Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Trending KB Articles

470779813-660x454.jpg

Support Central: KB #3751: NTP Out-of-sync Error FAQ

What should I check when I see an NTP out-of-synchronization error? 

1. Check the status of the external NTP servers.

2. Issue the CLI command show ntp output to see which NTP servers are synchronizing time.

For example:

 

remote refid st t when poll reach delay offset jitter

==============================================================================

ff05::101 .MCST. 16 u - 64 0 0.000 0.000 4000.00

*example.site.co .PPS. 1 u 320 1024 377 1.955 -1.234 1.368

 


In this example, the NTP is syncing time with example.site.co. The asterisk symbol (*) represents the current NTP server with which it is syncing time. If the NTP service is out of sync, the asterik symbol (*) is on the LOCAL (127.127.0.1) clock.

 


See the knowledge base article Reading show ntp command outputs

 

 

 

What information should I look for in the output of the show ntp command?

 

  • Stratum indicates the stratum of the configured clock. Infoblox recommends that an external stratum 1 clock be configured as the NTP server. Other stratum clocks, such as stratum 2 or 3, can be configured as the NTP server when the Grid Member or Grid Master is blocked by the firewall and cannot reach the external stratum 1 clock.

 

  • Reach value represents the status of the last eight NTP transactions between the NTP daemon and a given remote time server in octet. This reach value should read 377. If it is not 377, run a traffic capture on the Grid Master or on the Grid Members that show NTP out of sync and see if there are responses from external NTP servers on UDP port 123.

 

  • Delay (Latency) is the delay between the Local clock (NIOS appliance) and the external NTP servers. Delay varies depending upon the distance and network latency of the external NTP server. Normally, the delay can be between 5-40 Milliseconds. Choose the server with the least possible delay before configuring NTP.

 

  • Offset is the time difference in milliseconds from the external NTP server and local clock. Offset value more than 300 seconds (300,000 milliseconds) need a step change which need the ntpdate command,ntpdate command is executed during product restart. If you notice offset more than 300 seconds, please consider doing a product restart. Please see the knowledge base article Adjusting the NTP Offset in NIOSfor more information.

For more information, see the knowledge base article Reading show ntp command outputs.

 


What can I do when I cannot sync with NTP, even when the NTP source is reachable and has less offset
?

 

 

In  NIOS 6.7.0 and in later NIOS versions:

 

When the reach value and offset parameters are normal and the NIOS NTP service is still not synchronizing with the external source:

1. Run the CLI command set maintenancemode.

2. Run the CLI command show ntpstatus. 

3. Check the show ntpstatus output for the "root dispersion" for the source clocks. If the "root dispersion" exceeds 1000 milliseconds, the NIOS NTP service ignores the NTP source clock.

 


Why does an Infoblox Grid Master or Grid Member take a long time to adjust the offset?

 

 

When the offset is less than 300,000 milliseconds, the NTP server takes awhile to sync time with the external source. The length of time it needs depends on the offset value.

 

  • If the offset is less than 300,000 milliseconds, the NTP service uses a gradual phase method, called the slew method, to reduce the offset of the local clock to zero (0). The slew method takes long time to adjust the local clock--it might take as long as 1-2 days to make the offset reach zero (0) or as close to zero as possible.
  • If the offset is greater than 300,000 milliseconds, the offset cannot be adjusted using the slew method. Instead, NIOS NTP uses the step change method to adjust offsets greater than 300,000 milliseconds. Restarting NIOS triggers the ntpdate command. The ntpdate command is called to set time, so Infoblox recommends using the product restart when the offset is greater than 300,000 milliseconds. 

    For more information, see the knowledge base article Adjusting the NTP Offset in NIOS.

 

 


Why am I seeing frequent stratum changes as the clock loops between all of the configured NTP servers?

 

 

When you notice that NTP is looping between all the configured NTP servers, verify whether the configured NTP servers synchronize their time from the same source. Check all of the refids from the show ntp output for the configured NTP servers.

 

Logs:

 

 

info system event 'event_peer/strat_chg' (0x04) status 'leap_none, sync_ntp, 4 events, event_sync_chg' (0x643)

info synchronized to LOCAL(1), stratum 14

info system event 'event_peer/strat_chg' (0x04) status 'leap_none, sync_ntp, 7 events, event_peer/strat_chg' (0x674)

info synchronized to 10.192.32.4, stratum 13

info system event 'event_peer/strat_chg' (0x04) status 'leap_none, sync_ntp, 7 events, event_peer/strat_chg' (0x674)

info synchronized to 10.192.32.10, stratum 13

 



Why am I seeing "NTP out of sync errors" only on vNIOS appliances?

 

 

Verify whether there is a pattern when the NTP goes out of sync. It is possible that vNIOS goes out of syncwhen a VM snapshot is taken. VNIOS may also go out of sync during vMotion (moving the vNIOS from one ESXI server to other), as vMotion may cause local clocks to differ in time.

 


How can I verify whether the configured external NTP source is causing problems in time sync?

 

 

Issue the CLI command show ntp four or more times in a 15 minute interval to show whether the offset is gradually growing. In a normal NTP time sync, the offset should decrease gradually as the NTP program tries to slew down the time difference. If we find that the external clock offset is gradually growing, consider configuring another external NTP source to confirm whether the issue is with the currently configured NTP source.

 

 


How can I choose the best external NTP servers for time sync?

 

 

Infoblox recommends that you configure stratum 1 external NTP servers.

 

Before deciding to use a specific NTP server, ping the external NTP server from the NIOS appliance or from another system which is part of the same network segment. Select the server with the lowest latency to avoid delays in time synchronization.

 


For more information, see:

http://tf.nist.gov/tf-cgi/servers.cgi\

http://support.ntp.org/bin/view/Servers/StratumOneTimeServers

 

 


Why am I seeing frequency exceeded errors in the logs?

 

 

These log messages are displayed when the time computed by NTPD and the time reported by the system's internal clock exceed 500 PPM.

The frequency stability of an electronic oscillator component can be measured in ppm, one parts-per-million is 0.0001% (IE-6). Even an error of only 0.001% causes a clock to be off by almost one second per day. If the difference exceeds 500 parts-per-million (0.0005%) over the synchronization interval, the log frequency exceeded message appears in the logs.

 

 


Why does the Grid Member restart and log the message, "System restart: time reset.."?

 

 

When the Grid Member joins the Grid Master and the time difference between Grid Member and the Grid Master is more than 60 seconds, then Grid Member restarts to adjust time with Grid Master and logs: "System restart: time reset...".

 

We also recommend you view this Support Central blog for additional information

Showing results for 
Search instead for 
Did you mean: