000018158 - How to use NTP (network time provider) in an RSA ACE/Server environment

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018158
Applies ToRSA Authentication Manager
RSA ACE/Server
RSA ACE/Server Replica
NTP (Network Time Provider)
UNIX (AIX, HP-UX, Solaris)
IssueHow to use NTP (network time provider) in an RSA ACE/Server environment
ResolutionUsing NTP (Network Time Provider) in an RSA ACE/Server environment is an excellent way to keep the ACE/Server system clock in sync so authentication can work properly.
NOTE: While it is a good idea to run NTP on a Primary ACE/Server, it is a not recommended that you run it on a Replica ACE/Server; it's best to let the Replica receive the correct time from the Primary. The ACE/Server Primary will communicate continually with the Replica machine to coordinate the time so the two are in sync; this time sync occurs once every 24 hours. Putting NTP on the Replica will interfere with the built-in time synchronization that occurs between a Primary and Replica ACE/Server.
NOTE: Please be aware that turning on NTP on a server that is not already set to UCT may create a situation where all authentication fails. If the difference in the correct time and the ACE/Server's is large, it's recommended that you get a utility called setsyncint from RSA Security Customer Support to help remedy this situation. If the time difference is slight but significant, you could slowly adjust your time to UCT (moving it about 1 minute per week) until you get your ACE/Server time in sync with UCT.
Legacy Article ID6.0.1868869.2794894