000036335 - How to verify NTP server synchronization is not working in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on May 31, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036335
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 or later
IssueRSA Authentication Manager generates events when a NTP error occurs.  These include:  

Critical Event Notifications 

Attention! The following critical system event occurred: 
Not able to sync time. Either the NTP service is not running or unable to sync time from the NTP server.

System Activity Report

System Time Synchronization Configuration Check,"Checking configuration for System Time Synchronization.
Warning,All NTP Servers are unavailble - potential for significant system time drift,SYSTEM,,,,,ALL_NTP_SERVERS_UNVAILABLE

The following article provides some Linux commands to verify the status of the NTP sync function.
ResolutionThis article is to assist customers and support personnels to find where the NTP related problem lies and to direct troubleshooting effort to the right areas.
  1. Login the Authentication Manager primary via an SSH session or direct connection.
  2. Starting with ntpq commands, the primary server returns offsets value of 105426 ms, which is about two minutes off. 

See knowledge article 000030528 - Unable to check NTP status using ntpq -p command on RSA Authentication Manager 8.

How to allow to run ntpq command

  1. Run ntpq -n to enable a DNS lookup of the NTP server:

[am83p ~]# ntpq -n
ntpq> as
ntpq> pe

      offset value

Note that restarting the ntp service doesn't help resolve the issue; that is, sudo service ntp restart in the SSH session.

  1. The command ntpdc identifies the problem with the time source(s):

[am83p ~]# ntpdc -c kerninfo 
pll offset: 0 s 
pll frequency: 27.220 ppm 
maximum error: 0.884516 s 
estimated error: 1.6e-05 s 
status: 2040 unsync nano 
pll time constant: 0 
precision: 1e-09 s 
frequency tolerance: 500 ppm

  1. And the ntptime command agrees with the ntpdc command output:

[am83p ~]# ntptime 
ntp_gettime() returns code 5 (ERROR) 
time d260f02f.d3c9039c Wed, May 2 2018 14:17:17.573, (.571058557), 
maximum error 927516 us, estimated error 16 us, TAI offset 0 
ntp_adjtime() returns code 5 (ERROR) 
modes 0x0 (), 
offset 0.000 us, frequency 27.220 ppm, interval 1 s, 
maximum error 927516 us, estimated error 16 us, 
status 0x2040 (UNSYNC,NANO), 
time constant 0, precision 0.001 us, tolerance 500 ppm,

The output in red indicates that there is an issue synchronizing with the time source(s). 


RSA Support may assist in finding a problem with NTP in an environment; however, it is not RSA Support's scope to troubleshoot its errors. It is the customer's responsibility to provide reliable time sources and their paths to the RSA Authentication Manager server(s). System Administrators may look into their firewall rules or fetch another reliable time source to resolve the issue.