Solved

Help ! Debian time drifting badly

Posted on 2006-10-22
16
749 Views
Last Modified: 2010-03-17
We have debian running as a VMWARE machine.
Have installed NTP and NTPDATE  and started both
Using the Linux date command - the time is drifting badly - 15mins in an hour

The VMWARE-host is running Windows Server 64bit and is keeping perfect time

! Help !

Thanks dave
0
Comment
Question by:davesneilson
  • 8
  • 8
16 Comments
 
LVL 5

Expert Comment

by:kyle_in_taiwan
ID: 17783442
It sounds like your NTP has been misconfigured somehow;  what it sounds like is happening is that it's misreading the time and pushing the clock to compensate for what it sees as an inaccurate clock.  What NTP does is gradually synchronize with web-based clocks (as opposed to simply resetting the time);  this is so that it can protect timer-senstive scripts from damage or undiscovered bugs.

One possibility is that you're using 12 hour time but with your AM and PM flags mis-configured.  Is the server using 24 hour or 12 hour time displays?  (i.e. -- does it say "14:30" or "2:30PM"?)

If your system clock is on AM when it should be on PM, then it could be that NTP is trying to gradually synchrnoize a 12 hour inaccuracy and thus your clocks are slowly moving through a drawn-out adjustment period.
0
 
LVL 1

Author Comment

by:davesneilson
ID: 17785856
Thanks Kyle - it seems to be using 24 Hour  -

CONSOLE OUTPUT
Last login: Sun Oct 22 20:58:43 2006 from 192.168.0.103
spamshield:~# date
Mon Oct 23 05:56:04 NZDT 2006
spamshield:~#

NTP.CONF
# /etc/ntp.conf, configuration for ntpd

# ntpd will use syslog() if logfile is not defined
#logfile /var/log/ntpd

driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example


# pool.ntp.org maps to more than 100 low-stratum NTP servers.
# Your server will pick a different set every time it starts up.
#  *** Please consider joining the pool! ***
#  ***  <http://www.pool.ntp.org/#join>  ***
server pool.ntp.org
server ntp.massey.ac.nz
server ntp.public.otago.ac.nz
server tk1.ihug.co.nz
server ntp.iprolink.co.nz
server 192.168.0.100  #this is a windows based time server on the LAN

#server pool.ntp.org
## uncomment for extra reliability

# ... and use the local system clock as a reference if all else fails
# NOTE: in a local network, set the local stratum of *one* stable server
# to 10; otherwise your clocks will drift apart if you lose connectivity.
server 127.127.1.0
fudge 127.127.1.0 stratum 13

# By default, exchange time with everybody, but don't allow configuration.
# See /usr/share/doc/ntp-doc/html/accopt.html for details.
restrict default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1 nomodify

# Clients from this (example!) subnet have unlimited access,
# but only if cryptographically authenticated
#restrict 192.168.123.0  mask  255.255.255.0 notrust

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet,
# de-comment the next lines. Please do this only if you trust everybody
# on the network!
#disable auth
#broadcastclient




0
 
LVL 1

Author Comment

by:davesneilson
ID: 17785872
Kyle - if the follwing is executed, the time is set correctly for a little while...

spamshield:/etc# /etc/init.d/ntpdate  start
Running ntpdate to synchronize clock.
spamshield:/etc# date
Mon Oct 23 13:33:20 NZDT 2006   #### Kyle this is the correct time, but does not last long !
spamshield:/etc#


Thanks... Dave
0
 
LVL 5

Expert Comment

by:kyle_in_taiwan
ID: 17786459
Have you checked the logs?  You should definitely check out /var/lib/ntp/ntp.drift.  

Type:

$ grep ntp /var/log/syslog

and show us what gets returned.

