Re: [ntp:questions] NTPD silently not tracking

2013-08-30 Thread Magnus Danielson 
On 08/30/2013 04:17 AM, E-Mail Sent to this address will be added to the
BlackLists wrote:
 Magnus Danielson wrote:
 We had another incident where a node configured with multiple NTP
 sources had an NTPD which when asked with ntpdc have peers, looks like
 things are all OK, but with offsets less than a second, while the node
 in fact was 6 days off the mark. Only on a number of ntpdc querries did
 some of the peers expose a gigantic offset. Everything looked OK, but
 time was off such that normal remote login did not work.

 The error was way to non-obvious and felt like a Heisenbug in that only
 when we looked more carefully at it, it started to see itself that it
 was out of touch with reality.

 ii  ntp   1:4.2.6.p5+d i386   Network Time Protocol daemon and
 What ntpdc commands did you issue, and what results did you get?

 Did you also try ntpq commands, did you see differing results?
 ntpq -n -c rv 0 leap
 ntpq -n -c rv 0 stratum
 ntpq -n -c rv 0 refid
 ntpq -n -c rv 0 offset
 ntpq -n -c rv 0 rootdisp
Unfortunatly no. I got the call after the fact, but lack of remote login
due to time error would prohibit  me from doing anything anyway. The
server needed to be operational rather than optimize for NTP debugging.
 Have you tried a newer version of NTP ?
 http://www.ntp.org/downloads.html
 http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/
 http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p385.tar.gz
No, I listed the affected version as packaged by Debian.
 Don't use Undisciplined Local Clock 27.127.1.0
  Try Orphan instead is you need LAN NTP clients to stick together
   while LAN and/or Internet NTP servers become unavailable.
  ...
  keys /etc/ntp.keys # e.g. contains: 123 M LAN_MD5_KEY , 321 M Corp_MD5_KEY 
 , ...
  trustedkey 123 321
  tos cohort 1 orphan 10
  restrict source nomodify
  manycastserver  224.0.1.1
  manycastclient  224.0.1.1 key 123 preempt
  ...


It has 2 stratum 1 and 3 stratum 2 unicast servers configured. NTP wise
this machine is a client with 5 configured servers. The problem was that
it was way off time with no apparent indication, which is wrong.

Cheers,
Magnus
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTPD silently not tracking

2013-08-30 Thread Steve Kostecke 
On 2013-08-30, Magnus Danielson mag...@rubidium.dyndns.org wrote:

 On 08/30/2013 04:17 AM,  BlackLists wrote:

 Have you tried a newer version of NTP ?
 http://www.ntp.org/downloads.html

[snip]

 No, I listed the affected version as packaged by Debian.

We have an autobuilder which packages the current ntp-dev snapshot:

http://packages.ntp.org/debian/

-- 
Steve Kostecke koste...@ntp.org
NTP Public Services Project - http://support.ntp.org/

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTPD silently not tracking

2013-08-30 Thread E-Mail Sent to this address will be added to the BlackLists 
Magnus Danielson wrote: BlackLists wrote:
 What ntpdc commands did you issue, and what results did you get?

 Unfortunatly no. I got the call after the fact,
  but lack of remote login due to time error would prohibit
  me from doing anything anyway.
 The server needed to be operational rather than optimize
  for NTP debugging.

What ntpdc commands did the other people issue?

Kinda hard to try and duplicate / troubleshoot with no real info,
 except its broke.


 Have you tried a newer version of NTP ?

 No, I listed the affected version as packaged by Debian.

Supposing there is an real issue,
 perhaps it has already been fixed in a more recent version.


 It has 2 stratum 1 and 3 stratum 2 unicast servers configured.
  NTP wise this machine is a client with 5 configured servers.
 The problem was that it was way off time with no apparent indication,
  which is wrong.

Don't use Undisciplined Local Clock 127.127.1.0

 It can run away all by itself, and there is nothing wrong with that.
  If that is a issue change to orphan.


Provide all information necessary to duplicate  troubleshoot the issue?

 ntp.conf, (obstruficate as necessary);
  ntpdc commands issued to monitor the server.

Without those, I don't think anyone can hope to guess if there really is a 
issue,
 or even begin to troubleshoot the issue if it does exist.

-- 
E-Mail Sent to this address blackl...@anitech-systems.com
  will be added to the BlackLists.

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions