How to verify NTP server synchronization is not working in RSA Authentication Manager 8.x
RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.1 or later
RSA Authentication Manager generates events when a NTP error occurs. These include:
Critical Event Notifications
Attention! The following critical system event occurred:
Not able to sync time. Either the NTP service is not running or unable to sync time from the NTP server.
System Activity Report
System Time Synchronization Configuration Check,"Checking configuration for System Time Synchronization.
Warning,All NTP Servers are unavailble - potential for significant system time drift,SYSTEM,,,,,ALL_NTP_SERVERS_UNVAILABLE
The following article provides some Linux commands to verify the status of the NTP sync function.
This article is to assist customers and support personnels to find where the NTP related problem lies and to direct troubleshooting effort to the right areas.
Login the Authentication Manager primary via an SSH session or direct connection.
Starting with ntpq commands, the primary server returns offsets value of 105426 ms, which is about two minutes off.
Run ntpq -n to enable a DNS lookup of the NTP server:
[am83p ~]# ntpq -n
Note that restarting the ntp service doesn't help resolve the issue; that is, sudo service ntp restart in the SSH session.
The command ntpdc identifies the problem with the time source(s):
[am83p ~]# ntpdc -c kerninfo
pll offset: 0 s
pll frequency: 27.220 ppm
maximum error: 0.884516 s
estimated error: 1.6e-05 s
status: 2040 unsync nano
pll time constant: 0
precision: 1e-09 s
frequency tolerance: 500 ppm
And the ntptime command agrees with the ntpdc command output:
[am83p ~]# ntptime
ntp_gettime() returns code 5 (ERROR)
time d260f02f.d3c9039c Wed, May 2 2018 14:17:17.573, (.571058557),
maximum error 927516 us, estimated error 16 us, TAI offset 0
ntp_adjtime() returns code 5 (ERROR)
modes 0x0 (),
offset 0.000 us, frequency 27.220 ppm, interval 1 s,
maximum error 927516 us, estimated error 16 us,
status 0x2040 (UNSYNC,NANO),
time constant 0, precision 0.001 us, tolerance 500 ppm,
The output in red indicates that there is an issue synchronizing with the time source(s).
RSA Support may assist in finding a problem with NTP in an environment; however, it is not RSA Support's scope to troubleshoot its errors. It is the customer's responsibility to provide reliable time sources and their paths to the RSA Authentication Manager server(s). System Administrators may look into their firewall rules or fetch another reliable time source to resolve the issue.