Troubleshooting tips on testing and configuring NTP for time synchronization on RSA Identity Governance & Lifecycle servers
Originally Published: 2016-07-22
Article Number
Applies To
RSA Version/Condition: All
O/S Version: SuSE Enterprise/Red Hat Enterprise Server
Issue
Resolution
- hwclock: This will show you the motherboard's clock value
- date: This will show you the server's time, with the timezone offset applied.
- date -u: This will show you what the server time is in GMT / UTC time.
- ls -l /etc/localtime: This will often show a soft link to a file under the /usr/share/zoneinfo path.
The commands listed above are good for looking at what the current time is, but if you want to automate the time being correct you would configure NTP.
NTP configuration is stored within the /etc/ntp.conf file. The entries of interest are the lines that start with server. For instance:
server time.nist.gov
After you make changes to the /etc/ntp.conf file, you need to restart the daemon for the changes to be re-read. For example, as the root user:
- For SuSE:
service ntp restart
- For Red Hat:
service ntpd restart
To check to see if the server is reachable you would run the commands:
# ntpq -n ntpq> as ntpq> pe
Here is an example of what the output looks like:
In the as output above, the #1 server is the first server entry in the ntp.conf file. It is local and it is reachable. The second server is the second server entry in the ntp.conf file. It is web-based and not reachable.
The pe command not only shows that the server was queried, but it also gives some information into the offset of how far off this system's time is in comparison to the NTP server's time.
If none of your servers are reachable but you have a Windows domain that is reachable, most Windows domain controllers answer to NTP time requests. You can add a server line for one or more servers, restart the service, then attempt the ntpq commands to verify connectivity.
