762
ntp時間同步返回“no server suitable for synchromization found”的排查
背景:
linux係統時間不同步,手動執行
ntpdate time2.aliyun.com
報錯
no server suitable for synchromization found
登陸係統,先看看時間
1,查看係統時間
date
hwclock --show 查看硬件時間
2,查看ntp.conf
3,手動同步,看看現場(多試幾個~)
4,使用調試模式看下
ntpdate -d 10.143.33.50
返回如下:
7 Mar 09:46:51 ntpdate[24930]: ntpdate 4.2.2p1@1.1570-o Sat Dec 20 02:52:11 UTC 2014 (1)
Looking for host 10.143.33.50 and service ntp
host found : 10.143.33.50
transmit(10.143.33.50)
transmit(10.143.33.50)
transmit(10.143.33.50)
transmit(10.143.33.50)
transmit(10.143.33.50)
10.143.33.50: Server dropped: no data
server 10.143.33.50, port 123
stratum 0, precision 0, leap 00, trust 000
refid [10.143.33.50], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time: 00000000.00000000 Thu, Feb 7 2036 14:28:16.000
originate timestamp: 00000000.00000000 Thu, Feb 7 2036 14:28:16.000
transmit timestamp: dc688f8e.b4e8c8ab Tue, Mar 7 2017 9:46:54.706
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000
7 Mar 09:46:55 ntpdate[24930]: no server suitable for synchronization found
5,根據debug到的報錯,有2個原因可能導致該問題
5.1,檢查ntp的版本,如果你使用的是ntp4.2(包括4.2)之後的版本,在restrict的定義中使用了notrust的話,會導致以上錯誤。
使用以下命令檢查ntp的版本:
ntpq -c version
下麵是來自ntp官方網站的說明:
The behavior of notrust changed between versions 4.1 and 4.2.
In 4.1 (and earlier) notrust meant "Don't trust this host/subnet for time".
In 4.2 (and later) notrust means "Ignore all NTP packets that are not cryptographically authenticated." This forces remote time servers to authenticate themselves to your (client) ntpd
解決:
把notrust去掉。
5.2,檢查ecs的防火牆。可能是防火牆屏蔽了udp 123端口。(ecs的話還要注意安全組)
可以用命令停止防火牆測試
service iptables stop
本例原因是iptables規則設置有問題導致
進階版-->ipv6引起的對時超時
最後更新:2017-06-19 10:31:54