- Published on
NTP Chronyd and Time
- Authors
- Name
- Jackson Chen
Failover PDC FSMO Role Required Server
This will failover all five FSMO roles to the required server.
The user must be members of Enterprise Admins, Schema Admins and Domain Admins
# ************** PDC-Failover **************
# Query FSMO Role
Netdom query fsmo
Start-Sleep 10
# Move FSMO roles
$targetServer = $env:COMPUTERNAME
Move-ADDirectoryServerOperationMasterRole -Identity $targetServer -OperationMasterRole 0,1,2,3,4 -Confirm:$false
# Verify FSMO roles for confirmation
Netdom query fsmo
Start-Sleep 10
# PDC NTP Configuration / Migrate PDC time role
Net Stop w32time
Start-Sleep 10
# Configure time source
# When configure NTP - either has one NTP server, or minimum 3 NTP servers
w32tm /config /syncfromflags:manual /manualpeerlist:"ntp1.test.lab,ntp2.test.lab,ntp3.test.lab"
# Set the NTP server as trusted server
w32tm /config /reliable:yes
# Restart w32time
Net Start w32time
Start-Sleep 10
# Verify the configuration
w32tm /query /configuration
# Compare the time with the time source
w32tm /stripchart /computer:ntp1.test.lab
Update PDC Server Time Source
This will update the NTP time source for PDC server.
# ************** PDC-NTP-Timesource-Update **************
# PDC NTP Configuration / Migrate PDC time role
Net Stop w32time
Start-Sleep 10
# Update PDC with required NTP sources
w32tm /config /syncfromflags:manual /manualpeerlist:"ntp1.test.lab,ntp2.test.lab,ntp3.test.lab"
# Set the NTP server as trusted server
w32tm /config /reliable:yes
# Restart w32time
Net Start w32time
Start-Sleep 10
# Verify the configuration
w32tm /query /configuration
# Compare the time with the time source
w32tm /stripchart /computer:ntp1.test.lab
Update Domain Member Server NTP Configuration
Update domain member server with NTP source using domain or PDC server
# ************** MemberServer-NTP-Configuration **************
# Configure NTP domain hierarchy synchronization
w32tm /config /syncfromflags:domhier /update
# Restart w32time
net stop w32time
Start-Sleep 10
Net Start w32time
Start-Sleep 10
# Verify configuration
w32tm /query /configuration
# Compare time with time source
w32tm /stripchart /computer:ntp1.test.lab
Useful Troubleshooting Commands
Windows Servers
# Verify NTP server sync status
w32tm /query /status /verbose
w32tm /monitor
# Comparing the time with time source
w32tm /stripchart /computer:<time-source>
w32tm /stripchart /computer:<NTPServerNameOrIP> /dataonly /samples:x
Where
x is the number of returns or samples to query
# Force sync time with its source
Net time /SET /Y
# Force resynce
W32tm /resync
# Get time from remote system
net time \\<HostName>
# Get time from domain
net time /domain
# Query
net time /querysntp
# To find out the current time
net time
# Find out server NTP configuration
w32tm /query /configuration
## Verify the domain controller time sync
w32tm /monitor /domain:<Domain Name FQDN>
w32tm /monitor
# Resync
w32tm /resync
w32tm /resync /nowait /rediscover
# Monitor and query
w32tm /query /status
# Update ntp configuration and resync
w32tm /config /update
w32tm /resync /rediscover
Linux Servers
# In Linux to get time with upto milliseconds
date +"%Y%m%d.%H%M%S%2N"
Cisco Switch as time source
*** Important ***
In Cisco environment, we may need to use 0x8 for peerlist
How to force or manually sync system time with NTP server
1. Stop chronyd
systemctl stop chronyd
2. ntpdate <ntp-server-fqdn | ntp-server-ip>
# without -q where -q for query
3. ntpdate -q <ntp-server-fqdn | ntp-server-ip>
# verify time synchronization offset status
4. Other verification
date;timedatectl
date;hwclock # compare datetime with hardware clock
chronyc sources -v
5. start chronyd
systemctl start chronyd
ntpdate
https://www.cyberithub.com/ntpdate-command-examples-in-linux-rhel-centos-7-8/
- Simply run ntpdate command in your Linux Command Line interface and check whether your client machine is getting synced with any of the NTP Server
ntpdate
# No ntp server configure, if return result like no servers can be used
- Test Connection to a NTP Server
ntpdate -q pool.ntp.org
ntpdate -q <ip>
-q : Query only
# don't set the clock. More on ntpdate command Man Page.
Note it will show
a. stratum NTP server stratum level
b. offset 'offset' in sec between the system and NTP server
c. delay the round trip time or latency with the NTP Server
- Sync or force sync time with NTP server
ntpdate <ntp-server-fqdn>
ntpdate <ntp-server-ip>
# May need to run couple of times
- Synchronize with Hosts beyond the Firewall
ntpdate -u pool.ntp.org
ntpdate -u <ip>
-u option # always use the unprivileged ports
- Enable Debugging Mode
ntpdate -d pool.ntp.org
-d # debug, show detail communication
- Use Verbose Mode with ntpdate
ntpdate -v pool.ntp.org
-v # verbose
- Force Step up the time rather than adjust
ntpdate -vb pool.ntp.org
-b : Force the time to be stepped using the settimeofday() system call,
rather than slewed (default) using the adjtime() system call.
