Resolve NTP leap status not synchronised

Home > Search
  by

On the client

The client will probably be using the ntpd or chronyd daemon, but not both. The service or systemctl command can be used to determine if the client is using chrony or ntpd.

~]# service chrony status
~]# systemctl status chrony

~]# service ntp status
~]# systemctl status ntp

 

If using the ntpd deamon, the ntpstat command can be used to determine if the client is synchronized to the ntpd server. 

~]# ntpstat
synchronised to NTP server (10.0.0.9) at stratum 3 
   time correct to within 17 ms
   polling server every 1024 s

 

If using chrony, the chronyc tracking command can be used to determine if the Leap status is normal or not synchronised.

~]# chronyc tracking
. . .
Leap status    : Not synchronised

 

Ensure the client has the correct entry in the /etc/ntp.conf or /etc/chrony.conf file. There should be an entry such as server ntp.example.com iburst, where ntp.example.com is the NTP server being used for time synchronization, and the 4 pool servers should be commented out.

~]# cat /etc/chrony.conf | grep server
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp.example.com iburst

 

The allow directive should also be commented out on the client, where x.x.x.x/xx is an IP address and prefix.

#allow x.x.x.x/xx 

 

Ensure the ntpd or chronyd daemon is active and running on the client.

~]# systemctl status chronyd
~]# systemctl status ntpd

 

If iptables is being used on the client, ensure iptables has both the INPUT and OUTPUT listings on port 123.

[root@client ~]# cat /etc/sysconfig/iptables | grep 123
-A INPUT -p udp --dport 123 -j ACCEPT
-A OUTPUT -p udp --sport 123 -j ACCEPT

 

If firewalld is being used on the client, ensure firewalld is configured to allow port 123.

~]# firewall-cmd --list-all
. . .
  ports: 123/tcp

 


On the server

The server will probably be using ntpd or chronyd. Ensure the # character does not precede the word "server" in the /etc/ntp.conf or /etc/chrony.conf file. In another words, you want to ensure the "server" section is not commented out.

~]# cat /etc/chrony.conf | grep server
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

 

The allow directive should also not be commented out, where x.x.x.x/xx is an IP address and prefix.

allow x.x.x.x/xx 

 

If iptables is being used on the server, ensure iptables has both the INPUT and OUTPUT listings on port 123.

[root@client ~]# cat /etc/sysconfig/iptables | grep 123
-A INPUT -p udp --dport 123 -j ACCEPT
-A OUTPUT -p udp --sport 123 -j ACCEPT

 

If firewalld is being used on the server, ensure firewalld is configured to allow port 123.

~]# firewall-cmd --list-all
. . .
  ports: 123/tcp

 

If the server is using chrony, use the chronyc activity command to ensure all 4 sources are online.

~]# chronyc activity
200 OK
4 sources online
0 sources offline

 

If the server is using chrony, use the chronyc sources command to ensure chrony is able to talk to source clock NTP servers.

~]# chronyc sources
210 Number of sources = 4
MS Name/IP address          Stratum Poll Reach LastRx Last sample
================================================================================
^* time.tritn.com           2       10   377   106    +4651us[+4599us] +/-  68ms
^+ ns2.uplogon.com          2       10   377   265    -2746us[-2435us] +/-  73ms
^+ time-b.nist.gov          2       10   377   836    -5634us[-5744us] +/- 106ms
^+ mail.coldnorthadmin.com  2       10   377   963    -6522us[-6123us] +/- 143ms

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments


October 16th, 2017 by Mo
Hey, I am unable to get my chronyd sync, I have followed the steps and unfortunately I am failing to get '*'


October 17th, 2017 by Jeremy (moderator)
If the chronyc sources command does not contain a record that begins with *, this means your chronyd service is not synchronised to an NTP reference clock. If "number of sources" is 0, this suggests some configuration issue with your /etc/chrony.conf file. It would be surprising if "number of sources" is 1 or more and the * symbol is not displayed.


October 17th, 2017 by Mo
[root@osctr ~]# chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^? controller 0 10 0 - +0ns[ +0ns] +/- 0ns [root@osctr ~]# cat /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server 10.0.0.11 iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. allow 10.0.0.0/24 # Serve time even if not synchronized to a time source. #local stratum 10 # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking [root@osctr ~]#


October 17th, 2017 by Jeremy (moderator)
I am not quite sure if the /etc/chrony.conf file is the configuration file from your NTP server or NTP client. It looks like you have commented out the 4 CentOS pool servers, and have added "server 10.0.0.11 iburst". This is what you would do to configure a client to connect to a local NTP server. It looks like you have also removed the comment from "allow 10.0.0.0/24", which is what you would do to configure an NTP server so that clients in the 10.0.0.0/24 domain are allowed. In another words, it looks like your configurations is a mixture of both client side and server side setup. I have update the article with these details, so that there is a better distinction between client side config and server side config. Does this help?