1823920 Members
3091 Online
109667 Solutions
New Discussion юеВ

NTP Configuration

 
Sanjiv Sharma_1
Honored Contributor

NTP Configuration

Hi,

I have two Datacenter with 20 hp-ux servers each about 5 km away.

I have configured NTP for all the hpux server in both the datacenter. From the Dataceter A the ntp is working fine. But in the datacenter B the ntp is not working.

NTP Server user is the same for both the datacenter.

Entry made in /etc/ntp.conf
server abc.xyz.com
driftfile /etc/ntp.drift

Entry made in /etc/rc.config.d/netdaemons
export NTPDATE_SERVER=abc.xyz.com
export XNTPD=1
export XNTPD_ARGS="-c /etc/ntp.conf"

When I start ntp in DC B I get the following message: # /sbin/init.d/xntpd start
4 Dec 09:51:19 ntpdate[2934]: no server suitable for synchronization found

When I start ntp in DC A I get the following message: # /sbin/init.d/xntpd start
4 Dec 09:58:37 ntpdate[23852]: step time server 15.85.40.172 offset -0.000698 s
ec

From all the servers in DC A and B I am able to ping abc.xyz.com and even do nslookup for abc.xyz.com with hostname and IP address.

What could be the problem?

Thanks,
Everything is possible
5 REPLIES 5
steven Burgess_2
Honored Contributor

Re: NTP Configuration

Hi Sanjiv

The only thing that springs to mind at the moment is that your blocking requests via a firewall to abc.xyz.com, ping however is not blocked ??

just a suggestion

HTH

Steve
take your time and think things through
Sanjiv Sharma_1
Honored Contributor

Re: NTP Configuration

Hi Steven,

What needs to be done? Which services needs to be enabled and where?

Thanks,

Everything is possible
steven Burgess_2
Honored Contributor

Re: NTP Configuration

Hi Sanjiv

well..

ntp communicates on port 123

ntp 123/udp # Network Time Protocol

Have a chat with your network admin and request he checks that requests via this port aren't blocked through the firewall between each subnet

HTH

Steve
take your time and think things through
Steven E. Protter
Exalted Contributor

Re: NTP Configuration

This is almost certainly a firewall problem.

You can check this with a telnet hostname 123 between a machine in section a to a machine in seciton b.

If you get connection refused, its a firewall issue.

It could be a problem with ipfilter configuration on the servers in section b. Its quite easy to foul that up and block access on port 123 yourself.

Thats where I'd check first.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Bill Hassell
Honored Contributor

Re: NTP Configuration

There are router/gateways between your systems and the rest of the network. Port 123 must be open or you will get no response, even if ping and telnet work to the NTP server. Before you try to start xntpd, test the availability of your NTP server with ntpq -p as in:

ntpq -p abc.xyz.com

If you get a timeout or connection refused, contact your networking admins to open the port. You may be pleasantly surprised that your company's firewall has a built-in NTP that can be synchronized to better than 128ms accuracy and provide time services to every computer (even PCs). But use ntpq -p to see if the NTP server is availab le.


Bill Hassell, sysadmin