[solved] FreePBX 15 "no server suitable for synchronization found"


(Volkswagner) #1

I can’t seem to get NTP sync turned on.

I’ve tried:
timedatectl set-ntp yes

But timedatectl always shows:
NTP synchronized: no

     timedatectl
          Local time: Sun 2020-11-08 12:07:16 EST
      Universal time: Sun 2020-11-08 17:07:16 UTC
            RTC time: Sun 2020-11-08 22:07:44
           Time zone: America/New_York (EST, -0500)
         NTP enabled: yes
    NTP synchronized: no
     RTC in local TZ: no
          DST active: no
     Last DST change: DST ended at
                      Sun 2020-11-01 01:59:59 EDT
                      Sun 2020-11-01 01:00:00 EST
     Next DST change: DST begins (the clock jumps one hour forward) at
                      Sun 2021-03-14 01:59:59 EST
                      Sun 2021-03-14 03:00:00 EDT

 ntpdate pool.ntp.org

 8 Nov 12:14:32 ntpdate[11866]: no server suitable for synchronization found

ntpdate 64.79.100.196
 8 Nov 12:06:24 ntpdate[11104]: no server suitable for synchronization found

I’ve tried rebooting after setting TimeZone in SystemAdmin and it’s also set in asterisk advanced settings.

Any clue on what I’m missing?
This is my first instance using FreePBX 15 and previous versions syncing with NTP required no human intervention.

[solved] Thank you @dicko @Stewart1
The issue was due to blocked services at my VPS provider. They implemented their own ntp servers to help combat the exposure of ntp amplification attacks.

Cheers!


#2

Possibly your ISP is blocking port 123.


(Volkswagner) #3

Thanks for the reply, but even if the ISP were blocking
that port, I should still be able to turn on synchronization (which is
not in my subject, I now realize).

I don’t think the ISP is blocking it as I get the same results from my workstation at home.

telnet 173.0.48.220 123
Trying 173.0.48.220...
telnet: connect to address 173.0.48.220: Connection refused

#4

Telnet uses TCP, ntp is mostly over UDP

nc -vz -u 173.0.48.220 123

returns for me

Warning: forward host lookup failed for 173.0.48.220.reverse.wowrack.com: Unknown host
173.0.48.220.reverse.wowrack.com [173.0.48.220] 123 (ntp) open

(Volkswagner) #5

Well I get different results on three machines, but here’s what I get on the PBX server, which leads me to believe the port is not blocked out bound.

[root@t]# nc -vz -u 173.0.48.220 123

Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 173.0.48.220:123.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.01 seconds.

#6

Yes, but is it blocked inbound ‘. . 0 bytes received . .’ ?

tcpdump -nn port 123


(Volkswagner) #7

I see, here’s the capture when running:

nc -vz -u 173.0.48.220 123

capture:

listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

13:24:39.587516 IP 162.111.111.111.54491 > 173.0.48.220.123: NTPv0, unspecified, length 1

#8

It is an interesting server to use for NTP, try a more conventional set of servers like 0.pool.ntp.org (0 can be 0-3)


(Volkswagner) #9

I get the same result with 0.pool.ntp.org.

I will contact my VPS provider to see if they are firewalling anything. I haven’t had
any ports blocked by the provider in the past and this machine was running FreePBX 14 without issues up until a few weeks ago.


#10

Please post the capture when running
ntpdate 0.pool.ntp.org


#11

Just watch tcpdump port 123 for a few minutes or more, you should see your machine sending packets to request TIME and (not always but sometimes) packets coming in from the same servers you are using sending you TIME.

It would be interesting to see your

lsof -i:123


(system) closed #12

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.