000033603 - How to troubleshoot a time drive/NTP server that is not updating time

Document created by RSA Customer Support Employee on Jul 25, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000033603
Applies ToRSA Product Set: RSA Governance and Lifecycle, Identity Management and Governance
O/S Version: SuSE Enterprise/Red Hat Enterprise Server
 
TasksThis article gives some tips on testing and configuring NTP for time synchronization.
ResolutionThere are a lot of commands that can be used to check your current time.  These include:
  • hwclock: This will show you the motherboard's clock value
  • date: This will show you the server's time, with the timezone offset applied.
  • date -u: This will show you what the server time is in GMT / UTC time.
  • ls -l /etc/localtime: This will often show a soft link to a file under the /usr/share/zoneinfo path.
The commands listed above are good for looking at what the current time is, but if you want to automate the time being correct you would configure NTP.
NTP configuration is stored within the /etc/ntp.conf file.  The entries of interest are the lines that start with server for instance:
server time.nist.gov

After you make changes to the ntp.conf you need to restart the daemon for the changes to be re-read.
example:
  • For SuSE:
service ntp restart

  • For Red Hat
service ntpd restart

To check to see if the server is reachable you would run the commands:
# ntpq -n
ntpq> as
ntpq> pe

Here is what the output looks like:
User-added image

In the as output above, the #1 server is the first in the ntp.conf, it is local and it is reachable.
The second server is the second "server" entry in the ntp.conf but is web based and not reachable.
The pe command not only shows that the server was queried, but it also gives some information into the offset of how far off this system's time is in comparison to the NTP server's time.
If none of your servers are reachable, but you have a Windows domain that is reachable, most Windows domain controllers answer to NTP time requests.  You can add a server line for one or more servers, restart the service, then attempt the ntpq commands to verify connectivity.

Attachments

    Outcomes