(If you'd prefer, you could uncommment the logfile in your configuration and restart ntp:  /var/log/ntpd)

0
 
LVL 1

Author Comment

by:davesneilson
ID: 17786592
Hi Kyle - here they are -


/var/lib/ntp/ntp.drift.  = 0.00

$ grep ntp /var/log/syslog =

Oct 22 19:37:47 localhost ntpdate[18305]: step time server 64.34.193.47 offset 157232.003408 sec
Oct 22 19:39:22 localhost ntpdate[18310]: step time server 64.34.193.47 offset 45.278808 sec
Oct 22 19:40:16 localhost ntpd[17938]: sendto(80.74.64.1): Bad file descriptor
Oct 22 19:40:16 localhost ntpd[17938]: sendto(192.168.0.100): Bad file descriptor
Oct 22 19:42:46 localhost ntpd[18357]: ntpd 4.2.0a@1:4.2.0a+stable-2-r Fri Aug 26 10:30:12 UTC 2005 (1)
Oct 22 19:42:46 localhost ntpd[18357]: precision = 2.000 usec
Oct 22 19:42:46 localhost ntpd[18357]: Listening on interface wildcard, 0.0.0.0#123
Oct 22 19:42:46 localhost ntpd[18357]: Listening on interface wildcard, ::#123
Oct 22 19:42:46 localhost ntpd[18357]: Listening on interface lo, 127.0.0.1#123
Oct 22 19:42:46 localhost ntpd[18357]: Listening on interface eth0, 192.168.1.20#123
Oct 22 19:42:46 localhost ntpd[18357]: kernel time sync status 0040
Oct 22 19:42:46 localhost ntpd[18357]: frequency initialized 0.000 PPM from /var/lib/ntp/ntp.drift
Oct 22 19:43:15 localhost ntpd[18357]: ntpd exiting on signal 15
Oct 22 19:43:19 localhost ntpd[18368]: ntpd 4.2.0a@1:4.2.0a+stable-2-r Fri Aug 26 10:30:12 UTC 2005 (1)
Oct 22 19:43:19 localhost ntpd[18368]: precision = 3.000 usec
Oct 22 19:43:19 localhost ntpd[18368]: Listening on interface wildcard, 0.0.0.0#123
Oct 22 19:43:19 localhost ntpd[18368]: Listening on interface wildcard, ::#123
Oct 22 19:43:19 localhost ntpd[18368]: Listening on interface lo, 127.0.0.1#123
Oct 22 19:43:19 localhost ntpd[18368]: Listening on interface eth0, 192.168.1.20#123
Oct 22 19:43:19 localhost ntpd[18368]: kernel time sync status 0040
Oct 22 19:43:19 localhost ntpd[18368]: frequency initialized 0.000 PPM from /var/lib/ntp/ntp.drift
Oct 22 19:46:37 localhost ntpd[18368]: synchronized to LOCAL(0), stratum 13
Oct 22 19:46:37 localhost ntpd[18368]: kernel time sync disabled 0041
Oct 22 19:47:41 localhost ntpd[18368]: kernel time sync enabled 0001
Oct 22 19:57:21 localhost ntpd[17938]: sendto(80.74.64.1): Bad file descriptor
Oct 22 19:57:23 localhost ntpd[17938]: sendto(192.168.0.100): Bad file descriptor
Oct 22 20:18:50 localhost ntpdate[18458]: step time server 64.34.193.47 offset 1057.438487 sec
Oct 22 20:30:00 localhost ntpdate[18503]: step time server 192.245.169.15 offset 301.009886 sec
Oct 22 20:37:05 localhost ntpd[17938]: sendto(80.74.64.1): Bad file descriptor
Oct 22 20:37:06 localhost ntpd[17938]: sendto(192.168.0.100): Bad file descriptor
Oct 22 20:43:30 localhost ntpd[18368]: ntpd exiting on signal 15
Oct 22 20:57:02 localhost ntpd[2241]: ntpd 4.2.0a@1:4.2.0a+stable-2-r Fri Aug 26 10:30:12 UTC 2005 (1)
Oct 22 20:57:02 localhost ntpd[2241]: precision = 3.000 usec
Oct 22 20:57:02 localhost ntpd[2241]: Listening on interface wildcard, 0.0.0.0#123
Oct 22 20:57:02 localhost ntpd[2241]: Listening on interface wildcard, ::#123
Oct 22 20:57:02 localhost ntpd[2241]: Listening on interface lo, 127.0.0.1#123
Oct 22 20:57:02 localhost ntpd[2241]: Listening on interface eth0, 192.168.1.20#123
Oct 22 20:57:02 localhost ntpd[2241]: kernel time sync status 0040
Oct 22 20:57:02 localhost ntpd[2241]: frequency initialized 0.000 PPM from /var/lib/ntp/ntp.drift
Oct 22 21:00:23 localhost ntpd[2241]: synchronized to LOCAL(0), stratum 13
Oct 22 21:00:23 localhost ntpd[2241]: kernel time sync disabled 0041
Oct 22 21:01:28 localhost ntpd[2241]: kernel time sync enabled 0001
Oct 23 13:33:18 localhost ntpdate[4680]: step time server 80.121.153.134 offset 27142.614603 sec
Oct 23 15:03:06 localhost ntpd[2241]: ntpd exiting on signal 15
Oct 23 16:21:03 localhost ntpd[2248]: ntpd 4.2.0a@1:4.2.0a+stable-2-r Fri Aug 26 10:30:12 UTC 2005 (1)
Oct 23 16:21:03 localhost ntpd[2248]: precision = 2.000 usec
Oct 23 16:21:03 localhost ntpd[2248]: Listening on interface wildcard, 0.0.0.0#123
Oct 23 16:21:03 localhost ntpd[2248]: Listening on interface wildcard, ::#123
Oct 23 16:21:03 localhost ntpd[2248]: Listening on interface lo, 127.0.0.1#123
Oct 23 16:21:03 localhost ntpd[2248]: Listening on interface eth0, 192.168.1.20#123
Oct 23 16:21:03 localhost ntpd[2248]: kernel time sync status 0040
Oct 23 16:21:03 localhost ntpd[2248]: frequency initialized 0.000 PPM from /var/lib/ntp/ntp.drift
Oct 23 16:24:21 localhost ntpd[2248]: synchronized to LOCAL(0), stratum 13
Oct 23 16:24:21 localhost ntpd[2248]: kernel time sync disabled 0041
Oct 23 16:25:25 localhost ntpd[2248]: kernel time sync enabled 0001
spamshield:~#



