[AusNOG] ntp server issues today... strange one... clutching at straws but just in case

Roy Adams roy at racs.com.au
Thu Jan 31 19:16:41 EST 2019 

Unfortunately not.. I don't have logging of that level on this site -
client is too small.

I think my best bet is to wait for weekend and go back to the 0. ntp server
and wait for a bad time update.
w32tm status will then give me the bad server...

No more flapping of DC time since 3.40pm BNE time today when I moved to the
3. server
In my mind, this pretty much proves the issue is with one of the 0. servers





Kindly,

ROY ADAMS* | *P 07 3040 5010  | Web: http://www.racs.com.au/ | Wiki:
https://ex.racs.com.au:444/ | eMail: mailto:roy at racs.com.au
<roy at racs.com.au>
Please never upgrade to the latest Windows 10 - You don’t need the hassle,
and I don’t need the work.
If you think it's expensive to hire a professional to do the job, wait
until you hire an amateur - Red Adair.
Life is a journey through a series of adventures.. Live them, love them,
hate them, but never give up on your dreams, desires, and goals.



On Thu, 31 Jan 2019 at 17:57, Jasper Relph <jasper at jasperrelph.me> wrote:

> As has probably already been said via PM to you. pool.ntp.org uses
> "random" servers.
>
> I note that you say the error logs do not show the server that sent the
> bad time. Are you able to pull this from firewall logs perhaps?
>
> Kind Regards,
>
> Jasper Relph
>
> On Jan 31, 2019 17:32, Roy Adams <roy at racs.com.au> wrote:
>
> Thanks for the PM's offering ideas
> I am tempted to set it back to 0. to debug the offending ntp pool IP, but
> it was breaking all the backups among other things due to AD sync being
> more than 5 mins out.
>
> I always use the below config for domain controllers:
> sc config W32Time start= auto & net start W32Time
> w32tm /config /manualpeerlist:"0.au.pool.ntp.org 2.au.pool.ntp.org
> 3.au.pool.ntp.org" /syncfromflags:manual /reliable:yes /update & w32tm
> /resync /nowait
>
> One of the replies noted that linux sanity checks by getting ntp time from
> 4 servers - I wish MS were that smart.
> Clearly MS are not using all the configured servers, I suspect they are
> purely for failover like a DNS client.
>
> I have just changed this site to:
> w32tm /config /manualpeerlist:"3.au.pool.ntp.org" /syncfromflags:manual
> /reliable:yes /update & w32tm /resync /nowait
> So far so good.. still stable
>
> All Domain members of course sync to the DC
> I am not seeing this on any other sites.. all sites are cookie cutter for
> me
>
>
> event logs confirm ONLY the change... not the server IP :(
>
> The system time has changed to ‎2019‎-‎01‎-‎31T01:47:11.254922100Z from
> ‎2019‎-‎01‎-‎31T02:18:29.514800000Z.
>
> The system time has changed to ‎2019‎-‎01‎-‎31T01:47:11.254000000Z from
> ‎2019‎-‎01‎-‎31T01:47:11.254922100Z.
>
> The system time has changed to ‎2019‎-‎01‎-‎31T03:43:51.747000000Z from
> ‎2019‎-‎01‎-‎31T03:12:32.312621000Z.
>
> The system time has changed to ‎2019‎-‎01‎-‎31T03:36:17.703840400Z from
> ‎2019‎-‎01‎-‎31T04:07:36.105000000Z.
>
> The system time has changed to ‎2019‎-‎01‎-‎31T03:36:17.703000000Z from
> ‎2019‎-‎01‎-‎31T03:36:17.703840400Z.
>
> The system time has changed to ‎2019‎-‎01‎-‎31T05:41:23.075000000Z from
> ‎2019‎-‎01‎-‎31T05:10:04.617935900Z.
>
> The system time has changed to ‎2019‎-‎01‎-‎31T06:01:12.107000000Z from
> ‎2019‎-‎01‎-‎31T06:01:12.107000000Z.
>
> The system time has changed to ‎2019‎-‎01‎-‎31T05:30:09.707385800Z from
> ‎2019‎-‎01‎-‎31T06:01:28.112628100Z.
>
> The system time has changed to ‎2019‎-‎01‎-‎31T05:30:09.707000000Z from
> ‎2019‎-‎01‎-‎31T05:30:09.707385800Z.
>
> The system time has changed to ‎2019‎-‎01‎-‎31T05:39:51.770000000Z from
> ‎2019‎-‎01‎-‎31T05:39:51.770276000Z.
>
>
>
>
>
>
> Kindly,
>
> ROY ADAMS* | *P 07 3040 5010  | Web: http://www.racs.com.au/ | Wiki:
> https://ex.racs.com.au:444/ | eMail: mailto:roy at racs.com.au
> <roy at racs.com.au>
> Please never upgrade to the latest Windows 10 - You don’t need the hassle,
> and I don’t need the work.
> If you think it's expensive to hire a professional to do the job, wait
> until you hire an amateur - Red Adair.
> Life is a journey through a series of adventures.. Live them, love them,
> hate them, but never give up on your dreams, desires, and goals.
>
>
>
> On Thu, 31 Jan 2019 at 16:13, Nick Stallman <nick at agentpoint.com> wrote:
>
> Do you know which server specifically? The ntp pools hand out random NTP
> server IPs, it's not a fixed server.
>
> I'm not a Windows server admin, but this would likely be why Linux
> connects to ~4 NTP servers so it can disregard dodgy servers.
> On 31/1/19 5:09 pm, Roy Adams wrote:
>
> Hi All, I have a domain controller *seemingly* receiving bad time info
> today from 0.au.pool.ntp.org
> Issuing this confirmed the time was flapping forward 30 mins, then 30 mins
> later back to normal:
> w32tm /query /status
> It confirmed the above ntp server as the server that supplied the bad
> (then good, then bad, then good etc) time
> I have now changed the DC to pull instead from 3.au.pool.ntp.org.
> 1 hour has passed and so far so good.
>
> Cannot say I have ever seen anything like this...
> It's only occurring on one site on a windows2008r2sp1 domain controller.
> The DC in turn relays this updated time to all domain members of course.
> Anyone else had time issues on any sites today in Aus?
>
>
> Kindly,
>
> ROY ADAMS* | *P 07 3040 5010  | Web: http://www.racs.com.au/ | Wiki:
> https://ex.racs.com.au:444/ | eMail: mailto:roy at racs.com.au
> <roy at racs.com.au>
> Please never upgrade to the latest Windows 10 - You don’t need the hassle,
> and I don’t need the work.
> If you think it's expensive to hire a professional to do the job, wait
> until you hire an amateur - Red Adair.
> Life is a journey through a series of adventures.. Live them, love them,
> hate them, but never give up on your dreams, desires, and goals.
>
>
> _______________________________________________
> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
> --
> Nick Stallman
> Technical Director
> [image: Email] nick at agentpoint.com
> [image: Phone] 02 8039 6820 <0280396820>
> [image: Website] www.agentpoint.com.au
> [image: Agentpoint] <https://www.agentpoint.com.au/>
> [image: Netpoint] <https://netpoint.group/>
> Level 3, 100 Harris Street, Pyrmont NSW 2009 [image: Facebook]
> <https://www.facebook.com/agentpoint/> [image: Twitter]
> <https://twitter.com/agentpoint> [image: Instagram]
> <https://www.instagram.com/Agentpoint/> [image: Linkedin]
> <https://www.linkedin.com/company/agentpoint-pty-ltd>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190131/c708eaa2/attachment-0001.html>

More information about the AusNOG mailing list