NTP Server Issues

verbal

I've been using pfSense as my local NTP server and it's been working well since I setup pfSense in February. Last week it started reporting a time 4 hours behind the actual time, yet time reported in pfSense is correct.

pfSense Dashboard showing correct time..

pfSense settings. These have been like this since I first started using it as local NTP server.

This is the time it's passing to my VMware ESXi hosts…

This is the time it's passing to my HP Procurve 1810G managed switch. One screen shows the correct time yet the date is way off. This has always been an issue that I can't figure out..

On the switch NTP setup screen the time is totally wrong. I think this more of a HP issue than pfSense

This started on the previous version before I did the latest upgrade. Anyone have any ideas why it's four hours off all of a sudden?

rakeshvijayan

I have more trouble on the NTP .i am using 2.0.2-RELEASE (i386)
SERVICES ON MY PFSENCE

MY CURRENT TIME NOW

MY NTP SHOW Unreach/Pending

I AM ALSO IN TROUBLE . ANY ONE HELP US TO USE THIS FEATURE CORRECTLY

AhnHEL

@verbal

Your Network Time Protocol status pic shows 2 IP addresses under Server and Ref Id, neither one of these is valid for 0.pfsense.pool.ntp.org.

@rakeshvijayan

Your Network Time Protocol status pic shows a Private IP address for Server. In the GUI, check under System/General Setup and enter a valid IP address for a time server thats not within your LAN. Try using 129.6.15.28 as an NTP Time Server in General Setup. That IP is to time-a.nist.gov which is a Stratum 1 server

verbal

@AhnHEL:

@verbal

Your Network Time Protocol status pic shows 2 IP addresses under Server and Ref Id, neither one of these is valid for 0.pfsense.pool.ntp.org.

This is my NTP setup and it WAS working just fine. Time just starting being behind by 4 hours last week. What can I do to fix that?

Can you post a screen of what it should look like?

AhnHEL

That IP address in your status is from an ntp server from this site http://www.mattnordhoff.com/ntp.html

Do you know how that could be? Does that site look familiar to you?

I use 3 NTP servers in case one should be down. The status page should show the servers you have setup in General Setup.

Try using 129.6.15.28 as an NTP Time Server in General Setup. That IP is to time-a.nist.gov which is a Stratum 1 server

![Screen Shot 2013-04-24 at 12.36.14 PM.png](/public/imported_attachments/1/Screen Shot 2013-04-24 at 12.36.14 PM.png)
![Screen Shot 2013-04-24 at 12.36.14 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2013-04-24 at 12.36.14 PM.png_thumb)
![Screen Shot 2013-04-24 at 12.48.53 PM.png](/public/imported_attachments/1/Screen Shot 2013-04-24 at 12.48.53 PM.png)
![Screen Shot 2013-04-24 at 12.48.53 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2013-04-24 at 12.48.53 PM.png_thumb)

verbal

@AhnHEL:

That IP address in your status is from an ntp server from this site http://www.mattnordhoff.com/ntp.html

Do you know how that could be? Does that site look familiar to you?

I use 3 NTP servers in case one should be down. The status page should show the servers you have setup in General Setup.

Try using 129.6.15.28 as an NTP Time Server in General Setup. That IP is to time-a.nist.gov which is a Stratum 1 server

That's why I'm really confused. You can see I'm using 0.pfsense.pool.ntp.org which it what it has been since I setup pfSense. And it has been working for the past couple months. Last week or two the time has been 4 hours behind. I don't understand it.

Not sure how to troubleshoot this either other than asking here.

What time servers are recommended? Last time I tried using something other than 0.pfsense.pool.ntp.org it stopped working.

I wanted to use pfSense as my central time server. I just setup ESXi hosts which are using it for time. ESXi is feeding the time to the guests which one of them is my domain controller. Should I use something else for time syncing?

AhnHEL

Only thing I can think of is that possibly you have an NTP server setup in your vSphere Client which makes your ESXi the time server and not pfSense.

rakeshvijayan

My NTP IS WORKING NOW BUT IT IS 1.45 LATE IN CURRENT TIME .HOW CAN I UDJUST IT

GENERAL SET UP PAGE

MY NTP STATUS NOW

AhnHEL

You're in India so picking a NTP server closer to you might make it more accurate.

Put the following as a NTP server instead of 129.6.15.28

0.asia.pool.ntp.org

gogol

@AhnHEL:

That IP address in your status is from an ntp server from this site http://www.mattnordhoff.com/ntp.html

Do you know how that could be? Does that site look familiar to you?

When you use a pool.ntp.org address you are getting a random IP address from the pool (www.pool.ntp.org.

@AhnHEL:

@verbal

Your Network Time Protocol status pic shows 2 IP addresses under Server and Ref Id, neither one of these is valid for 0.pfsense.pool.ntp.org.

These could be valid as they are random and change. The Ref ID is the upstream server or 1 stratum higher.

If you need more servers, then you can use also 1.pfsense.pool.ntp.org, 2.pfsense.pool.ntp.org, 3.pfsense.pool.ntp.org
Do a:

host 0.pfsense.pool.ntp.org

and you can see there are 4 addresses. Ntpd daemon will pick one at startup

verbal

@AhnHEL:

Only thing I can think of is that possibly you have an NTP server setup in your vSphere Client which makes your ESXi the time server and not pfSense.

Nope. I'm pointing the ESX / vSphere hosts to the pfSense IP to sync time.

verbal

Last night I removed the pool address from pfSense and added the IPs from earlier in the topic. I let it sync overnight and just did some tests and I'm even more confused…

pfSense is showing the correct time in the dashboard. NTP server page is showing the active peer, so I know it's syncing right. Switch and servers are pointing to it to sync time.

Procurve managed switch is the closest to the right time it's ever been, yet it's still 1 hour behind. Could be due to pfSense changes last night, could be due to the firmware update I did on it last night. If I change the timezone to none, it shows me GMT time. When I change the timezone back to Eastern time it's still 1 hour off. Didn't think I'd have to setup daylight savings time on it but most likely I do.

I'm booted into Windows 7 right now and it is NOT on my domain. I just pointed it to the pfSense NTP server to sync time and it's perfect.

My 3 ESXi hosts are still 4 hours behind. So it has to be a VMware thing. I don't understand how they can be correct for 2-3 weeks then change to 4 hours off.

This is frustrating. :-\

verbal

Does anyone know if pfSense NTP passes the local timezone or does it pass UTC time?

I found this article regarding VMware and my time issues. About to test it.

http://communities.vmware.com/message/2052507

AhnHEL

@verbal:

http://communities.vmware.com/message/2052507

Did i read that correctly that ESXi reads the BIOS time as UTP and vSphere sets the correct timezone?

biggsy

Does anyone know if pfSense NTP passes the local timezone or does it pass UTC time?

NTP only deals with UTC. Hosts are responsible for adapting it to their own timezone/

You should never use a VM to set the time on a ESXi. Either have ESXi sync the time on the VMs through VMware Tools or have ESXi and each of the VMs sync themselves to an external time source.

The HP 1810G (J9449 at least) has a pretty crappy implementation of SNTP and so does the Netgear GS108T. They poll the NTP server too frequently and eventually get a Kiss of Death. Luckily, switches don't really provide much that's worth logging anyway. If you're not logging, accurate timestamps are a bit pointless.

EDIT: You really should not use a Stratum 1 server as a reference unless you own it or it's part of pool.ntp.org