0
 
LVL 5

Expert Comment

by:kyle_in_taiwan
ID: 17786691
This is what mine looks like:

Oct 22 11:38:58 localhost ntpd[4943]: synchronized to 80.51.167.97, stratum 2
Oct 22 12:21:00 localhost ntpd[4943]: synchronized to 192.245.169.15, stratum 1
Oct 22 12:37:22 localhost ntpd[4943]: time reset -0.205040 s
Oct 22 12:37:52 localhost ntpd[4943]: synchronized to 80.51.167.97, stratum 2
Oct 22 12:44:16 localhost ntpd[4943]: synchronized to 192.245.169.15, stratum 1
Oct 22 20:16:08 localhost ntpd[4943]: time reset -0.150098 s
Oct 22 20:16:37 localhost ntpd[4943]: synchronized to 80.51.167.97, stratum 2
Oct 22 20:20:05 localhost ntpd[4943]: synchronized to 192.245.169.15, stratum 1
Oct 23 03:31:51 localhost ntpd[4943]: time reset +0.182851 s
Oct 23 03:32:16 localhost ntpd[4943]: synchronized to 216.46.5.9, stratum 3
Oct 23 03:35:46 localhost ntpd[4943]: synchronized to 192.245.169.15, stratum 1
Oct 23 09:34:25 localhost ntpd[4943]: time reset +0.209665 s
Oct 23 09:34:43 localhost ntpd[4943]: synchronized to 192.245.169.15, stratum 1
Oct 23 13:48:45 localhost ntpd[4943]: ntpd exiting on signal 15
Oct 23 13:48:47 localhost ntpd[5016]: ntpd 4.2.2p3@1.1577-o Sat Oct 14 00:25:57 UTC 2006 (1)
Oct 23 13:48:47 localhost ntpd[5017]: precision = 1.000 usec
Oct 23 13:48:47 localhost ntpd[5017]: Listening on interface wildcard, 0.0.0.0#123 Disabled
Oct 23 13:48:47 localhost ntpd[5017]: Listening on interface wildcard, ::#123 Disabled
Oct 23 13:48:47 localhost ntpd[5017]: Listening on interface lo, ::1#123 Enabled
Oct 23 13:48:47 localhost ntpd[5017]: Listening on interface eth0, [IPv6 to local machine]#123 Enabled
Oct 23 13:48:47 localhost ntpd[5017]: Listening on interface lo, 127.0.0.1#123 Enabled
Oct 23 13:48:47 localhost ntpd[5017]: Listening on interface eth0, [IPv4 to local machine]#123 Enabled
Oct 23 13:48:47 localhost ntpd[5017]: kernel time sync status 0040
Oct 23 13:48:48 localhost ntpd[5017]: frequency initialized -210.853 PPM from /var/lib/ntp/ntp.drift


