000039179 - NTP on SUSE 12 does not synchronize in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jul 28, 2020Last modified by RSA Customer Support Employee on Jul 28, 2020
Version 2Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000039179
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.x, 7.2.x
O/S Version: SUSE Linux Enterprise Server (SLES) 12
 
IssueNetwork Time Protocol (NTP) on the RSA Identity Governance & Lifecycle application server is not synchronizing to an NTP server even after restarting the ntpd service.

SYMPTOMS:
  1. Login to the server as root and execute the following commands:
  2. Run the timedatectl command. Note that NTP is not synchronized.


# timedatectl
      Local time: Tue 2020-07-28 14:57:40 EDT
  Universal time: Tue 2020-07-28 18:57:40 UTC
        RTC time: Tue 2020-07-28 18:59:05
       Time zone: America/New_York (EDT, -0400)
 Network time on: no
NTP synchronized: no
 RTC in local TZ: no


  1. Run the ntptime command. Note the UNSYNC status.


# ntptime
ntp_gettime() returns code 5 (ERROR)
  time e2caf276.26eb0000  Tue, Jul 28 2020 14:52:38.152, (.152023),
  maximum error 16000000 us, estimated error 16000000 us, TAI offset 0
ntp_adjtime() returns code 5 (ERROR)
  modes 0x0 (),
  offset 0.000 us, frequency 0.000 ppm, interval 1 s,
  maximum error 16000000 us, estimated error 16000000 us,
  status 0x41 (PLL,UNSYNC),
  time constant 7, precision 1.000 us, tolerance 500 ppm,


  1. View the ntp log file and note the clock is unsynchronized. This message is logged every time the ntpd service is restarted.


# cat /var/log/ntp | grep Clock
28 Jul 14:49:27 ntpd[13176]: kernel reports TIME_ERROR: 0x4041: Clock Unsynchronized
28 Jul 14:49:27 ntpd[13176]: kernel reports TIME_ERROR: 0x4041: Clock Unsynchronized
28 Jul 14:50:22 ntpd[13260]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
28 Jul 14:50:22 ntpd[13260]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized


 
CauseSystemD has its own time synchronization service called systemd-timesyncd that gets installed by SUSE12. This problem occurs when SystemD has not been configured.
 
ResolutionTo resolve this issue, SystemD needs to be configured and restarted.
  1. Login as root and execute the following script:


if grep -q '^#NTP=' /etc/systemd/timesyncd.conf; then
    NTP_SERVER=$(grep --max-count=1 server /etc/ntp.conf | awk '{ print $2 }')
    [ -n "$NTP_SERVER" ] && sed -i "s/^#NTP=.*/NTP=$NTP_SERVER/" /etc/systemd/timesyncd.conf
    service systemd-timesyncd restart
fi


The above script does the following:



  1. Configures SystemD by copying the name of the remote NTP server from /etc/ntp.conf into /etc/systemd/timesyncd.conf which is the SystemD service.
  2. Restarts the SystemD service.

Once the script has executed, NTP will report as synchronized.


  1. Run the timedatectl command again to verify NTP is now syncrhonized.  


# timedatectl
      Local time: Tue 2020-07-28 14:57:40 EDT
  Universal time: Tue 2020-07-28 18:57:40 UTC
        RTC time: Tue 2020-07-28 18:59:05
       Time zone: America/New_York (EDT, -0400)
 Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no


  1. Run the systemd-timesyncd status command to observe the NTP time server. Note the Status line in the output.


# service systemd-timesyncd status
....
Status: "Synchronized to time server <IP address> (name of NTP server)."


 
Notes
  • The ntpd daemon performs two functions:

  1. It keeps the machine time updated, and
  2. Provides NTP services for any other client such as Oracle which tries to detect if the machine is not synched with the global time.

  • The timesyncd service is a built-in SystemD service that only synchronizes the local system clock with a remote Network Time Protocol server. It is just an NTP client and is not a replacement for the NTP server.
  • As long as both services pull time from the same NTP source, it is fine to run them in parallel.

Attachments

    Outcomes