08-20-2010 02:55 AM
Hi,
Noticed something a little strange. We have 3 Ironport boxes running in same location, all taking time settings from the NTP server time.ironport.com, but all running on different times, i.e. 10:30, 10:38 and 10:46... anyone else notice this?
Solved! Go to Solution.
08-20-2010 06:53 AM
Greetings David,
There can be several reasons why this can occur. To understand the specifics of the issue I would recommend starting the the NTP logs on each of these appliances.
The most common NTP issue is when the IronPort Appliance cannot communicate with the NTP servers that were defined. When this happens, you will see timeouts in the NTP logs: Tue May 11 13:48:03 2010 Warning: timeout while waiting for ntp response IP 10.1.123.10 Please check to see if your NTP servers are accepting NTP requests. Also check that your Network allows UDP port 123 between the IronPort Appliances and your NTP servers or the Internet Time servers you have configured. |
Cannot resolve Time Server name: |
If your IronPort Appliance cannot resolve a DNS name for a time server, you will get a log entry like this: Mon May 17 22:44:51 2010 Warning: DNS Failure looking up "tick.example": ('tick.example', 'A', (3, 'NXDomain')) Make sure your fully qualified domain name is correct, and make sure the IronPort Appliance can resolve that name by using the NSLOOKUP command. |
Dueling NTP servers: |
If you have more than one NTP server defined, and they are serving different times (that is, the NTP servers themselves are not in synch), you will see the IronPort logs switching the time back and forth: Wed Mar 17 10:24:23 2010 Info: sntp query host 10.192.25.61 delay 236 offset -502564820 |
Time step too large: |
If the time on the system is off by six months or more, you will get this message in the logs: Wed Nov 11 21:26:04 2009 Info: sntp query host 10.92.151.132 delay 510 offset 16158559567723 vmw033-esa07.run> settime |
Coming into synch: |
Successful NTP queries will also be logged. Note: the longer the NTP process has been running, the less frequent time checks are. Do not be concerned that there are time adjustments each for each update. This is typical of NTP: Tue May 18 09:25:40 2010 Info: sntp query host 10.92.151.132 delay 526 offset -42979543404 |
For more information about NTP, see the AsyncOS Configuration Guide on the IronPort Support Portal.
Christopher C Smith
CSE
Cisco IronPort Customer Support
08-20-2010 06:53 AM
Greetings David,
There can be several reasons why this can occur. To understand the specifics of the issue I would recommend starting the the NTP logs on each of these appliances.
The most common NTP issue is when the IronPort Appliance cannot communicate with the NTP servers that were defined. When this happens, you will see timeouts in the NTP logs: Tue May 11 13:48:03 2010 Warning: timeout while waiting for ntp response IP 10.1.123.10 Please check to see if your NTP servers are accepting NTP requests. Also check that your Network allows UDP port 123 between the IronPort Appliances and your NTP servers or the Internet Time servers you have configured. |
Cannot resolve Time Server name: |
If your IronPort Appliance cannot resolve a DNS name for a time server, you will get a log entry like this: Mon May 17 22:44:51 2010 Warning: DNS Failure looking up "tick.example": ('tick.example', 'A', (3, 'NXDomain')) Make sure your fully qualified domain name is correct, and make sure the IronPort Appliance can resolve that name by using the NSLOOKUP command. |
Dueling NTP servers: |
If you have more than one NTP server defined, and they are serving different times (that is, the NTP servers themselves are not in synch), you will see the IronPort logs switching the time back and forth: Wed Mar 17 10:24:23 2010 Info: sntp query host 10.192.25.61 delay 236 offset -502564820 |
Time step too large: |
If the time on the system is off by six months or more, you will get this message in the logs: Wed Nov 11 21:26:04 2009 Info: sntp query host 10.92.151.132 delay 510 offset 16158559567723 vmw033-esa07.run> settime |
Coming into synch: |
Successful NTP queries will also be logged. Note: the longer the NTP process has been running, the less frequent time checks are. Do not be concerned that there are time adjustments each for each update. This is typical of NTP: Tue May 18 09:25:40 2010 Info: sntp query host 10.92.151.132 delay 526 offset -42979543404 |
For more information about NTP, see the AsyncOS Configuration Guide on the IronPort Support Portal.
Christopher C Smith
CSE
Cisco IronPort Customer Support
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide