0

I am trying to configure ntp to synchronize the time of my server. When I run ntpdate -dq 1.rhel.pool.ntp.org I got the following error.

no server suitable for synchronization found

I am on professional environment, so I guess there is a firewall blocking the connection to ntp server but I don't know how to prove it and solve it.

I tried to follow this post : NTP can't synchronise or find a suitable server but I am not able to ping 1.rhel.pool.ntp.org, the ping command is not responding.

I am using Red Hat 4.1.2. Could you please help me to investigate and find the root cause ?

Edit

Based on the comment, you could the the output of some commands

[root@MY ~]# iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Community
  • 1
Flows
  • 101
  • 3
  • 1
    `ping` is not a good test of NTP connectivity. Could we see the output of `iptables -L -n -v` on the server? Is `ntptrace` installed? – MadHatter Jun 24 '16 at 14:47
  • Not able to ping as in not resolving at all or just no reply? – xstnc Jun 24 '16 at 14:48
  • @xstnc : the `ping` command is not responding. @MadHatter : I updated my post with `iptables` command – Flows Jun 24 '16 at 15:14
  • `ntptable` is installed – Flows Jun 24 '16 at 15:16
  • Due to amplification attacks, some ISPs are blocking NTP traffic. If you have IPv6 connectivity, you may want to try a server with IPv6 connectivity. – BillThor Jun 24 '16 at 23:09

1 Answers1

1
24 Jun 16:46:38 ntpdate[30431]: ntpdate 4.2.6p5@1.2349-o Fri Apr 10 19:04:04 UTC 2015 (1)
server 91.148.192.49, stratum 2, offset 0.029175, delay 0.03041
server 95.211.224.12, stratum 2, offset 0.025579, delay 0.03125
server 37.97.195.195, stratum 2, offset 0.025274, delay 0.02983
server 213.109.127.195, stratum 2, offset 0.023653, delay 0.03355
24 Jun 16:46:54 ntpdate[30431]: adjust time server 37.97.195.195 offset 0.025274 sec

You mentioned you're on a professional environment. That being said, its quite common to block access to any NTP from-to the WAN and just allow one specific machine to update. That turning into your local NTP server.

Please check: You're not blocking the ports, using iptables:

iptables -L -n -v | grep 123

If yuou're unable to find anything there, then probably you're being blocked upstream, to check if the server is up and running:

https://keetweej.vanheusden.com/query_ntp_do.php

You will find an output equal to the one I provided above against the NTP server you provided.

Unfortunately if you're being blocked upstream you should contact the provider-IT person to either unblock your server or ask what NTP server you should query?.

ddemuro
  • 21
  • 5
  • `iptables -L -n -v | grep 123` returns nothing. When trying to launch the website you gave as example, I have the following error : `Unable to generate public/private key pair. (Error code: sec_error_keygen_fail)` It works on my desktop computer (not the server) – Flows Jun 24 '16 at 15:25
  • 1
    That sounds like an SSL problem. The website does use HTTPS. Sounds to me you're using an old browser on the server. That being said clearly there's no block on the server. I think your biggest issue right now is having blocked ports. Do you have access to the firewall?. Have you tried instead using the gateway as NTP server?. – ddemuro Jun 24 '16 at 20:17