- Force the Time Sync to always be slewed
ntpdate -vB pool.ntp.org
-B: Force the time to always be slewed using the adjtime() system call,
even if the measured offset is greater than +-500 ms
Chronyc and chronyd
https://chrony.tuxfamily.org/faq.html
chrony performs well in a wide range of conditions, including intermittent network connections, heavily congested networks, changing temperatures (ordinary computer clocks are sensitive to temperature), and systems that do not run continuously, or run on a virtual machine.
chrony consists of chronyd, a daemon that runs in user space, and chronyc, a command line program which can be used to monitor the performance of chronyd and to change various operating parameters when it is running
chronyd -q 'server ntp.example.com iburst'
-q # query time
systemctl start chronyd
systemctl enable chronyd
- Verify chronyc time sources
chronyc sources
chronyc sources -v
- To check chrony tracking
chronyc tracking
- check chrony source statistics
chronyc sourcestats
- Verify ntp server name resolution NTP servers specified by their hostname (instead of an IP address) have to have their names resolved before chronyd can send any requests to them. This can be useful to verify that the names specified in the configuration are used as expected
chronyc -N sources -a
Manually adjusting the System Clock
# To step the system clock immediately, bypassing any adjustments in progress by slewing
chronyc makestep
timedatectl and hwclock
- Display the current
timedatectl
Changes to the status of chrony or ntpd will not be immediately noticed by timedatectl. If changes to the configuration or status of these tools is made, enter the following command:
systemctl restart systemd-timedated.service
systemctl restart timedated
- Change the current time
# Run command as root
timedatectl set-time HH:MM:SS
timedatectl set-time YYYY-MM-DD
timedatectl set-time "YYYY-MM-DD HH-MM-DD"
Example
timedatectl set-time "2017-06-02 23:26:00"
Note that changing the date without specifying the current time results in setting the time to 00:00:00
- Change time zone
# list all the timezones
timedatectl list-timezones
# Change the currently used time zone
timedatectl set-timezone <time_zone>
Synchronizing the System Clock with a Remote Server
timedatectl command also allows you to enable automatic synchronization of your system clock with a group of remote servers using the NTP protocol.
- Enable automatic synchronization of the system clock with a remote server
timedatectl set-ntp yes
Using the hwclock Command
hwclock is a utility for accessing the hardware clock, also referred to as the Real Time Clock (RTC). The hardware clock is independent of the operating system you use and works even when the machine is shut down. This utility is used for displaying the time from the hardware clock. hwclock also contains facilities for compensating for systematic drift in the hardware clock.
The hardware clock stores the values of: year, month, day, hour, minute, and second. It is not able to store the time standard, local time or Coordinated Universal Time (UTC), nor set the Daylight Saving Time (DST).
The hwclock utility saves its settings in the /etc/adjtime file, which is created with the first change you make, for example, when you set the time manually or synchronize the hardware clock with the system time.
# hwclock utility saves its settings in
/etc/adjtime
- Displaying the Current Date and Time
hwclock
- Setting the Date and Time
hwclock --set --date "dd mmm yyyy HH:MM"
hwclock --set --date "21 Oct 2016 21:17" --utc # in UTC
hwclock --set --date "21 Oct 2016 21:17:10" --UTC
- Synchronizing hwclock with system time https://www.ibm.com/support/pages/synchronizing-hardware-clock-system-time-when-using-ntp
When you synchronize the hardware clock and the system time, you can also specify whether you want to keep the hardware clock in local time or UTC by adding the --utc or --localtime option. Similarly to using --set, UTC or LOCAL is recorded in the /etc/adjtime file.
The hwclock --systohc --utc command is functionally similar to timedatectl set-local-rtc false and the hwclock --systohc --local command is an alternative to timedatectl set-local-rtc true
# Synchronizing the Hardware Clock with System Time
# To set the hardware clock to the current system time
hwclock --systohc
hwclock --systohc --UTC # Recommended to keep in UTC
To verify both hwclock and system time in sync
hwclock --show ; date
hwclock ; date
The /etc/sysconfig/ntpd file contains the SYNC_HW CLOCK setting which determines if the hardware clock updates every time NTP synchronizes the system time. By default, the setting is off as shown below:
SYNC_HWCLOCK=no
To have the hardware clock updated every time NTP successfully synchronizes the system time with a time server, modify the line to read as follows:
SYNC_HWCLOCK=yes
In addition, you may also want to update the clock every time the NTP daemon service is started. To do this, edit the /etc/sysconfig/ntpd file and modify the OPTIONS line.
It will look similar to the following:
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"
Add ' -x ' to the end of this parameter so that it reads as follows:
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -x"