ntpstat shows unsynchronised

[avij]

Mar 10 17:57:11 prod1 ntpd[23030]: line 18 column 23 syntax error, unexpected T_String, expecting T_EOC
Mar 10 17:57:11 prod1 ntpd[23030]: syntax error in /etc/ntp.conf line 18, column 23

Oh, you should have mask in there, not netmask.

But I think that is probably irrelevant. I think your problem is more of an ESXi problem than a CentOS problem.

The "reach 377" means your CentOS ntpd was able to connect to the upstream time source without issues. 11111111 = 377 in octal, and 377 is the maximum reachability value. And because you have the "iburst" keyword in your config for the upstream time server, ntpd will send a burst of requests at startup and will typically be able to synchronize in a few seconds.

You ran ntpdate twice, but the offset in the second invocation was higher than what I would have expected. The first invocation should have set the clock close to the upstream's clock, and the offset during the 2nd invocation should be really small, a few milliseconds max. Yours was 59 milliseconds. I think this means your guest's clock is locked to your ESXi host's clock, and attempts to change the clock won't succeed. Luckily for you the host's clock seems to be close to your upstream clock, so there's not much of a difference.

I don't have access to ESXi myself, but I think there might be a setting in VM Options -> Time. If the "Synchronize guest time with host" option is checked, ntpd won't be able to set the clock by itself. If that option is checked and you want to let ntpd take care of the time, consider unchecking that option. An alternative would be to make sure your ESXi host's clock is synchronized and let it take care of the clock. In this situation you would not need to run ntpd at all.

And yes, you should arrange that the NTP server's clock is correct. You don't need a GPS clock for it, pointing it to pool.ntp.org is sufficient for the vast majority of use cases. Using the pool will give you a correct time within a few milliseconds, especially if you use multiple upstream servers. If the clock of your organization's time server is correct, you can (and probably should) use that as the time source for the other machines in your network.

[mshafiuddin]

Hi Experts : any update ?

Note : my NTP is having set of clock or GPS is going to make difference ?
what i think it should not be, because clients ( all CentOS ) should take time from NTP ) no matter NTP server taking time from its own clock or external clock.

Please guide me in this NTP issue.

[mshafiuddin]

@avij : I double checked, my all VMs not taking time from ESXi host ( the option for VM to take time from ESXi host is un checked)

[mshafiuddin]

Friends : i have removed # to get updated rest of 3 servers /etc/ntp.conf file
server 10.33.1.30 iburst prefer
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
and have updated mask entry
restrict 10.33.1.30 mask 255.255.255.0 nomodify notrap
But still ntpstat shows unsynchronised

[dunch]

I get a very similar problems on my VMs, all HyperV. The HV Gen1 machines running RHEL 6 seem to be the most affected although this has happened on others. At the moment, I'm just resyncing every time an alert shows up in Nagios but this is happening more frequently and I'm scheduling downtime to make the following changes:

Turn off time synchronisation with the VM host cluster.
Add "notsc divider=10" to the kernel command line
Remove the server and fudge lines containing 127.127.1.0 from /etc/ntp.conf

I'll let you know how I get on in a week or so

[mshafiuddin]

@ dunch : my VMs are hosted on ESXi hypervisor, and my VMs not taking from ESXi ( the check box for "sync time with host" is un checked )

[mshafiuddin]

Hi Experts : Any comment ? for further assistance.

[avij]

Maybe you should post the output of uname -a (without the hostname) that I asked earlier. Timekeeping is a kernel task, that's why your kernel info would be good to know.

[mshafiuddin]

@ avij : Below is the result of uname -a

[root@prod1 ~]# uname -a
Linux prod1 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@prod1 ~]#

[TrevorH]

Can you also post the output from the command iptables-save