8

What issues can you think of that may arise from a wrong system clock setting ?

Primarily interested in potential problems affecting servers and Linux or UNIX-like systems in particular.

And how severe are these consequences, depending on how much the system time is off ? For example, 5 minutes, 30 minutes, 1 hour, 1 day.

Arc
  • 343
  • 4
  • 9

6 Answers6

20

Well for one your timestamps on all your logs will be off and out of sync with other servers making it very hard to figure out when things happened. Also, time synchronization is relied upon for some security protocols (kerberos for example).

So what I'm saying is, most things will continue working normally, some protocols or applications relying on accurate time may break, and you as the admin will generally have some headaches for it.

Configure NTP against a provider like pool.ntp.org or NIST and call it a day.

SpacemanSpiff
  • 8,733
  • 1
  • 23
  • 35
  • Wish I could upvote this more than once. – mfinni Jun 27 '11 at 20:01
  • 1
    Yeah, I was thinking Kerberos and hardware token generators such as RSA SecurID as well. Logs are a good point, although not a directly critical one (at least before Murphy's Law strikes again). I use NTP for my servers except for a virtual server where only the hoster can set the system time, and that same vserver is off-time about 6 minutes right now, which is why I am pondering about this issue right now. – Arc Jun 27 '11 at 20:05
  • Alot of people have trouble with host to guest time issues, I prefer to disable that and let each guest use NTP myself. NetWare machines were notorious for this. – SpacemanSpiff Jun 27 '11 at 20:07
  • well, the only way for me is to contact my provider, as I am not in control of the multi-customer vserver host. – Arc Jun 27 '11 at 20:13
  • Some operating systems have a switch or option to toggle whether or not you sync to "hardware" time, in this case virtual hardware but nonetheless. – SpacemanSpiff Jun 28 '11 at 03:07
8

Here's just a few:

  • MySQL replication
  • Database queries using now() for current date/time
  • rsync backup scripts
  • any other inter-server communication

NTP is the best way to keep your time correct.

sreimer
  • 2,168
  • 14
  • 17
  • didn't even dawn on me to think about database timestamping, what a nightmare that could be :) – SpacemanSpiff Jun 27 '11 at 20:03
  • It helps that I just dealt with that issue – sreimer Jun 27 '11 at 20:10
  • Good point there with timestamps, especially in databases. Applications relying on timestamps for sorting or people relying on timestamps might cause some headaches. – Arc Jun 27 '11 at 20:20
4

One potential source of problems I found today comes from backup or snapshots rotation scripts that rely on the fact that your clock will never go backward, or in other words, that you will never have backups named with dates and times "from the future", which may cause them to just remove those future backups / snapshots (depends on how the scripts are implemented).

Also, some versions of sudo may be vulnerable to clock rollbacks, allowing sudoers with password requirement to gain root without a password.

Arc
  • 343
  • 4
  • 9
4

I'll add that two ISC DHCP servers running in failover mode will fail when the time differs by a certain threshold. They will refuse to restart after having been stopped.

Edit: depending on how it's configured, DNS can fail too because slaves won't be able to download zones from their masters and their cached zones will eventually expire.

joechip
  • 668
  • 3
  • 6
3

Remote desktop and other remote access tools may stop working as they rely on time to authenticate. This can make troubleshooting very frustrating (you try to remote on to fix the problem, but can't even do that).

I had this on a machine that thought somehow thought the year was 8011 rather than 2011. SSL certificates were also expired.

Andy
  • 31
  • 1
2

My most annoying problem yet : Expiring SSL certificates. Very annoying when you can't figure out why they do not work.

Lucas Kauffman
  • 16,818
  • 9
  • 57
  • 92