server 66.187.224.4

# --- NTP MULTICASTCLIENT ---
#multicastclient # listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap



# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
#server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10


#
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /var/lib/ntp/drift
broadcastdelay 0.008

#
# Keys file. If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
keys /etc/ntp/keys



Any help ?????????
33 REPLIES
Ivan Ferreira
Honored Contributor

Re: NTPDATE - Help please

First of all, you cannot run the ntpdate with the ntpd service started. You must stop the ntpd service and then run ntpdate.

If you don't receive any answer, probably your system is firewalled, check your firewall status.

¿What distro are you using?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
BiancaP.
Frequent Advisor

Re: NTPDATE - Help please

hmmm

I stop to the command.

I am using Red Hat.

So... what can i do to resolve this firewall problem? =P

thanks!!
Ivan Ferreira
Honored Contributor

Re: NTPDATE - Help please

Try with:

service ntpd stop
service iptables stop
ntpdate -b
service ntpd start
ntpq -pn
chkconfig iptables off
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Jeeshan
Honored Contributor

Re: NTPDATE - Help please

in /etc/ntp.conf file put only the lines

restrict default nomodify notrap noquery
restrict 127.0.0.1
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
and along trhe above lines put only the ntp server name like

server x.x.x.x

and then put your ntp server's ip address in /etc/ntp/step-tickers file.

now all set. start the ntp service and check.
a warrior never quits
BiancaP.
Frequent Advisor

Re: NTPDATE - Help please

I did everthing you said but didn't work;

[root@lab1 media]# /etc/init.d/ntpd start
ntpd: Synchronizing with time server: [FAILED]
Starting ntpd:


[root@lab1 media]# /etc/init.d/ntpd status
ntpd (pid 19488 19487 19464 19461) is running...



I think is some firewall problem. (someone already said this...)
But what can i do to solve?

Thanks
BiancaP.
Frequent Advisor

Re: NTPDATE - Help please

more information:

[root@lab1 /]# ping 66.187.224.4
PING 66.187.224.4 (66.187.224.4) 56(84) bytes of data.
From 172.27.109.3 icmp_seq=0 Packet filtered
From 172.27.109.3 icmp_seq=1 Packet filtered
From 172.27.109.3 icmp_seq=3 Packet filtered
From 172.27.109.3 icmp_seq=4 Packet filtered

is some firewall problem???

what can i do to solve????
Jeeshan
Honored Contributor

Re: NTPDATE - Help please

yes, the symptomp says the time server has firewall or your gateway has firewall.
a warrior never quits
Court Campbell
Honored Contributor

Re: NTPDATE - Help please

Just an added note. You also might what to run

chkconfig ntpd on

That won't solve your connection issue, but the daemon will start after boot up.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
BiancaP.
Frequent Advisor

Re: NTPDATE - Help please

Ok.... i know that exist a firewall... but what can i do to solve???
Court Campbell
Honored Contributor

Re: NTPDATE - Help please

Have a network admin open udp port 123 to the server(2) where you are going to get time from. Also, have you thought about using a local server on your same network for time?
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Court Campbell
Honored Contributor

Re: NTPDATE - Help please

That should have been server(s).
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
BiancaP.
Frequent Advisor

Re: NTPDATE - Help please

I discover what happen.
There is a firewall blocking any external site that i try to ping:

[root@lab1 ~]# ping www.uol.com.br
PING www.uol.com.br (200.221.2.45) 56(84) bytes of data.
From router-virtual.sao-paulo.axalto.com (172.27.109.3) icmp_seq=1 Packet filtered
From router-virtual.sao-paulo.axalto.com (172.27.109.3) icmp_seq=2 Packet filtered

They tell to me that i can't enter in any external site.

Is there anything i can do to solve this problem ??

Or just who have access to this firewall can do something??

thanks!
BiancaP.
Frequent Advisor

Re: NTPDATE - Help please

>>> Also, have you thought about using a local server on your same network for time?


what local server?
i have problem with the host and the vmwares, the time is always different.
So, my idea is configure a ntpdate in host, and the vmwares get the same time.
Court Campbell
Honored Contributor
Solution

Re: NTPDATE - Help please

>> what local server?

