[solved] FreePBX 15 "no server suitable for synchronization found"

volkswagner · November 8, 2020, 5:17pm

I can’t seem to get NTP sync turned on.

I’ve tried:
timedatectl set-ntp yes

But timedatectl always shows:
NTP synchronized: no

     timedatectl
          Local time: Sun 2020-11-08 12:07:16 EST
      Universal time: Sun 2020-11-08 17:07:16 UTC
            RTC time: Sun 2020-11-08 22:07:44
           Time zone: America/New_York (EST, -0500)
         NTP enabled: yes
    NTP synchronized: no
     RTC in local TZ: no
          DST active: no
     Last DST change: DST ended at
                      Sun 2020-11-01 01:59:59 EDT
                      Sun 2020-11-01 01:00:00 EST
     Next DST change: DST begins (the clock jumps one hour forward) at
                      Sun 2021-03-14 01:59:59 EST
                      Sun 2021-03-14 03:00:00 EDT

 ntpdate pool.ntp.org

 8 Nov 12:14:32 ntpdate[11866]: no server suitable for synchronization found

ntpdate 64.79.100.196
 8 Nov 12:06:24 ntpdate[11104]: no server suitable for synchronization found

I’ve tried rebooting after setting TimeZone in SystemAdmin and it’s also set in asterisk advanced settings.

Any clue on what I’m missing?
This is my first instance using FreePBX 15 and previous versions syncing with NTP required no human intervention.

[solved] Thank you @dicko @Stewart1
The issue was due to blocked services at my VPS provider. They implemented their own ntp servers to help combat the exposure of ntp amplification attacks.

Cheers!

dicko · November 8, 2020, 5:34pm

Possibly your ISP is blocking port 123.

volkswagner · November 8, 2020, 5:50pm

Thanks for the reply, but even if the ISP were blocking
that port, I should still be able to turn on synchronization (which is
not in my subject, I now realize).

I don’t think the ISP is blocking it as I get the same results from my workstation at home.

telnet 173.0.48.220 123
Trying 173.0.48.220...
telnet: connect to address 173.0.48.220: Connection refused

dicko · November 8, 2020, 5:57pm

Telnet uses TCP, ntp is mostly over UDP

nc -vz -u 173.0.48.220 123

returns for me

Warning: forward host lookup failed for 173.0.48.220.reverse.wowrack.com: Unknown host
173.0.48.220.reverse.wowrack.com [173.0.48.220] 123 (ntp) open

volkswagner · November 8, 2020, 6:12pm

Well I get different results on three machines, but here’s what I get on the PBX server, which leads me to believe the port is not blocked out bound.

[root@t]# nc -vz -u 173.0.48.220 123

Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 173.0.48.220:123.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.01 seconds.

dicko · November 8, 2020, 6:14pm

Yes, but is it blocked inbound ‘. . 0 bytes received . .’ ?

tcpdump -nn port 123

volkswagner · November 8, 2020, 6:27pm

I see, here’s the capture when running:

nc -vz -u 173.0.48.220 123

capture:

listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

13:24:39.587516 IP 162.111.111.111.54491 > 173.0.48.220.123: NTPv0, unspecified, length 1

dicko · November 8, 2020, 6:32pm

It is an interesting server to use for NTP, try a more conventional set of servers like 0.pool.ntp.org (0 can be 0-3)

volkswagner · November 8, 2020, 6:41pm

I get the same result with 0.pool.ntp.org.

I will contact my VPS provider to see if they are firewalling anything. I haven’t had
any ports blocked by the provider in the past and this machine was running FreePBX 14 without issues up until a few weeks ago.

Stewart1 · November 8, 2020, 6:41pm

Please post the capture when running
ntpdate 0.pool.ntp.org

dicko · November 8, 2020, 6:49pm

Just watch tcpdump port 123 for a few minutes or more, you should see your machine sending packets to request TIME and (not always but sometimes) packets coming in from the same servers you are using sending you TIME.

It would be interesting to see your

lsof -i:123

system · November 15, 2020, 6:49pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.