[ntp:questions] NTP shows all servers in condition "reject"
martin.burnicki at meinberg.de
Thu Jun 12 08:57:35 UTC 2008
Ronny Egner wrote:
> Steve Kostecke schrieb:
>> On 2008-06-09, Ronny Egner <Ronny.Egner at siv.de> wrote:
>>> The problem i am facing occur on all my new 6 servers
>>> which are all equally configured (Red Hat AS 4 U4, 64-bit).
>> Are they VMs?
> No, physical machines.
>>> server solaris-server
>>> server windows-dc-serverA
>>> server windows-dc-serverB
>> You can reduce the initial sync time from ~ 5 minutes to ~15-20 seconds
>> by appending 'iburst' to your server lines.
> I will try that.
>>> ntpq> peers
>>> remote refid st t when poll reach delay offset jitter
>>> >> solaris-server 10.x.y.2 5 u 18 64 377 0.259 892.342 30.508
>>> windows-dc-serverA 10.x.v.1 4 u 17 64 377 0.214 847.816 50.335
>>> windows-dc-serverB 10.x.v.1 4 u 22 64 377 0.272 923.808 45.667
>> There is a signifiant diference in offsets between those remote time
>> servers. And the jitter is quite high. Are all of these server on the
>> same LAN? Are any at remote sites or reached over a VPN?
> No they are not reacable over a VPN. They are routed through the network
> (quite complicated; but there is no WAN part inbetween).
Assuming the Solaris machine runs real NTP software, the jitter for that
server is pretty high. Do you also observe such jitter for normal ping
requests to the solaris machine?
Concerning the Windows servers - are they running NTP, or w32time? If they
run w32time they may not be good time sources for "real" NTP nodes running
on your Linux machines. Anyway, the fact that the jitter is also high for
these servers lets me assume your network connection is not very good.
> I dont know much about the windows servers. The customer told me i can
> use them for time synchronization - so i did it because the network i
> highly protected from the outside lan.
The question is your customer's understanding of "time synchronization". In
common Windows terms time is synchronized if the system times differ less
than a couple of seconds, since this is sufficient for kerberos
In NTP terms, a few seconds are a huge offset. In fact, ntpd already steps
the system time if the offset exceeds 128 milliseconds (!)
So, in Windows terms, all 3 upstream servers could be called "synchronized"
whereas for NTP the times from those 3 servers differ so much that ntpd is
unable to select the server with the "right" time.
More information about the questions