The Geek Diary

CONCEPTS | BASICS | HOWTO

Command ntpstat Shows unsynchronised (CentOS/RHEL)

By

The ntpstat command output shows “unsynchronised”:

# ntpstat 
unsynchronised
time server re-starting

The “ntpq -p ” command output shows none of ntp servers is chosen:

# ntpq -p
==========================================
   remote           refid      st t when poll reach   delay   offset  jitter
===============================================
ntp-server   .INIT.          16 u    -   16    0    0.000    0.000   0.000
ntp-server   .INIT.          16 u    -   16    0    0.000    0.000   0.000

The as command output shows both ntp servers are rejected:

# ntpq> as
ind assID status conf reach auth condition last_event cnt
===========================================================
1 54459 8000 yes yes none reject
2 54460 8000 yes yes none reject

The rv command output shows both ntp servers are in “unreach” status:

# ntpq> rv 54459
assID=54459 status=8000 unreach, conf, no events,
srcadr=, srcport=123, dstadr=x.x.x.x, dstport=123, leap=11,
..........
# ntpq> rv 54460
assID=54460 status=8000 unreach, conf, no events,
srcadr=, srcport=123, dstadr=x.x.x.x, dstport=123, leap=11,
..........

The Solution

restrict default ignore” in ntp configuration file prevents the access from remote ntp server. The ntp configuration file is as following:

# cat /etc/ntp.conf
restrict default kod nomodify notrap nopeer noquery ignore
restrict -6 default kod nomodify notrap nopeer noquery ignore
...

“restrict default ignore” will prevent access not only from all clients but also from all remote ntp servers.

Solution 1

1. Edit /etc/ntp.conf and modify the configuration to allow unrestricted access from all machines:

Change from:

restrict default kod nomodify notrap nopeer noquery ignore
restrict -6 default kod nomodify notrap nopeer noquery ignore

To

restrict default
restrict -6 default

2. Restart ntpd service:

# service ntpd restart

3. Wait for a few minutes, then run “ntpq -p” to check if it works.

Solution 2

1. Edit /etc/ntp.conf and modify the configuration to allow unrestricted access from a specific ntp server:

Change from:

restrict default kod nomodify notrap nopeer noquery ignore
restrict -6 default kod nomodify notrap nopeer noquery ignore

To

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict xxx.xxx.xxx.xxx (IP address of a specific ntp server)

2. Restart ntpd service:

# service ntpd restart

3. Wait for a few minutes, then run “ntpq -p” to check if it works.

You May Also Like