IBM Support

How to configure NTP in your environment and common issues that can occur

How To


Summary

This document describes how to correctly configure the Network Time Protocol (NTP) implementation in an AIX environment and how to resolve basic known issues.

Objective

The objective for this technote is to properly configure an AIX LPAR into an existing NTP structure. Details about the available NTP service in your organization need to be provided someone who provides network connectivity for your LPAR, which usually is your (local or remote) networking department.

Steps

1. Discover the state of your NTP subsystem on your LPAR
Check how is your xntpd daemon configured by the command lssrc -s xntpd
root@pascal# lssrc -s xntpd
Subsystem         Group            PID          Status
xntpd            tcpip                         inoperative
If the system was never properly configured the output indicates the service is inoperative, and is missing the PID of the running process.
- if the xntpd is active, proceed to step 5.
2. Checking of reach your NTP server
The command that can query the NTP server is ntpdate -q <hostname or IP>. If there is no time source defined for your organization and your LPAR has direct access to the internet you might use a public server from http://ntp.org.
In this case, we have an NTP server in the local network:
root@pascal# ntpdate -q descartes
server 9.138.236.8, stratum 3, offset 60.999329, delay 0.02573
29 May 00:38:20 ntpdate[4981126]: step time server 9.138.236.8 offset 60.999329
From the output, we can find
- what IP address the NTP servers possess,
- what the stratum and offset (how large is the time difference from LPAR to NTP server) are,
- and what delay was between request and response. This command does not synchronize the time.
To synchronize the time with a specific NTP server, use the command ntpdate <server>
root@pascal# ntpdate descartes
29 May 00:39:44 ntpdate[4981128]: step time server 9.138.236.8 offset 60.999368
If you are unable to reach any NTP server, contact your network provider or local network team.
3. Configure /etc/ntp.conf

The default configuration looks this way:

broadcastclient
driftfile /etc/ntp.drift
tracefile /etc/ntp.trace

We can comment option "broadcastclient" in case we do not want to use the broadcast option on NTP server.

Also, we can add a line "server <hostname or IP address>" with priority for the server that we chose as preferred. So the whole configuration might look like this with multiple servers

# broadcastclient
driftfile /etc/ntp.drift
tracefile /etc/ntp.trace
server server1.domain.com prefer
server server2.domain.com
server 192.168.88.1

Files ntp.drift and ntp.trace do not need to exist (they are created during the first start of xntpd daemon). In case you accidentally delete ntp.conf you can find the generic configuration file at this location:

root@pascal# ls -la /usr/lpp/bos.net/inst_root/etc/ntp.conf
-rw-rw-r--    1 root     system          993 Sep 17 2014  /usr/lpp/bos.net/inst_root/etc/ntp.conf
4. Start and Stop service xntpd 
If the system was never configured with xntpd, then must be ensured that daemon will start automatically after boot of LPAR by command chrctcp
root@pascal# chrctcp -S -a xntpd
0513-059 The xntpd Subsystem has been started. Subsystem PID is 11534750.
Also, there is a command to stop the xntpd and to ensure to not start it automatically:
root@pascal# chrctcp -S -d xntpd
0513-044 The /usr/sbin/xntpd Subsystem was requested to stop.
The commands startsrc and stopsrc can be used to ad hoc start and stop the xntpd daemon:
root@pascal# startsrc -s xntpd
0513-059 The xntpd Subsystem has been started. Subsystem PID is 9240866.
root@pascal# stopsrc -s xntpd
0513-044 The /usr/sbin/xntpd Subsystem was requested to stop.
If you want xntpd to reload a changed configuration, the command "refresh" can be used, but xntpd must be operational.
root@pascal# refresh -s xntpd
0513-095 The request for subsystem refresh was completed successfully.
5. Working with xntpd daemon
After you start xntpd daemon, it will take time (possibly more than 10 minutes) until it is fully synchronized. Command for status and showing offset (how different is local time from referent time) is ntpq -p
root@pascal# ntpq -p
     remote           refid      st t when poll reach   delay   offset    disp
==============================================================================
*ntp.nic.cz      .GPS.            1 u  163  256  377    40.07   -0.574    4.14
+tik.cesnet.cz   tak.cesnet.cz    2 u  138  256  377    48.36    1.429    3.40
+time3.google.co .GOOG.           1 u  144  256  377    35.08   -0.300    0.67
The symbol "*" shows which NTP source is used for synchronizing. More detailed output can be gathered by command lssrc -ls xntpd that shows the same information as "Sys peer":
This command provides general information about the active xntpd server: synced servers, their stratum, offset from a reference time, count of servers, their IP address.  See more information in section 7.
nim:/root# lssrc -ls xntpd
 Program name:    xntpd
 Version:         3
 Leap indicator:  00 (No leap second today.)
 Sys peer:        ntp.nic.cz
 Sys stratum:     2
 Sys precision:   -16
 Debug/Tracing:   DISABLED
 Root distance:   0.040192
 Root dispersion: 0.011749
 Reference ID:    217.31.202.100
 Reference time:  e09845b2.738db000  Wed, May 29 2019  1:41:38.451
 Broadcast delay: 0.003906 (sec)
 Auth delay:      0.000122 (sec)
 System flags:    bclient pll filegen
 System uptime:   26680 (sec)
 Clock stability: 0.007950 (sec)
 Clock frequency: 0.000000 (sec)
 Peer: time3.google.com
      flags: (configured)(sys peer)
      stratum:  1, version: 3
      our mode: client, his mode: server
 Peer: ntp.nic.cz
      flags: (configured)(sys peer)
      stratum:  1, version: 3
      our mode: client, his mode: server
 Peer: tik.cesnet.cz
      flags: (configured)(sys peer)
      stratum:  2, version: 3
      our mode: client, his mode: server
Subsystem         Group            PID          Status
 xntpd            tcpip            7667850      active
6. Logging of NTP
There are two basic approaches to how to obtain logs from NTP:

a) Directly from xntpd to the file

In configuration file of NTP specify log file:
logconfig =syncevents +peerevents +sysevents +allclock
logfile /var/log/ntp.log
And the output looks like this:

b) Directly to the syslog according to facility:

Add this line to the /etc/ntp.conf
logconfig =all
Add this line to the /etc/syslog.conf file:
daemon.debug   /var/log/syslog.log
Make sure that file /var/log/syslog.log exists
Start or restart syslog by using the commands 
stopsrc -s syslogd 
startsrc -s syslogd
7. Common issues

a) Slew issue

Slew mode is used to avoid any unwanted time jumps - especially for a Cluster or DB environment. If you care about preventing time from stepping backward only, then use the "-x" flag. This scenario is the most common.

chssys -s xntpd -a "-x"

If you want to always slew the clock, then use "slewalways yes". Add the following line into the /etc/ntp.conf:

slewalways yes

b) Time goes insane

In the following issue, the time difference is higher than 1000 seconds. The xntpd server is not able to synchronize the time.
If lssrc -ls xntpd shows
Sys peer:        no peer, system is insane
or ntpq -p lost * in the server list
     remote           refid      st t when poll reach   delay   offset    disp
==============================================================================
 ntp.nic.cz      .GPS.            1 u   64   64   17    40.05  -359956 1875.03
 tik.cesnet.cz   tak.cesnet.cz    2 u   63   64   17    40.94  -359956 1875.05
 time1.google.co .GOOG.           1 u   62   64   17    30.26  -359956 1875.06

Stop manually xntpd

stopsrc -s xntpd
Synchronize manually with one of the NTP servers
root@pascal# ntpdate tik.cesnet.cz
30 May 00:36:53 ntpdate[7667882]: step time server 195.113.144.201 offset -3599.562547
Start again xntpd
startsrc -s xntpd

c) Cannot start xntpd (stays in inoperative mode)

Ensure that in /etc/netsvc.conf is following entry
hosts=local, bind4
Check in /etc/ntp.conf for errors in the name server, or use the hostname's IP address

d) NTP clients report "Synchronization Lost"

Their NTP server lost its connection to the time source. Observe whether the NTP server can reach its NTP sources.

Additional Information

SUPPORT

If you require more assistance, use the following step-by-step instructions to contact IBM to open a case for software with an active and valid support contract.  

1. Document (or collect screen captures of) all symptoms, errors, and messages related to your issue.

2. Capture any logs or data relevant to the situation.

3. Contact IBM to open a case:

   -For electronic support, see the IBM Support Community:
     https://www.ibm.com/mysupport
   -If you require telephone support, see the web page:
      https://www.ibm.com/planetwide/

4. Provide a clear, concise description of the issue.

 - For more information, see: Working with IBM AIX Support: Describing the problem.

5. If the system is accessible, collect a system snap, and upload all of the details and data for your case.

 - For more information, see: Working with IBM AIX Support: Collecting snap data

Document Location

Worldwide

Operating System

AIX:All operating systems listed

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"NTP","Platform":[{"code":"PF002","label":"AIX"}],"Version":"AIX 6.1, 7.1, 7.2","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
09 August 2022

UID

ibm10885931

Page Feedback