Article Number
000039179
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.x, 7.2.x
O/S Version: SUSE Linux Enterprise Server (SLES) 12
Issue
Network Time Protocol (NTP) on the RSA Identity Governance & Lifecycle application server is not synchronizing to an NTP server even after restarting the
ntpd service.
SYMPTOMS:
- Login to the server as root and execute the following commands:
- Run the timedatectl command. Note that NTP is not synchronized.
# timedatectl
Local time: Tue 2020-07-28 14:57:40 EDT
Universal time: Tue 2020-07-28 18:57:40 UTC
RTC time: Tue 2020-07-28 18:59:05
Time zone: America/New_York (EDT, -0400)
Network time on: no
NTP synchronized: no
RTC in local TZ: no
- Run the ntptime command. Note the UNSYNC status.
# ntptime
ntp_gettime() returns code 5 (ERROR)
time e2caf276.26eb0000 Tue, Jul 28 2020 14:52:38.152, (.152023),
maximum error 16000000 us, estimated error 16000000 us, TAI offset 0
ntp_adjtime() returns code 5 (ERROR)
modes 0x0 (),
offset 0.000 us, frequency 0.000 ppm, interval 1 s,
maximum error 16000000 us, estimated error 16000000 us,
status 0x41 (PLL,UNSYNC),
time constant 7, precision 1.000 us, tolerance 500 ppm,
- View the ntp log file and note the clock is unsynchronized. This message is logged every time the ntpd service is restarted.
# cat /var/log/ntp | grep Clock
28 Jul 14:49:27 ntpd[13176]: kernel reports TIME_ERROR: 0x4041: Clock Unsynchronized
28 Jul 14:49:27 ntpd[13176]: kernel reports TIME_ERROR: 0x4041: Clock Unsynchronized
28 Jul 14:50:22 ntpd[13260]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
28 Jul 14:50:22 ntpd[13260]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Cause
SystemD has its own time synchronization service called systemd-timesyncd that gets installed by SUSE12. This problem occurs when SystemD has not been configured.
Resolution
To resolve this issue,
SystemD needs to be configured and restarted.
- Login as root and execute the following script:
if grep -q '^#NTP=' /etc/systemd/timesyncd.conf; then
NTP_SERVER=$(grep --max-count=1 server /etc/ntp.conf | awk '{ print $2 }')
[ -n "$NTP_SERVER" ] && sed -i "s/^#NTP=.*/NTP=$NTP_SERVER/" /etc/systemd/timesyncd.conf
service systemd-timesyncd restart
fi
The above script does the following:
- Configures SystemD by copying the name of the remote NTP server from /etc/ntp.conf into /etc/systemd/timesyncd.conf which is the SystemD service.
- Restarts the SystemD service.
Once the script has executed, NTP will report as synchronized.
- Run the timedatectl command again to verify NTP is now syncrhonized.
# timedatectl
Local time: Tue 2020-07-28 14:57:40 EDT
Universal time: Tue 2020-07-28 18:57:40 UTC
RTC time: Tue 2020-07-28 18:59:05
Time zone: America/New_York (EDT, -0400)
Network time on: yes
NTP synchronized: yes
RTC in local TZ: no
- Run the systemd-timesyncd status command to observe the NTP time server. Note the Status line in the output.
# service systemd-timesyncd status
....
Status: "Synchronized to time server <IP address> (name of NTP server)."
Notes
- The ntpd daemon performs two functions:
- It keeps the machine time updated, and
- Provides NTP services for any other client such as Oracle which tries to detect if the machine is not synched with the global time.
- The timesyncd service is a built-in SystemD service that only synchronizes the local system clock with a remote Network Time Protocol server. It is just an NTP client and is not a replacement for the NTP server.
- As long as both services pull time from the same NTP source, it is fine to run them in parallel.