Umm, a server that you have available to pull time from. Prefereably the vmware host at this point.

>> i have problem with the host and the vmwares, the time is always different.

If I remember corecctly there is an option in vmware guests to get their time from the host.

>> So, my idea is configure a ntpdate in host, and the vmwares get the same time.

You wouldn't configure ntpdate. You would setup and configure ntpd.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
BiancaP.
Frequent Advisor

Re: NTPDATE - Help please

>>>If I remember corecctly there is an option in vmware guests to get their time from the host.

Hm... do you know where is this option?

>>>You wouldn't configure ntpdate. You would setup and configure ntpd.

hmmm.. ok.. thanks
Court Campbell
Honored Contributor

Re: NTPDATE - Help please

It's been awhile, but I would start here:

http://www.vmware.com/pdf/vmware_timekeeping.pdf
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Rob Leadbeater
Honored Contributor

Re: NTPDATE - Help please

Hi,

If you can't get out to the real world to interrogate an NTP server, you either need to find one that already exists on the internal network, or configure one of your machines to be an NTP server.

You might find that your network people have got NTP running on your routers or firewalls, that you can point your machines at.

If not, then you need to make one of your machines the master NTP server, and then point all of the other machines at it. It doesn't really matter to VMware if the real time isn't used, just that all the machines have the same time...

Hope this helps,

Regards,

Rob
BiancaP.
Frequent Advisor

Re: NTPDATE - Help please

I got an internal IP to configure the ntp server... when i ping is everthing ok...


when i configure a vmware in my server is everthing ok:

[root@static-109 ~]# ntpdate 172.27.109.56
25 Jun 10:45:30 ntpdate[5376]: step time server 172.27.109.56 offset 6649.680474 sec

but when i try to configure my server, i cant:


[root@lab1 ~]# ntpdate 172.27.109.56
[root@lab1 ~]#
[root@lab1 ~]#
[root@lab1 ~]#
[root@lab1 ~]# ntpq -pn
localhost.localdomain: timed out, nothing received
***Request timed out
[root@lab1 ~]# ntpdc -nc reslist
localhost.localdomain: timed out, nothing received
***Request timed out
[root@lab1 ~]# service ntpd status
ntpd (pid 23741 23739) is running...
[root@lab1 ~]#

netstat -tuna


udp 0 0 172.27.109.42:123 0.0.0.0:*
udp 0 0 172.27.109.42:123 0.0.0.0:*
udp 0 0 127.0.0.1:123 0.0.0.0:*
udp 0 0 0.0.0.0:123 0.0.0.0:*
udp 0 0 :::123 :::*

(ok)

my ntp.conf is ok too..

Any idea to my problem?????
BiancaP.
Frequent Advisor

Re: NTPDATE - Help please

more information:


[root@lab1 ~]# ntptrace 172.27.109.56
printer-056.sao-paulo.axalto.com: stratum 3, offset -0.053243, synch distance 0.213080
/usr/sbin/ntpq: read: No route to host
Court Campbell
Honored Contributor

Re: NTPDATE - Help please

what is lab1? Is it a guest or the host? And is this esx server?
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
BiancaP.
Frequent Advisor

Re: NTPDATE - Help please

>>>what is lab1? Is it a guest or the host? And is this esx server?

lab1 is the host.

no... is a HP DL 380 server with Red Hat.
BiancaP.
Frequent Advisor

Re: NTPDATE - Help please

i am sorry.... i have vmware server
Court Campbell
Honored Contributor

Re: NTPDATE - Help please

on lab1, check that that the firewall isn't creating the issue. you can run

# service iptables status

to see if it is running, if so run

# service iptables stop

If you want to run the firewall you will need to edit the firewall rules to allow udp port 123 outbound. And then run "service iptables save". Otherwise you can turn off the firewall at next reboot by running

# chkconfig iptbales off

But, I'll leave that decision to you.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Court Campbell
Honored Contributor

Re: NTPDATE - Help please

I've been looking through the responses and I am curious if you have your network properties setup on lab1 correctly. Maybe you fat fingered the netmask, or gateway, or something. You might start there next if the firewall is not the issue.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"