Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎09-28-2018 01:00 AM

Article Id 194640

Technical Note: Adjusting NTP for drift

Description
The time is either ahead or behind of the time on the NTP server.  Additionally, the system and hardware clocks may be out of sync.

Example:
> date
Wed Jan  8 10:42:30 EST 2020

> hwclock -r
Wed 08 Jan 2020 10:46:21 AM EST  -1.045436 seconds

Solution
1.  Confirm NTP settings in the Administrative UI are configured correctly.
Navigate to System > Settings > NTP and Time Zone

2. Confirm the NTP server is accessible. Login to the appliance CLI and type:
nmap -sU -p 123 <IP Address or name of NTP Server defined in NTP and Time Zone settings>

Example:
> nmap -sU -p 123 pool.ntp.org

Starting Nmap 7.40 ( https://nmap.org ) at 2020-01-08 10:40 EST
Nmap scan report for pool.ntp.org (64.79.100.197)
Host is up (0.0041s latency).
Other addresses for pool.ntp.org (not scanned): 108.61.73.243 192.110.255.55 63.211.239.58
rDNS record for 64.79.100.197: ntpool1.603.newcontinuum.net
PORT    STATE SERVICE
123/udp open  ntp

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds


3.  Force NTP update.  Type the following:
service ntpd stop
ntpdate <IP Address or name of NTP Server defined in NTP and Time Zone settings>
service ntpd start

Example:
> service ntpd stop
Redirecting to /bin/systemctl stop ntpd.service

> ntpdate pool.ntp.org
 8 Jan 10:46:55 ntpdate[30557]: step time server 45.56.74.200 offset 223.128441 sec

> service ntpd start
Redirecting to /bin/systemctl start ntpd.service


4. Confirm date with date command and hwclock command.  Type:
date
hwclock -r

Date (system time) should match hwclock.  Example:

> date
Wed Jan  8 10:47:21 EST 2020

> hwclock -r
Wed 08 Jan 2020 10:47:32 AM EST  -1.041228 seconds



5.  Write current date to hwclock. Type:
hwclock -w


6. To ensure all files and processes are using the correct time, restart processes.  Type:
shutdownCampusMgr

Wait 30 seconds, then type:
startupCampusMgr



If time continues to drift and appliance is on VMware

Verify the Time Configuration is correct.  Refer to VMware Virtual Machine Installation Guide in the Fortinet Document Library.  See section "Configure Time Settings For Host".



If time continues to drift and appliance is on Hyper-V VM

1. Create a snapshot of the VM before the changes

2. Edit /boot/grub/menu.lst. On any line that mentions "vmlinuz", append the following without quotes "notsc divider=10".

3. Edit /etc/ntp.conf  

Add "tinker panic 0" to the top of the file.

Also, in /etc/ntp.conf, comment out the lines that look like this:
server 127.127.1.0
fudge 127.127.1.0 stratum 10

They should look like this afterwards:
# server 127.127.1.0
# fudge 127.127.1.0 stratum 10

4. reboot.





Labels:
2166
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.