# ntp-client: Failed to set clock (no server suitable...)

## saffsd

Hello all.

This seems to be a newbie problem but it's got me stumped so far:

```

 # /etc/init.d/ntp-client start

 * Caching service dependencies ...                                       [ ok ] 

 * Setting clock via the NTP client 'ntpdate' ...

25 Jul 04:18:11 ntpdate[12953]: no server suitable for synchronization found

 * Failed to set clock

```

Contents of /etc/conf.d/ntp-client:

```

# /etc/conf.d/ntp-client

# Command to run to set the clock initially

# Most people should just leave this line alone ...

# however, if you know what you're doing, and you

# want to use ntpd to set the clock, change this to 'ntpd'

NTPCLIENT_CMD="ntpdate"

# Options to pass to the above command

# This default setting should work fine but you should

# change the default 'pool.ntp.org' to something closer

# to your machine.  See http://www.pool.ntp.org/ or

# try running `netselect -s 3 pool.ntp.org`.

NTPCLIENT_OPTS=" -b -u oceania.pool.ntp.org"

# How long to wait (in seconds) before giving up.

# Useful for when you boot and DNS/internet isn't

# really available but you have your net interface

# come up with say a static IP.

NTPCLIENT_TIMEOUT=30

```

and /etc/ntp.conf

```

# NOTES:

#  - you should only have to update the server line below

#  - if you start getting lines like 'restrict' and 'fudge'

#    and you didnt add them, AND you run dhcpcd on your

#    network interfaces, be sure to add '-Y -N' to the

#    dhcpcd_ethX variables in /etc/conf.d/net

# Name of the servers ntpd should sync with

# Please respect the access policy as stated by the responsible person.

#server         ntp.example.tld         iburst

server 0.oceania.pool.ntp.org

##

# A list of available servers can be found here:

# http://www.pool.ntp.org/

# http://www.pool.ntp.org/#use

# A good way to get servers for your machine is:

# netselect -s 3 pool.ntp.org

##

# you should not need to modify the following paths

driftfile       /var/lib/ntp/ntp.drift

#server ntplocal.example.com prefer

#server timeserver.example.org

# Warning: Using default NTP settings will leave your NTP

# server accessible to all hosts on the Internet.

# If you want to deny all machines (including your own)

# from accessing the NTP server, uncomment:

#restrict default ignore

# To deny other machines from changing the

# configuration but allow localhost:

restrict default nomodify nopeer

restrict 127.0.0.1

# To allow machines within your network to synchronize

# their clocks with your server, but ensure they are

# not allowed to configure the server or used as peers

# to synchronize against, uncomment this line.

#

#restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap

server 1.oceania.pool.ntp.org

server 2.oceania.pool.ntp.org

server time.esec.com.au

server ntp.adelaide.edu.au

```

I got [0,1,2].oceania.pool.ntp.org from www.pool.ntp.org. 

Any ideas why this might not work? Or where to look for more detailed error output? Or, best of all, how to fix it?  :Smile:  Thanks!

----------

## bunder

does ntpdate work when you run it by hand?

----------

## PaulBredbury

The wiki contains debugging info, and the exact steps to follow. Pay attention to the "restrict" lines  :Wink: 

----------

## saffsd

Aha. thank you. fixed /etc/ntp.conf for reference:

```

# NOTES:

#  - you should only have to update the server line below

#  - if you start getting lines like 'restrict' and 'fudge'

#    and you didnt add them, AND you run dhcpcd on your

#    network interfaces, be sure to add '-Y -N' to the

#    dhcpcd_ethX variables in /etc/conf.d/net

# Name of the servers ntpd should sync with

# Please respect the access policy as stated by the responsible person.

#server         ntp.example.tld         iburst

server au.pool.ntp.org

##

# A list of available servers can be found here:

# http://www.pool.ntp.org/

# http://www.pool.ntp.org/#use

# A good way to get servers for your machine is:

# netselect -s 3 pool.ntp.org

##

# you should not need to modify the following paths

driftfile       /var/lib/ntp/ntp.drift

#server ntplocal.example.com prefer

#server timeserver.example.org

# Warning: Using default NTP settings will leave your NTP

# server accessible to all hosts on the Internet.

# If you want to deny all machines (including your own)

# from accessing the NTP server, uncomment:

#restrict default ignore

# To deny other machines from changing the

# configuration but allow localhost:

restrict default ignore

restrict au.pool.ntp.org nomodify notrap nopeer noquery

```

----------

## truekaiser

i am having the same problem here but the soultion you posted doesn't work.

----------

## evoweiss

Hi all,

Sadly, I'm having the same damn problem with ntp-client, though, weirdly, it has worked in the past and I can't think of too much that I did that may have changed this happy state of affairs. I tried to run it with my router's firewall turned off and it worked. However, I don't see why that would be a problem as I specifically have set up my firewall to allow access to the right port.

My /etc/conf.d/ntp-client file is:

```
# Allow ntp to automatically correct predictable clock drift

driftfile /var/lib/ntp/ntp.drift

# logfile defaults to /var/log/messages

logfile /var/log/ntp.log

# Un-comment the next line, to act as a time server to the local network

restrict 0.uk.pool.ntp.org nomodify notrap nopeer noquery

restrict 1.uk.pool.ntp.org nomodify notrap nopeer noquery

server 0.uk.pool.ntp.org

server 1.uk.pool.ntp.org
```

and /etc/conf.d/ntp-client is:

```

# /etc/conf.d/ntp-client

# Command to run to set the clock initially

# Most people should just leave this line alone ...

# however, if you know what you're doing, and you

# want to use ntpd to set the clock, change this to 'ntpd'

NTPCLIENT_CMD="ntpdate"

# Options to pass to the above command

# This default setting should work fine but you should

# change the default 'pool.ntp.org' to something closer

# to your machine.  See http://www.pool.ntp.org/ or

# try running `netselect -s 3 pool.ntp.org`.

NTPCLIENT_OPTS="-b -u 0.uk.pool.ntp.org 1.uk.pool.ntp.org"

# How long to wait (in seconds) before giving up.

# Useful for when you boot and DNS/internet isn't

# really available but you have your net interface

# come up with say a static IP.

NTPCLIENT_TIMEOUT=30

```

Also, in case there's any doubt that my router is set up properly, here's what it is showing:

```

Allow   ntp   WAN,*   LAN,XXX.XXX.XXX.XXX   TCP,1023

```

Also, under virtual server it shows:

```
XXX.XXX.XXX.XXX   TCP 123 / 123   always

```

I use this same stuff to open up ssh, etc. without problems.

Alex

----------

## TinheadNed

I've been banging my head against a similar problem.  It turns out that ntp-4.2.4 at the very least is not backwards compatible.  I've had all my machines complaining, and a swift upgrade of the slaves is sorting the problem out.

----------

## herda0505

I've been working through ntp problems since I've installed it, but I've seemed to resolve them. I think it was something bad in the config. I followed the wiki page. I verified that UDP port 123 was open in my firewall, and went through to make sure that my config file was clear except for what was needed.

```
# NOTES:

#  - you should only have to update the server line below

#  - if you start getting lines like 'restrict' and 'fudge'

#    and you didnt add them, AND you run dhcpcd on your

#    network interfaces, be sure to add '-Y -N' to the

#    dhcpcd_ethX variables in /etc/conf.d/net

# Name of the servers ntpd should sync with

# Please respect the access policy as stated by the responsible person.

#server         ntp.example.tld         iburst

server 0.us.pool.ntp.org

server 1.us.pool.ntp.org

server 2.us.pool.ntp.org

##

# A list of available servers can be found here:

# http://www.pool.ntp.org/

# http://www.pool.ntp.org/#use

# A good way to get servers for your machine is:

# netselect -s 3 pool.ntp.org

##

# you should not need to modify the following paths

driftfile       /var/lib/ntp/ntp.drift

#server ntplocal.example.com prefer

#server timeserver.example.org

# Warning: Using default NTP settings will leave your NTP

# server accessible to all hosts on the Internet.

# If you want to deny all machines (including your own)

# from accessing the NTP server, uncomment:

#restrict default ignore

# To deny other machines from changing the

# configuration but allow localhost:

restrict default nomodify nopeer

restrict 127.0.0.1

# To allow machines within your network to synchronize

# their clocks with your server, but ensure they are

# not allowed to configure the server or used as peers

# to synchronize against, uncomment this line.

#

#restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap
```

Then I started ntp-client:

```
torwin linux # /etc/init.d/ntp-client start

* Setting clock via the NTP client 'ntpdate' ...                                                                                                                   [ ok ]
```

Then verified the date and started ntpd:

```
torwin linux # date

Sun Jan 28 12:51:43 PST 2007

torwin linux # /etc/init.d/ntpd start

 * Starting ntpd ...                                                                                                                                                [ ok ]
```

To verify I then ran ntpq:

```
torwin linux # ntpq -pn

     remote           refid      st t when poll reach   delay   offset  jitter

==============================================================================

 192.52.107.241  47.23.55.84      3 u    4   64    1  273.220  -111.12   0.001

 64.81.87.189    17.254.0.28      3 u    3   64    1   62.246    6.787   0.001

```

If the jitter is 4000 then it is not connecting to the time server. You can run ntpq -p directly against a server to see if you get an accurate result:

```
torwin linux # ntpq -p 2.us.pool.ntp.org

     remote           refid      st t when poll reach   delay   offset   jitter

==============================================================================

*time2.apple.com 17.254.0.49      2 u  706 1024  377   25.383   -1.002   0.348

```

I'm not an expert, but from what I can figure out, if you're getting a response back from ntpq -p but you still get a jitter of 4000 using the same pool of servers, then check your config. If you get no result from the ntpq -p then I would check my firewall or network configuration. You can use tcpdump to check if there is communication across port 123 on your firewall. You should see the connection every 64 seconds:

```
[root@osiligarth ~]# tcpdump udp port 123

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

12:34:21.676388 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > mail.pengdows.com.ntp: NTPv4, Client, length 48

12:34:21.785863 IP mail.pengdows.com.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48

12:34:22.677189 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > crush.brunom.net.ntp: NTPv4, Client, length 48

12:34:22.841309 IP crush.brunom.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48

12:34:23.678051 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > 110.Red-80-33-107.staticIP.rima-tde.net.ntp: NTPv4, Client, length 48

12:34:23.913512 IP 110.Red-80-33-107.staticIP.rima-tde.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48

12:35:25.730574 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > mail.pengdows.com.ntp: NTPv4, Client, length 48

12:35:25.730780 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > crush.brunom.net.ntp: NTPv4, Client, length 48

12:35:25.835370 IP mail.pengdows.com.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48

12:35:25.896840 IP crush.brunom.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48

12:35:29.734040 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > 110.Red-80-33-107.staticIP.rima-tde.net.ntp: NTPv4, Client, length 48

12:35:29.990572 IP 110.Red-80-33-107.staticIP.rima-tde.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48

12:36:28.784038 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > mail.pengdows.com.ntp: NTPv4, Client, length 48

12:36:28.784286 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > crush.brunom.net.ntp: NTPv4, Client, length 48

12:36:28.885014 IP mail.pengdows.com.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48

12:36:28.950428 IP crush.brunom.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48

12:36:32.787402 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > 110.Red-80-33-107.staticIP.rima-tde.net.ntp: NTPv4, Client, length 48

12:36:33.022744 IP 110.Red-80-33-107.staticIP.rima-tde.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48

```

After you get the jitter to a value that's reasonable (i.e. below 4000, I've usually seen some two digit number followed by decimals, like 70.042) you can check syslog to make sure ntpd is working: 

```
torwin linux # cat /var/log/everything/current | grep ntpd

Jan 28 12:51:47 [ntpdate] step time server 64.81.199.165 offset 0.041971 sec

Jan 28 12:52:00 [ntpd] ntpd 4.2.2p3@1.1577-o Sun Jan 28 19:40:54 UTC 2007 (1)

Jan 28 12:52:00 [ntpd] precision = 1.000 usec

Jan 28 12:52:00 [ntpd] Listening on interface wildcard, 0.0.0.0#123 Disabled

Jan 28 12:52:00 [ntpd] Listening on interface lo, 127.0.0.1#123 Enabled

Jan 28 12:52:00 [ntpd] Listening on interface eth0, 192.168.2.20#123 Enabled

Jan 28 12:52:00 [ntpd] kernel time sync status 0040

Jan 28 12:56:21 [ntpd] synchronized to 64.81.87.189, stratum 3

Jan 28 13:15:45 [ntpd] kernel time sync enabled 0001

```

I was then able to copy this same config and use it on my ClarkConnect box which is acting as my gateway/firewall, and after a restart ntpd took the config and synced up without a problem.

Dan H.

----------

