Synching OS X to a NTP Time Server
I have noticed that 3 of my Xserves running Panther Server and Tiger Server appear to have their clocks "slipping" a few minutes behind every couple weeks. This causes issues with Kerberos, etc in an Active Directory environment. I have my OS X servers set to sync externally with time.apple.com. My Windows AD Domain Controllers also (ironically) synch with time.apple.com too. All of my Mac desktops are set to synch with time.apple.com. For some reason a few of my servers time seems to be drifting. I usually have to manually go into the System Pref Time & Date Pane and manually get it to "catch up". It only affects a couple servers, the rest of my desktops and servers.
As a test, I am going to start syncing a few of my servers internally with my primary DC which is running NTP services on my LAN. I will point to it with the hard-coded IP of the DC rather than DNS. The Xserves are less than a year old.
Any ideas on this problem?
Where does OS X log its NTP problems at?
How oftem does OS X synch with an NTP server? I looked at thentpconf file and it has the default settings of "minpoll = 12 maxpoll = 17"
Steve Miller: "Time keeps on slipin' slipin' slipin'..."
As a test, I am going to start syncing a few of my servers internally with my primary DC which is running NTP services on my LAN. I will point to it with the hard-coded IP of the DC rather than DNS. The Xserves are less than a year old.
Any ideas on this problem?
Where does OS X log its NTP problems at?
How oftem does OS X synch with an NTP server? I looked at thentpconf file and it has the default settings of "minpoll = 12 maxpoll = 17"
Steve Miller: "Time keeps on slipin' slipin' slipin'..."
Comments
sudo tcpdump -i en0 dst host time.apple.com
If you are using firewire or wireless or a second network NIC, then modify the "-i" argument as needed. "en0" is usually the ethernet interface if there is only one.
Originally posted by lundy
the BSD command tcpdump can be set to the interface (-i xxx), incoming or outgoing (src = incoming, dst = outgoing), and the expression "host time.apple.com" to filter the outgoing packets to only those that match the expression.
sudo tcpdump -i en0 dst host time.apple.com
If you are using firewire or wireless or a second network NIC, then modify the "-i" argument as needed. "en0" is usually the ethernet interface if there is only one.
Wouldnt the incoming results propably just show up as a simple icmp ack or something? I'm not sure tcpdump will really "show" much info regarding ntp tracffic, packets, etc...
Wait, I did get this:
18:45:04.964176 IP server.company.com.ntp > time2.apple.com.ntp: NTPv4 client, strat 0, poll 12, prec -18
I assume the "prec -18" means I was 18 seconds off sync?
20:36:08.160239 IP 192.168.0.3.60400 > time2.apple.com.http: S 1797515330:1797515330(0) win 65535 <mss 1460,nop,wscale 0,nop,nop,timestamp 537120391 0>
So I would compare the timestamp at the beginning of the line with the time on the menubar clock. Set the menubar clock to show the seconds.
I don't know where to find documentation on the actual meaning of the info returned. All I know is it means that OS X is in fact sending out the time sync request to time.apple.com. Maybe it is a standard network time format that is on the net somewhere.
EDIT: http://tf.nist.gov/service/its.htm has some info on the protocol, and links.
I thought that specifying "src" instead of "dst" should capture the packet returned from the SNTP server, and I get
20:48:42.220762 IP time2.apple.com.ntp > 192.168.0.3.ntp: NTPv4 server, strat 2, poll 12, prec -18
to begin with, so I will have more information when it checks every hour. I think specifying the "-vv" verbose flag might help also.
e.g.
sudo tcpdump -vv -i en0 src host time.apple.com