It appears that this line:
Oct 22 20:57:02 localhost ntpd[2241]: ntpd 4.2.0a@1:4.2.0a+stable-2-r Fri Aug 26 10:30:12 UTC 2005 (1)

Signifies when the software was installed (i did a major upgrade last weekend).  But i might be wrong about that.


These look like the money, though:

step time server 64.34.193.47 offset 157232.003408 sec
step time server 64.34.193.47 offset 1057.438487 sec
step time server 80.121.153.134 offset 27142.614603 sec

It looks like the servers are returning big offsets with your local clock, and ntp is trying to compensate for them.

What does your ntp.conf file look like?



0
 
LVL 5

Expert Comment

by:kyle_in_taiwan
ID: 17786722
Also, i'd suggest you look at this page (it should be in the same place on your machine):

file:////usr/share/doc/ntp-doc/html/debug.html

It suggests typing:

$ nptq -n

which then goes to:

ntpq>

and you should then enter "pe" to see a table that describes the ntp hosts you're contacting, and the time information they're returning.  Mine looks like this:

ntpq> pe
     remote             refid                   st t when poll reach   delay   offset     jitter
==============================================================================
+64.34.193.47      67.19.103.173    3 u    54  128  377  402.490  -16.795 111.955
-80.121.153.135  194.42.48.120     3 u  104  128  337  713.352   87.413   54.424
+64.235.105.7     198.82.1.201       3 u  108  128  333  438.954  -10.233 117.768
*208.201.242.2   69.25.96.11         2 u    44  128  177  419.209   19.454  101.433
0
 
LVL 1

Author Comment

by:davesneilson
ID: 17786724
NTP.CONF
# /etc/ntp.conf, configuration for ntpd

# ntpd will use syslog() if logfile is not defined
#logfile /var/log/ntpd

driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example


# pool.ntp.org maps to more than 100 low-stratum NTP servers.
# Your server will pick a different set every time it starts up.
#  *** Please consider joining the pool! ***
#  ***  <http://www.pool.ntp.org/#join>  ***
server pool.ntp.org
server ntp.massey.ac.nz
server ntp.public.otago.ac.nz
server tk1.ihug.co.nz
server ntp.iprolink.co.nz
server 192.168.0.100  #this is a windows based time server on the LAN

#server pool.ntp.org
## uncomment for extra reliability

# ... and use the local system clock as a reference if all else fails
# NOTE: in a local network, set the local stratum of *one* stable server
# to 10; otherwise your clocks will drift apart if you lose connectivity.
server 127.127.1.0
fudge 127.127.1.0 stratum 13

# By default, exchange time with everybody, but don't allow configuration.
# See /usr/share/doc/ntp-doc/html/accopt.html for details.
restrict default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1 nomodify

# Clients from this (example!) subnet have unlimited access,
# but only if cryptographically authenticated
#restrict 192.168.123.0  mask  255.255.255.0 notrust

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet,
# de-comment the next lines. Please do this only if you trust everybody
# on the network!
#disable auth
#broadcastclient

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 5

Expert Comment

by:kyle_in_taiwan
ID: 17786741
My immediate suspicion is that your ntp client isn't able to contact external hosts, probably because of something that's happening in the firewall.  I noticed these lines:

Oct 22 19:40:16 localhost ntpd[17938]: sendto(80.74.64.1): Bad file descriptor
Oct 22 19:40:16 localhost ntpd[17938]: sendto(192.168.0.100): Bad file descriptor

are repeated at every re-start, and also this:

Oct 22 20:57:02 localhost ntpd[2241]: frequency initialized 0.000 PPM from /var/lib/ntp/ntp.drift
Oct 22 21:00:23 localhost ntpd[2241]: synchronized to LOCAL(0), stratum 13

The "frequency" comment means that your CPU drift hasn't yet been properly measured, so the ntp client doesn't know how to compensate for cpu time drift.  The "sync'ed to LOCAL" looks like your client can't contact any external hosts;  "stratum 13" indicates that your clock is being set to a very unreliable source (hosts that have access to atomic or radio clocks, for instance, are classified as "stratum 1";  it's suggested that no-one use anything lower than a stratum 2).  These are indicative of circumstances where your client cannot connect to an external host, and so it looks around for one on the local network (or even itself).  One workaround for this is to make sure that the client-queries are always configured with the "iburst" tag.  Seeing that you're using sarge -- which is an old distribution -- it may be that you need to configure something like that by hand.
0
 
LVL 5

Expert Comment

by:kyle_in_taiwan
ID: 17786747
Cross-posted there.
0
 
LVL 5

Expert Comment

by:kyle_in_taiwan
ID: 17786780
My ntp.conf (from Debian Etch):

# /etc/ntp.conf, configuration for ntpd

driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example

# pool.ntp.org maps to more than 300 low-stratum NTP servers.
# Your server will pick a different set every time it starts up.
#  *** Please consider joining the pool! ***
#  *** <http://www.pool.ntp.org/join.html> ***
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst

# By default, exchange time with everybody, but don't allow configuration.
# See /usr/share/doc/ntp-doc/html/accopt.html for details.
restrict default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1 nomodify

# Clients from this (example!) subnet have unlimited access,
# but only if cryptographically authenticated
#restrict 192.168.123.0  mask  255.255.255.0 notrust

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet,
# de-comment the next lines. Please do this only if you trust everybody
# on the network!
#disable auth
#broadcastclient


Notice the "iburst" flags at the end of the server declarations;    this SuSE page points out that this can cause problems:

"The solution is to make NTP more persistent when probing the remote time server. This is done by appending the flags burst and iburst to the remote server; burst tells NTP to send a burst of eight packets to the remote server instead of one when the server is reachable, and iburst tells it to do the same when the server is not reachable. The result is faster and more reliable synchronizations."
(http://www.novell.com/coolsolutions/feature/15345.html)

I'm not sure if that's got any relevance to your current problem, but from what i can tell the main problem is that your client isn't successfully contacting the external servers, and after looking at our config files that -- and the particulars of your server choices -- seem to be the only differences.

Unfortunately, i have no experience whatsoever with Windows time servers, so i am utterly unqualified for any speculation about those possibilities.
0
 
LVL 1

Author Comment

by:davesneilson
ID: 17786787
Thanks Kyle - will try iburst  - appreciate the help :)
0
 
LVL 1

Author Comment

by:davesneilson
ID: 17786838
Have set to your servers - no difference, like you say not contacting the servers, perhaps the debian box (is that a VOX when its virtual :)   )    has outbound firewall rules ??  (its not our firewall)
0
 
LVL 1

Author Comment

by:davesneilson
ID: 17786861
Erm..... have just found that udp 123 needs to be opened to the box - cough cough...    I guess this will fix it  :(
0
 
LVL 5

Accepted Solution

by:
kyle_in_taiwan earned 500 total points
ID: 17786868
;-)  Good on ya.  

0
 
LVL 1

Author Comment

by:davesneilson
ID: 17786874
Thanks for all the help - the points are yours
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now